Manado
Lid-
Items
15 -
Registratiedatum
-
Laatst bezocht
Over Manado
- Verjaardag 18-04-1973
Manado's prestaties
-
Heren, ik dank u wederom voor u beweze diensten, en ik ga de voorbereidingen treffen voor een clean instal want ik heb er geen vertrouwen meer in, en er zal ook geen pokertroep bij mij meer opkomen. Het netwerk verkeer is bij mij toch al drukker dan normaal omdat ik vrij op het bbned zit, dus ik lag open voor de wereld ;-} Dat verklaart waarschijnlijk wel het drukke verkeer wat langs AVG loopt. Enigste wat voor mij onverklaarbaar blijft is dat als ik thuis in mijn netwerk me laptop opstart veranderen mijn avg instellingen uitzichzelf naar alles toestaan. Toen ik gister bij me pa was heb ik het daar ook geprobeerd en warempel, toen bleef alles netjes in de huidige instellingen staan zoals ik het zelf had ingesteld????????? Lol dit was voor mij de druppel ondanks dat ik er maar niet achter kan komen wat dit nou veroorzaakt. Groetjes Martin
-
Tja dan zal ik verlopig even wakker blijven bij het opnieuw opstarten en denk ik dat ik maar vast voorbereidingen ga treffen voor een clean instal. Zomaar even wat me te binnen schiet en dan laat ik dit topic weer voor wat het is ; Kan het zo zijn dat er ergens een file'tje is tussengezet die geactiveerd wordt zodra je bv weer pokerstars gaat instaleren op je computer. Dus eigenlijk hoe groot is de kans dat die knackerbróod:D een file'tje heeft achtergelaten die wij dus niet kunnen vinden maar die dus nog wel achtergebleven is en zodra bv pokerstars geinstaleerd wordt dat dat file'tje dan dus meteen geactiveerd wordt en de ellende weer begint. Bedankt weer voor je hulp,Kape. Groetjes Martin Ps. kan dit topic nog bij mijn vorige gekoppeld worden, ik zag namelijk te laat dat ik me oude topic ook weer heropend kan worden:argh: excuses en vast wel weer tot ziens :Dhaha
-
Hier de combo logfile, toen combofix helemaal klaar was ben ik even de comp. weer opnieuw op wezen starten en het was nog niet onveranderd, zodra ik iets van internet aanraak veranderd mijn firewall instellingen automatisch tot "alles toestaan". ComboFix 09-03-06.02 - Nancy 2009-03-10 18:10:20.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.478 [GMT 1:00] Gestart vanuit: c:\documents and settings\Nancy\Bureaublad\ComboFix.exe AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) FW: AVG Firewall *enabled* * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))) . 2009-03-10 14:22 . 2009-03-10 14:22 <DIR> dr-h----- c:\documents and settings\Nancy\Onlangs geopend 2009-03-09 12:03 . 2009-03-10 12:06 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-08 18:00 . 2009-03-10 14:18 <DIR> d-------- c:\program files\PokerStars 2009-03-08 17:13 . 2009-03-10 12:04 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-08 17:13 . 2009-03-08 17:13 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-08 17:13 . 2009-03-08 17:13 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-08 17:13 . 2009-03-08 17:13 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-03-08 17:13 . 2009-03-08 17:13 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\program files\AVG 2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-08 17:11 . 2009-03-08 17:11 50,968 --a------ c:\windows\system32\avgfwdx.dll 2009-03-08 17:11 . 2009-03-08 17:11 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys 2009-03-08 14:18 . 2009-03-08 14:18 <DIR> d-------- c:\program files\CCleaner 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\Nancy\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 19:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d-------- c:\documents and settings\postgres\WINDOWS 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d--h----- c:\documents and settings\postgres\Sjablonen 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr-h----- c:\documents and settings\postgres\Onlangs geopend 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d--h----- c:\documents and settings\postgres\Netwerkprinteromgeving 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Mijn documenten 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Menu Start 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> dr------- c:\documents and settings\postgres\Favorieten 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d-------- c:\documents and settings\postgres\Bureaublad 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Windows Desktop Search 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\toshiba 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Sonic 2009-03-06 18:14 . 2007-04-07 09:39 <DIR> d-------- c:\documents and settings\postgres\Application Data\Intel 2009-03-06 18:14 . 