[OPGELOST] kan geen updates vinden

[urbain1]

Na het lezen van een onderwerp over windows updates ben ik gaan kijken hoe het zit met mijn updates en daarvoor ging ik via start naar updates voor de pc kijken. Helaas kan ik geen updates binnenhalen want er schijnt een fout te zijn ,via de foto kan ik het je laten zien.weet niet hoe dit te doen ; ik klikte op het icoontje afbeeldingen maar toen dit openging moest ik een url ingeven en ik weet dus niet hoe ik dit kan doen;normaal kom ik toch direkt in de map mijn afbeeldingen tercht !!!!!!!maar goed ik zal de melding dan maar intypen;

het is dezelfde foutmelding als die van defender zie ik.

Ook kan ik van windows defender geen updates doen want daar is ook een foutmelding aanwezig die ik al op verschillende manieren (tips via google opgezocht) heb proberen op te lossen maar hij doet het nog altijd niet.

De foutmelding(code) is ...... 0x80244019.

wie weet raad ?

[kweezie wabbit]

Even googelen op de foutcode leverde dit op.

I went into the browser's TOOLS>Internet Options and

under CONNECTIONS and LAN SETTINGS I checked the 'Automatically detect

settings' box

Then I was able to receive updates.

Even vertalen.

Internet explorer openen en ga dan naar extra en internet opties.

Dan ga je naar de tab verbindingen en klik onderaan op Lan instellingen.

In het kader die dan open gaat vink je het bovenste vakje aan Instellingen automatisch detecteren.

Alle kaders en vensters sluiten door OK te klikken.

Probeer dan nogmaals de updates te doen.

Als het niet lukt, kan je Internet explorer sluiten en weer openen en nog eens proberen.

Laat maar weten of het gelukt is.

[urbain1]

Helaas het heeft niet mogen zijn , het onderwerp was al aangevinkt en na het herhaalde malen uit en aangevinkt te hebben heeft het tot zover nog geen verandering opgeleverd.

ik kan dus nog altijd geen updates ophalen.

[urbain1]

Wat nu ?????

[urbain1]

Is er niemand die mij verder kan helpen ?

Ik heb een vermoeden dat ik heel wat achterstand heb met de updates van windows defender

[kweezie wabbit]

Probeer eens het volgende.

Ga naar start uitvoeren , typ cmd en klik ok

In het venster dat dan opent typ je proxycfg -d en druk enter.

Venster sluiten en proberen je updates binnen te halen.

Als het niet lukt; pc herstarten en nogmaals proberen.

[urbain1]

bedank voor je snelle hulp ,maar de formule slaat niet aan , de woorden worden niet herkend , dus kan ik niet verder.

Heb je soms nog andere voorstellen ?

[kape]

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[urbain1]

hier dan het logje van combofix

ComboFix 08-12-18.03 - Gebruiker 2008-12-19 17:44:15.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1222 [GMT 1:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Gebruiker\AppData\Roaming\.#

c:\users\Gebruiker\AppData\Roaming\inst.exe

c:\windows\system32\hpowiav1.dll

c:\windows\twain_16.dll

D:\resycled

d:\resycled\boot.com

I:\Autorun.inf

I:\resycled

i:\resycled\boot.com

K:\Autorun.inf

K:\resycled

k:\resycled\boot.com

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://updatestar.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Windows Tribute Service

(((((((((((((((((((( Bestanden Gemaakt van 2008-11-19 to 2008-12-19 ))))))))))))))))))))))))))))))

.

2008-12-19 17:42 . 2008-12-19 17:43 <DIR> d-------- C:\32788R22FWJFW.0.tmp

2008-12-19 12:30 . 2008-12-19 12:30 <DIR> d-------- c:\users\Gebruiker\AppData\Roaming\Comodo

2008-12-19 12:29 . 2008-12-19 12:29 <DIR> d-------- c:\users\All Users\Comodo

2008-12-19 12:29 . 2008-12-19 12:29 <DIR> d-------- c:\programdata\Comodo

2008-12-19 12:26 . 2008-12-19 12:51 <DIR> d-------- c:\program files\Comodo

2008-12-18 10:59 . 2008-12-18 10:59 <DIR> d-------- c:\windows\LastGood

2008-12-07 22:40 . 2008-12-07 22:41 <DIR> d-------- c:\program files\Picasa2

2008-12-07 17:45 . 2008-12-07 17:45 <DIR> d-------- c:\program files\Prevent Restore

2008-12-07 17:45 . 2008-04-14 03:12 1,384,479 --a------ c:\windows\System32\temp.003

2008-12-07 17:45 . 2008-04-14 03:12 343,040 --a------ c:\windows\System32\temp.000

2008-12-07 17:45 . 2008-05-09 13:53 172,032 --a------ c:\windows\System32\temp.002