2009-03-08 17:14 <DIR> d-------- c:\documents and settings\postgres 2009-03-06 17:58 . 2009-03-01 07:39 31,685,120 --a------ c:\windows\PT-Install-v3.00.4.pgsql.exe 2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-10 12:56 --------- d-----w c:\documents and settings\Nancy\Application Data\Amsterdams Poker 2009-03-10 00:06 202,008 ----a-w c:\windows\system32\PnkBstrB.exe 2009-03-10 00:06 139,096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-16 11:31 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-16 11:31 249,856 ------w c:\windows\Setup1.exe 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2004-12-01 16:18 62,865 ----a-w c:\windows\inf\IM\odysseyIM3.sys 2004-12-01 16:18 45,056 ----a-w c:\windows\inf\IM\imdinst.exe 2004-12-01 16:18 12,739 ----a-w c:\windows\inf\IM\odNetInstall.dll 2008-08-07 19:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008080720080808\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-08_10.49.16,20 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2009-03-08 16:13:53 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe - 2008-07-08 08:33:15 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-03-08 18:50:40 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-03-10 13:45:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120] "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Nancy\Menu Start\Programma's\Opstarten\ Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-01 344064] Sitecom Wireless LAN Utility.lnk - c:\program files\Sitecom Wireless LAN\WLANUTL.exe [2007-04-12 3829760] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 17:13 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-25 22:44 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\ehome\\ehExtHost.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-08 12552] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-11-19 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-11-19 5248] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 107912] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-08 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-08 1362784] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208] S3 ST100MXP;Sitecom 100M Driver;c:\windows\system32\drivers\WLANCTG.SYS [2007-04-12 386688] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6787E26F-A9E8-75DE-1120-18B0CEADD844}] c:\docume~1\Nancy\LOCALS~1\Temp\AVG8.5\activation_disable.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 18:13:07 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1800) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-03-10 18:14:41 ComboFix-quarantined-files.txt 2009-03-10 17:14:38 ComboFix2.txt 2009-03-08 13:23:40 ComboFix3.txt 2009-03-08 09:50:05 Pre-Run: 33.000.964.096 bytes beschikbaar Post-Run: 33,080,934,400 bytes beschikbaar 189 --- E O F --- 2009-03-05 18:01:58 ComboFix 09-03-06.02 - Nancy 2009-03-10 18:10:20.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.478 [GMT 1:00] Gestart vanuit: c:\documents and settings\Nancy\Bureaublad\ComboFix.exe AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) FW: AVG Firewall *enabled* * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))) . 2009-03-10 14:22 . 2009-03-10 14:22 <DIR> dr-h----- c:\documents and settings\Nancy\Onlangs geopend 2009-03-09 12:03 . 2009-03-10 12:06 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-08 18:00 . 2009-03-10 14:18 <DIR> d-------- c:\program files\PokerStars 2009-03-08 17:13 . 2009-03-10 12:04 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-08 17:13 . 2009-03-08 17:13 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-08 17:13 . 2009-03-08 17:13 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-08 17:13 . 2009-03-08 17:13 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-03-08 17:13 . 2009-03-08 17:13 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\program files\AVG 2009-03-08 17:11 . 2009-03-08 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-08 17:11 . 2009-03-08 17:11 50,968 --a------ c:\windows\system32\avgfwdx.dll 2009-03-08 17:11 . 2009-03-08 17:11 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys 2009-03-08 14:18 . 2009-03-08 14:18 <DIR> d-------- c:\program files\CCleaner 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\Nancy\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 19:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d-------- c:\documents and settings\postgres\WINDOWS 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d--h----- c:\documents and settings\postgres\Sjablonen 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr-h----- c:\documents and settings\postgres\Onlangs geopend 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d--h----- c:\documents and settings\postgres\Netwerkprinteromgeving 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Mijn documenten 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Menu Start 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> dr------- c:\documents and settings\postgres\Favorieten 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d-------- c:\documents and settings\postgres\Bureaublad 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Windows Desktop Search 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\toshiba 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Sonic 2009-03-06 18:14 . 2007-04-07 09:39 <DIR> d-------- c:\documents and settings\postgres\Application Data\Intel 2009-03-06 18:14 . 2009-03-08 17:14 <DIR> d-------- c:\documents and settings\postgres 2009-03-06 17:58 . 2009-03-01 07:39 31,685,120 --a------ c:\windows\PT-Install-v3.00.4.pgsql.exe 2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-10 12:56 --------- d-----w c:\documents and settings\Nancy\Application Data\Amsterdams Poker 2009-03-10 00:06 202,008 ----a-w c:\windows\system32\PnkBstrB.exe 2009-03-10 00:06 139,096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-16 11:31 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-16 11:31 249,856 ------w c:\windows\Setup1.exe 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2004-12-01 16:18 62,865 ----a-w c:\windows\inf\IM\odysseyIM3.sys 2004-12-01 16:18 45,056 ----a-w c:\windows\inf\IM\imdinst.exe 2004-12-01 16:18 12,739 ----a-w c:\windows\inf\IM\odNetInstall.dll 2008-08-07 19:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008080720080808\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-08_10.49.16,20 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2009-03-08 16:13:53 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe - 2008-07-08 08:33:15 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-03-08 18:50:40 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-03-10 13:45:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120] "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Nancy\Menu Start\Programma's\Opstarten\ Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-01 344064] Sitecom Wireless LAN Utility.lnk - c:\program files\Sitecom Wireless LAN\WLANUTL.exe [2007-04-12 3829760] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 17:13 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-25 22:44 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\ehome\\ehExtHost.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-08 12552] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-11-19 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-11-19 5248] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 107912] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-08 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-08 1362784] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-08 29208] S3 ST100MXP;Sitecom 100M Driver;c:\windows\system32\drivers\WLANCTG.SYS [2007-04-12 386688] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6787E26F-A9E8-75DE-1120-18B0CEADD844}] c:\docume~1\Nancy\LOCALS~1\Temp\AVG8.5\activation_disable.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 18:13:07 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1800) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-03-10 18:14:41 ComboFix-quarantined-files.txt 2009-03-10 17:14:38 ComboFix2.txt 2009-03-08 13:23:40 ComboFix3.txt 2009-03-08 09:50:05 Pre-Run: 33.000.964.096 bytes beschikbaar Post-Run: 33,080,934,400 bytes beschikbaar 189 --- E O F --- 2009-03-05 18:01:58
-
Beste Kape, ik ben erachter gekomen dat als ik mijn pc herstart dan is alles ok, als ik dan ga kijken bij de status van avg zegt ie in eerste instantie dat alles wordt beveiligd net als bij de firewall instellingen van avg. Maar nu komt het... zodra ik vervolgens iets van internet aanraak bv int.expl. of msn mail of wat dan ook, schiet het netwerk (iexplore.exe stuk of 15) als een gek omhoog dan veranderen mijn firewall instellingen van avg uitzichzelf of met behulp van een derde in de status "alles toestaan" daaronder ook "gamersmode" aangevinkt terwijl ik hem uiteraard anders ingesteld heb standaard. Zodra ik dan meteen de juiste instellingen weer terugzet in avg dan is het weer goed te overzien en blijven die "aanvallen" wel alleen beperkt. Mvg Martin Orange? Huh is dat dan spam of zo ik heb niks met orange lopen en na alles wat ik schoongemaakt heb hoe komt dat er dan nog in?