2008-12-07 17:45 . 2008-04-13 18:42 16,896 --a------ c:\windows\System32\temp.001

2008-12-06 21:28 . 2008-12-06 21:28 <DIR> d-------- c:\users\Gebruiker\DOWNLOADS 1

2008-12-06 20:14 . 2008-12-06 20:14 <DIR> d-------- c:\windows\LastGood.Tmp

2008-11-24 22:29 . 2008-11-24 22:29 <DIR> d-------- c:\program files\Weight Watchers FlexiPoints

2008-11-24 22:22 . 2008-11-24 22:29 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\users\Gebruiker\Zero G Registry

2008-11-23 12:39 . 2008-11-23 19:11 <DIR> d-------- c:\users\All Users\NOS

2008-11-23 12:39 . 2008-11-23 19:11 <DIR> d-------- c:\programdata\NOS

2008-11-23 12:39 . 2008-11-23 19:11 <DIR> d-------- c:\program files\NOS

2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\System32\qt-dx331.dll

2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\System32\DivXsm.exe

2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\System32\divxsm.tlb

2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\System32\libdivx.dll

2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\System32\ssldivx.dll

2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\System32\DivXCodecVersionChecker.exe

2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\System32\DivXWMPExtType.dll

2008-11-21 20:15 . 2008-11-21 20:15 <DIR> d-------- c:\program files\CCleaner

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-19 16:29 --------- d-----w c:\programdata\Spybot - Search & Destroy

2008-12-17 14:07 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Vso

2008-12-07 21:49 --------- d-----w c:\program files\DivX

2008-12-03 17:13 --------- d-----w c:\program files\Common Files\Adobe

2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2008-11-26 17:13 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Image Zone Express

2008-11-21 23:35 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-18 22:42 --------- d-----w c:\users\Gebruiker\AppData\Roaming\AudioMoves

2008-11-16 19:23 --------- d-----w c:\users\Gebruiker\AppData\Roaming\TypingMaster7

2008-11-16 19:22 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Ten Thumbs Typing Tutor

2008-11-13 20:57 --------- d-----w c:\program files\Everything

2008-11-12 23:25 --------- d-----w c:\programdata\HPSSUPPLY

2008-11-12 23:24 --------- d-----w c:\users\Gebruiker\AppData\Roaming\HP

2008-11-12 20:08 --------- d-----w c:\program files\Alwil Software

2008-11-12 19:20 --------- d-----w c:\program files\F-Secure Internet Security

2008-11-12 19:17 --------- d-----w c:\programdata\f-secure

2008-11-12 19:03 --------- d-----w c:\programdata\Microsoft Help

2008-11-12 13:41 --------- d-----w c:\users\Gebruiker\AppData\Roaming\F-Secure

2008-11-12 13:20 --------- d-----w c:\programdata\fssg

2008-11-12 13:19 29,192 ----a-w c:\windows\system32\drivers\ndisprot.sys

2008-11-12 12:50 --------- d-----w c:\programdata\Avg8

2008-11-12 11:46 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Printer Info Cache

2008-11-12 11:45 --------- d-----w c:\programdata\HP Product Assistant

2008-11-11 00:33 --------- d-----w c:\programdata\WEBREG

2008-11-11 00:32 --------- d-----w c:\programdata\HP

2008-11-10 15:30 --------- d-----w c:\program files\HP

2008-11-10 15:29 --------- d-----w c:\program files\Common Files\HP

2008-11-10 15:27 --------- d-----w c:\program files\Common Files\Hewlett-Packard

2008-11-02 11:47 --------- d-----w c:\programdata\TomTom

2008-11-02 11:47 --------- d-----w c:\program files\TomTom HOME

2008-10-31 19:17 --------- d-----w c:\program files\Smart CD Catalog PRO

2008-10-29 12:16 --------- d-----w c:\program files\freshney.org

2008-10-26 21:25 --------- d-----w c:\programdata\LifePhotoMaker

2008-10-26 21:25 --------- d-----w c:\program files\LifePhotoMaker

2008-10-26 19:29 --------- d-----w c:\program files\Directory Lister

2008-10-25 21:36 --------- d-----w c:\program files\WhereIsIt

2008-10-24 17:52 --------- d-----w c:\program files\The KMPlayer

2008-10-24 15:45 --------- d-----w c:\programdata\NVIDIA

2008-10-23 11:39 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Spybot - Search & Destroy

2008-10-23 11:39 --------- d-----w c:\program files\VideoLAN

2008-10-22 12:53 --------- d-----w c:\program files\AIMP2

2008-10-21 18:00 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2008-10-21 18:00 --------- d-----w c:\programdata\Malwarebytes

2008-10-21 18:00 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-10-21 14:13 --------- d-----w c:\programdata\NtiDvdCopy