-
[OPGELOST] Windows XP Netdetect.exe (2)
Manado reageerde op djgerben's topic in Archief Bestrijding malware & virussen
Hoi djgerben, Het een na laatste berichtje nogmaals lezen op de 1 ste pagina onderaan schreef Kape de laatste handelingen die je doen moest, daar stond dat over dat vinkie weer weghalen. Heb het voor je gekopieerd en rood gemarkeerd, hoef je niet terug te lezen. ;-} Weet niet of ik dit wel mocht doen maar kon het niet laten!! Het is tenslotte geen oplossing toch? Succes ermee hopelijk is het voor je opgelost hierna. Mvg Martin -
inmiddels zijn er 2042 pakketten geblokkeerd,pfff het meeste wordt gelukkig tegengehouden. De regel waar het mij voornaamste om gaat is; CPE- 75-8371-191. socal.res.rr.com:3072 deze is degene die telkens weer veelvuldig terugkomt, zodar ik een instelling wil wijzigen van me firewall springt ie meteen open vermenigvuldigt zich met stuk of 10 dan. Groet Martin
-
-
Hoi :ciao:Kape, Helaas kan ik onze laatste afspraak niet nakomen :bawling:na het fixen van mijn laptop afgelopen weekend. Na je hulp en na een hoop leeswerk cq extra beveiliging etc heb ik besloten om AVG Internet Security aan te schaffe en te instaleren. Heerlijk programma kan niet anders zeggen. Echter de firewall optie heeft een mooi overzicht van alle netwerkverbindingen dreigend of niet en geeft daarvan ook mooi de details van bv welke poort enz. Nu heb ik het vermoeden dat hij wel bijna alles tegen houdt maar toch niet alles, ik heb dat opgemerkt aan bepaalde toepassingen, exe's die lopende waren waaronder weer die van iexplore.exe en nog 1 van explorer.exe. De laatste is volgens mij degene die 'normaal' is en telkens opstart (bureaublad etc) maar die andere heb ik een screenshot van genomen want soms zijn het er wel 15 connectie's tegelijk welke ook daadwerkelijk open gaan en meteen na enkele sec. zijn ze weer weg ook, dus wat er precies gebeurt weet ik niet of wat ze doen, en als ik ff snel kijk dan heeft ie nu binnen 1,5 uur ook 683 pogingen gewaagd. Dus wou ik die screenshot graag laten zien hier maar ik weet niet hoe te plaatsten hier. Zou je voor mij nog maals een checkup kunnen doen aan de hand vd logfile's om te kijken of het alweer raak is ofdat er weer die bedreigingen zijn, want anders overweeg ik toch echt een clean instal. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:48, on 10-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\AVG\AVG8\avgui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Nancy\Bureaublad\hijackthis\HijackThis.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Sitecom Wireless LAN Utility.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176802922343 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.61.30.131:3000//activex/AMC.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11726 bytes Hier de Mbam log; Malwarebytes' Anti-Malware 1.34 Database versie: 1831 Windows 5.1.2600 Service Pack 3 10-3-2009 12:27:55 mbam-log-2009-03-10 (12-27-55).txt Scan type: Snelle Scan Objecten gescand: 75966 Verstreken tijd: 5 minute(s), 20 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Bvd Martin
-
Ok, zal er nog extra beveiliging opgooien en even rondneuzen op het forum erover, en voorzover mogelijk zal ik inderdaad alle wachtwoorden verwissellen. Reuze bedankt en niet ***lig bedoeld hoor, maar hopelijk niet tot ziens haha ;-} Mvg Martin
-
Heel erg bedankt voor je snelle reactie's en zeer goede duidelijke hulp Kape, Ik heb alles gedaan en nog maals alles weer duppel gechecked dus het ziet er erg goed uit tot nu toe, echter durf ik nog niet met die laptop het net op te gaan omdat ik eigenlijk nog niet zo goed weet of ie makkelijk weer kan doen bv. [ begrijp me goed alvorens nieuwe software te instaleren zal ik het 3 dubbel checken eerst] ;-} Hoe makkelijk is het nu nog voor ze om weer hetzelfde te doen, als ik hem namelijk zelf niet op heterdaad betrapt heb had ik er waarschijnlijk nu nog niet achter geweest of wel? en zit ik nu mis? Ik wacht nog even met online gaan met die laptop hopende dat je nog reageren kan. Groetjes Martin
-
Hier eindelijk de hijackthis logfile zal ook deze weer aan moeten passen ben ik bang ;-{ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:42, on 8-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\dllhost.exe C:\ProgramFiles\Sony\SonyPictureUtility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Nancy\Bureaublad\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Sitecom Wireless LAN Utility.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176802922343 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.61.30.131:3000//activex/AMC.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10699 bytes Pff gedaan en hopelijk beetje goed!! Bedankt vast voor je snelle reactie Als ik de tekst bewerk krijg ik hem goed op scherm te zien,zodra ik het opsla staat het weer iets verkeerd, ;-}
-
Nou Kape sorry voor de tekst steeds probeer steeds aan te passen maar blijft telkens weer verkeerd gaan, hopelijk wordt je er wat wijs uit,zoniet hoor ik dat wel. Bvd Martin