2008-10-21 12:22 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-21 12:21 --------- d-----w c:\program files\NewTech Infosystems

2008-10-21 12:19 6,144 ----a-w c:\windows\system32\drivers\NTIDrvr.sys

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-08-28 11:12 1,570,816 ----a-w c:\users\Gebruiker\AppData\Roaming\tsdnwin.dll

2008-07-05 13:10 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-05 13:10 56 ---ha-w c:\programdata\ezsidmv.dat

2008-04-20 17:51 47,360 ----a-w c:\users\Gebruiker\AppData\Roaming\pcouffin.sys

2008-04-16 22:36 174 --sha-w c:\program files\desktop.ini

2007-11-19 19:50 32 ----a-w c:\users\All Users\ezsid.dat

2007-11-19 19:50 32 ----a-w c:\programdata\ezsid.dat

2005-12-16 23:05 41,078 ----a-w c:\program files\keydll.dll

2005-12-16 23:01 307,200 ----a-w c:\program files\MouseDrv.exe

2005-12-16 15:42 7,473,152 ----a-w c:\program files\NTI CD & DVD-Maker.msi

2005-12-16 15:42 31,679,012 ----a-w c:\program files\Data1.cab

2005-12-16 14:52 602,112 ----a-w c:\program files\PS2USBKbdDrv.exe

2005-12-14 10:07 41,573 ----a-w c:\program files\Readme.txt

2005-12-14 10:05 475,505 ----a-w c:\program files\Cdrw32.bdb

2005-12-02 15:38 323,584 ----a-w c:\program files\mousecpl.dll

2005-11-30 11:48 94,208 ----a-w c:\program files\StartAutorun.exe

2005-05-05 08:35 53,248 ----a-w c:\program files\NtiAspi.dll

2005-05-04 18:12 28,672 ----a-w c:\program files\MouseHook.dll

2005-05-02 16:57 32,256 ----a-w c:\program files\addfilter.exe

2005-05-02 16:52 387,072 ----a-w c:\program files\WMDMDist.exe

2005-05-02 16:52 2,447,360 ----a-w c:\program files\WMFDist.exe

2005-05-02 16:52 2,041,856 ----a-w c:\program files\WMFADist.exe

2005-04-26 14:38 1,064 ----a-w c:\program files\CDMKR32.INI

2005-03-08 15:26 16,896 ----a-w c:\program files\BurnRights.exe

2004-12-17 14:14 13,952 ----a-w c:\program files\UBHelper.sys

2004-12-06 11:47 518,456 ----a-w c:\program files\splash01.bmp

2004-10-15 13:17 22,218 ----a-w c:\program files\CDDVD-MAKER_TITLE.jpg

2004-04-25 08:27 429,568 ----a-w c:\program files\Dllmkkbd.dll

2002-04-26 09:39 226,816 ----a-w c:\program files\htvcdsvcd.ax

2007-12-15 14:41 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-12-15 14:41 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-12-15 14:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

2007-12-15 14:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

2007-12-15 14:39 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

2007-12-15 14:41 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]

"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]

"SuperCleaner"="c:\program files\SuperCleaner\SuperCleaner.exe" [2007-12-30 565248]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2008-11-10 5347672]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]

"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"PromptOnSecureDesktop"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"AlwaysShowClassicMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1F34AEF4-F548-4112-B81C-917C168D4A22}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service

"{65D3909B-86D5-493B-81D2-F718865020DE}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service

"{AC876817-6236-4AD5-8CB3-C796C60AED1A}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service

"{E2FEEEE1-B381-4CC5-A7CD-D52AFDB6D3EF}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service

"TCP Query User{12CBCEAA-C429-42C7-AC75-3707406A09C9}c:\\program files\\videolan\\vlc.exe"= UDP:c:\program files\videolan\vlc.exe:VLC media player

"UDP Query User{CDFD8AA7-D97F-4326-9578-08566665389C}c:\\program files\\videolan\\vlc.exe"= TCP:c:\program files\videolan\vlc.exe:VLC media player

"TCP Query User{9BDB957E-1974-448C-925E-17C1BBF106CD}c:\\program files\\videolan\\vlc.exe"= UDP:c:\program files\videolan\vlc.exe:VLC media player

"UDP Query User{8D77C354-6D5C-4B91-8E92-A6C9D67AC0D0}c:\\program files\\videolan\\vlc.exe"= TCP:c:\program files\videolan\vlc.exe:VLC media player