-
Hoi Kape bedankt voor je reactie. Gedaan wat je zei en nu heb ik dat combo logfile voor je klaar staan,hopelijk gaat dit wel in 1 keer goed met de tekst. ComboFix 09-03-06.02 - Nancy 2009-03-08 10:47:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.519 [GMT 1:00] Gestart vanuit: g:\hijackthis\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt . ((((((((((((((((((((((((((((AndereVerwijderingen)))))))))))))))))))))))))))))))))))))))) c:\windows\system32\plugin1.dat c:\windows\system32\SysPr.prx . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))) . 2009-03-08 00:42 . 2009-03-08 10:26 <DIR> dr-h----- c:\documents and settings\Nancy\Onlangs geopend 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\Nancy\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-03-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 19:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 19:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d-------- c:\documents and settings\postgres\WINDOWS 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> d--h----- c:\documents and settings\postgres\Sjablonen 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr-h----- c:\documents and settings\postgres\Onlangs geopend 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d--h----- c:\documents and settings\postgres\Netwerkprinteromgeving 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Mijn documenten 2009-03-06 18:14 . 2005-12-03 03:14 <DIR> dr------- c:\documents and settings\postgres\Menu Start 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> dr------- c:\documents and settings\postgres\Favorieten 2009-03-06 18:14 . 2006-09-26 17:18 <DIR> d-------- c:\documents and settings\postgres\Bureaublad 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Windows Desktop Search 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\toshiba 2009-03-06 18:14 . 2005-12-03 03:13 <DIR> d-------- c:\documents and settings\postgres\Application Data\Sonic 2009-03-06 18:14 . 2007-04-07 09:39 <DIR> d-------- c:\documents and settings\postgres\Application Data\Intel 2009-03-06 18:14 . 2009-03-06 18:14 <DIR> d-------- c:\documents and settings\postgres 2009-03-06 17:59 . 2009-03-01 07:24 237,568 --a------ c:\windows\system32\Winudate32.exe 2009-03-06 17:58 . 2009-03-01 07:39 31,685,120 --a------ c:\windows\PT-Install-v3.00.4.pgsql.exe 2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\program files\ESET 2009-02-20 21:52 . 2009-02-20 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-04 00:28 --------- d-----w c:\program files\Smart Projects 2009-01-16 11:31 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-16 11:31 249,856 -----w c:\windows\Setup1.exe 2008-12-29 19:54 202,008 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-20 23:03 826,368 ---a-w c:\windows\system32\wininet.dll 2004-12-01 16:18 62,865 ----a-w c:\windows\inf\IM\odysseyIM3.sys 2004-12-01 16:18 45,056 ----a-w c:\windows\inf\IM\imdinst.exe 2004-12-01 16:18 12,739 ----a-w c:\windows\inf\IM\odNetInstall.dll 2008-08-07 19:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008080720080808\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "WMPNSCFG"="c:\program files\WindowsMediaPlayer\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120] "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168] "nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Nancy\Menu Start\Programma's\Opstarten\ Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-01 344064] Sitecom Wireless LAN Utility.lnk - c:\program files\Sitecom Wireless LAN\WLANUTL.exe [2007-04-12 3829760] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-25 22:44 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\ehome\\ehExtHost.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-11-19 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-11-19 5248] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040] S3 ST100MXP;Sitecom 100M Driver;c:\windows\system32\drivers\WLANCTG.SYS [2007-04-12 386688] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) Notify-WgaLogon - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 10:48:47 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1212) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-03-08 10:50:04 ComboFix-quarantined-files.txt 2009-03-08 09:50:02 Pre-Run: 29.855.412.224 bytes beschikbaar Post-Run: 29,838,684,160 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 163 --- E O F --- 2009-03-05 18:01:58 Bedankt ik wacht op je reactie, Groetjes Martin
-
Beste ..... , Ik heb ook dat topic gelezen van NONAME wat uiteraard erg overeen komt met mijn probleem, alleen staat die Boosdoener van hem die regel van; " F2 userunit .... ed." die regel komt bij mij niet voor in de hijack logfile, vandaar dat ik niet weet wat ik verder doen moet. Aub wat advies, of is het soms beter om een schone instalatie uit te voeren? Bvd Martin Ps; sorry ben newbie voor als ik wat foutjes maak!!
-
Beste Medewerkers, Ik heb dringend hulp nodig met mijn laptop, afgelopen vrijdag heb ik pokertracker geinstaleerd en volgens mij, is dit de boosdoener op mijn laptop. s'avonds wou ik mijn laptop uitzetten en opeens zien ik me muis over me scherm vliegen en me pokeraccount openvliegen en tot me stomme verbazing was ie mijn wachtwoord aan het intypen en logte in,keek naar mijn saldo waar niks opstond,en verdween weer?hopelijk toch? pc uitgedaan en niet meer online geweest sindsdien, nu zit ik op de asus minilaptop van mijn zoon durf namelijk niet meer online met die laptop. Ik heb het een en ander erover gelezen uiteraard want ben er wel van geschrokken. Mbam en de hiJackthis logfiles zal ik ook posten hieronder net als iets gegevens van mijn laptop. Beveiliging is gewoon van windows en ook heb ik nod32 draaien ernaast nooit echt problemen gehad verder gelukkig,het originele systeem van toshiba staat er nog steeds op. [PC-gegevens] Modelnaam Satellite A100 Onderdeelnummer PSAA9E-0QG049DU Serienummer Z6142942Q Besturingssysteemversie Microsoft Windows XP Professional 5.1.2600 Service Pack 3 BIOS-versie 2.10 CPU Genuine Intel® CPU T2050 @ 1.60GHz Fysiek geheugen 1024MB RAM Capaciteit vast schijf 160,039,272,960 [byte] 149.048 [GB] Vrije-ruimtecapaciteit vaste schijf 85,473,828,864 [byte] 79.604 [GB] Video NVIDIA GeForce Go 7600 versie=8.4.6.8 Schermresolutie 1280 x 800 Pixels Kleurenkwaliteit True Color (32 Bit) Geluid Realtek High Definition Audio versie=5.10.0.5253 Netwerk Intel® PRO/Wireless 3945ABG Network Connection Hier mijn hijackthis logfile; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:08, on 7-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\ProgramFiles\Sony\SonyPictureUtility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE G:\hijackthis\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\Winudate32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Sitecom Wireless LAN Utility.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176802922343 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.61.30.131:3000//activex/AMC.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12054 bytes Hier de mbam logfile welke trouwens niks geks gevonden heeft en daarna heb ik op die laptop nog 1 keer die ATF cleaner eroverheen gegooid ; Malwarebytes' Anti-Malware 1.34 Database versie: 1825 Windows 5.1.2600 Service Pack 3 7-3-2009 19:36:24 mbam-log-2009-03-07 (19-36-24).txt Scan type: Snelle Scan Objecten gescand: 75369 Verstreken tijd: 3 minute(s), 44 second(s) Geheugenprocessen genfecteerd: 0 Geheugenmodulen genfecteerd: 0 Registersleutels genfecteerd: 0 Registerwaarden genfecteerd: 0 Registerdata bestanden genfecteerd: 0 Mappen genfecteerd: 0 Bestanden genfecteerd: 0 Geheugenprocessen genfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen genfecteerd: (Geen kwaadaardige items gevonden) Registersleutels genfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden genfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden genfecteerd: (Geen kwaadaardige items gevonden) Mappen genfecteerd: (Geen kwaadaardige items gevonden) Bestanden genfecteerd: (Geen kwaadaardige items gevonden) Ik weet er helaas zelf niet genoeg over om te beslissen welke regels ik weg dien te gooien via de fix checked button en is het dan ook helemaal klaar of moet er nog meer gebeuren? Bvd Martin
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!