"TCP Query User{A8FEE09A-B2A2-482C-BB58-06FFB6179AB9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{55C532D8-1769-463E-BE43-BD03E679C0F4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{B2889D5F-AE1B-4614-8B5D-74F3860DC347}c:\\program files\\screamer radio\\screamer.exe"= UDP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"UDP Query User{E0B775CD-0918-4E89-AB82-6127E352C615}c:\\program files\\screamer radio\\screamer.exe"= TCP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"TCP Query User{5C9EE203-5168-4049-B32B-7B9A68335C6F}e:\\d-link.exe"= UDP:E:\d-link.exe:Setup Wizard Template

"UDP Query User{6DED569A-FC8B-46F3-9D6B-AE814AC099FD}e:\\d-link.exe"= TCP:E:\d-link.exe:Setup Wizard Template

"{055442CD-20D0-4B5B-8835-A4BC6DE01A06}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{FB410F6A-FB75-46EF-86D9-D5AEE4A32EED}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{B53A28DD-A17C-4DB5-973D-6C84AAEB27DB}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{324364F1-45E6-4A6F-9AEC-B65EC37A55A1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{F68B3875-5BBF-4AA3-A615-411F67739640}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{0E6EB10C-0C97-442F-A6D7-8344867CB8E3}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"TCP Query User{1B34C723-DF03-409E-AA8C-69407E38184F}c:\\users\\gebruiker\\downloads\\halite usenet downloads\\halite.0_2_9_dev330.x86\\halite.exe"= UDP:c:\users\gebruiker\downloads\halite usenet downloads\halite.0_2_9_dev330.x86\halite.exe:halite.exe

"UDP Query User{5E0E0E3C-A33E-4315-80B2-6BD3BE09B090}c:\\users\\gebruiker\\downloads\\halite usenet downloads\\halite.0_2_9_dev330.x86\\halite.exe"= TCP:c:\users\gebruiker\downloads\halite usenet downloads\halite.0_2_9_dev330.x86\halite.exe:halite.exe

"{C02ECAC1-E013-4CA0-9C34-7A71315836EB}"= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server

"{F66F3034-BDC2-4556-BD8E-4444C9E2AA2B}"= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)

"{62DB4344-00F8-4949-8D34-BF603EF2195A}"= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)

"{CB28E0A3-9E17-45F9-B6E0-00E0F24E068F}"= UDP:c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service

"{50E57313-13C1-4555-B338-F6F84A0FEA14}"= TCP:c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service

"TCP Query User{C3D79D06-A154-424E-BB69-57D7F4750120}c:\\program files\\theworld 2.0\\theworld.exe"= UDP:c:\program files\theworld 2.0\theworld.exe:TheWorld Browser

"UDP Query User{BA87D593-441B-4EF3-924A-E9CE659A2815}c:\\program files\\theworld 2.0\\theworld.exe"= TCP:c:\program files\theworld 2.0\theworld.exe:TheWorld Browser

"{17BB9BAD-DD15-4E07-A94C-088C78BA4DDB}"= UDP:c:\program files\deepinvent\MailStore Home\MailStoreLocal.exe:MailStore Home

"{702504C5-0704-4849-8B45-737F2A180874}"= TCP:c:\program files\deepinvent\MailStore Home\MailStoreLocal.exe:MailStore Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 111184]

R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-08-16 85760]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-12 51792]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-21 809296]

R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-08-22 598856]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-09-19 48128]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-02 328192]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2007-11-14 1527900]

S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-12 29192]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2007-11-29 476416]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2007-11-14 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

rsmsvcs REG_MULTI_SZ ntmssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com l:

\shell\Open\command - k:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56666d18-66d4-11dc-b545-001d603f9346}]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL k:\resycled\boot.com l:

\shell\Open\command - k:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724aa651-66c6-11dc-b374-806e6f6e6963}]

\shell\AutoRun\command - f:\autorun\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99631808-66b1-11dc-b56d-806e6f6e6963}]

\shell\AutoRun\command - F:\SoftR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2008-12-19 c:\windows\Tasks\User_Feed_Synchronization-{BBB06A4A-E2C4-49D3-BEFD-B31A3DC6DB30}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-19 17:50:06

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

c:\windows\System32\msiexec.exe

c:\windows\System32\oodag.exe

c:\windows\System32\PSIService.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\System32\rundll32.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\ehome\ehmsas.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Voltooingstijd: 2008-12-19 17:57:04 - machine werd herstart

ComboFix-quarantined-files.txt 2008-12-19 16:56:51

Pre-Run: 40,747,143,168 bytes beschikbaar

Post-Run: 40,594,530,304 bytes beschikbaar

307 --- E O F --- 2008-11-12 19:03:49

[kape]

Van je eerste besmette bestanden ben je al verlost, nu de volgende stappen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\32788R22FWJFW.0.tmp

c:\windows\System32\temp.003

c:\windows\System32\temp.000

c:\windows\System32\temp.002

c:\windows\System32\temp.001

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56666d18-66d4-11dc-b545-001d603f9346}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Download HiJackThis hier.

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.

NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".