pc werkt plots heel traag

[kape]

Je werkt wel met 2 antivirusprogramma's (AVG en ANTIVIR). Twee scanners kunnen elkaar tegenwerken ... en dus ook voor flinke vertragingen zorgen. Best dat je kiest voor één van de 2 en de andere verwijdert met de Removal Tool van dat programma. Als je een keuze gemaakt hebt, laat dat even weten ... dan ruimen we alle sporen van het verwijderde programma verder op. Mogelijk zit daar nog een oplossing in ?

[Gast KSVW1]

toen ik combofix wou starten, vroeg hij om AVG te sluiten / activeerde, daar dit niet lukte heb ik hem ervoor verwijderd.

Nu een Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:33:02, on 15-12-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Nero\Update\NANotify.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Free Uninstall Survey

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274038390921

O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.be/ExtraFilmUploader6.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Free Uninstall Survey

Klik op 'Fix checked' om de items te verwijderen.

Laat dan Combofix opnieuw scannen en hang dit logje in je volgende bericht. Geef ook even een stand van zaken over de problemen ?

[Gast KSVW1]

stand van zaken eigenlijk ongewijzigd...internet kan pas gestart worden nadat die melding in taakbalk er komt (zeker na 5 à 10min nadat windows opgestart is)...eens daardoor werkt pc behoorlijk vlot / correct.

logje combofix:

ComboFix 10-12-15.04 - Eigenaar 15-12-2010 21:56:30.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2559.2191 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Thumbs.db

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-11-15 to 2010-12-15 ))))))))))))))))))))))))))))))

.

2010-12-15 18:31 . 2010-12-15 18:31 -------- d-----w- c:\windows\LastGood

2010-12-13 11:31 . 2010-12-13 11:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2010-12-12 20:29 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-12 20:29 . 2010-12-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-12 20:29 . 2010-12-12 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-12 20:29 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-12 20:25 . 2010-12-12 20:25 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-12 20:25 . 2010-12-12 20:25 -------- d-----w- c:\program files\Trend Micro

2010-12-11 09:10 . 2010-12-11 09:10 -------- d-----w- C:\My Shared Folder

2010-12-11 09:09 . 2010-12-11 09:09 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Kazaa Lite

2010-12-05 15:09 . 2010-12-05 15:09 -------- d-----w- c:\program files\MSECache

2010-12-05 14:49 . 2010-12-05 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2010-12-05 14:48 . 2010-12-05 14:48 -------- d-----w- c:\program files\Citrix

2010-11-26 20:04 . 2010-11-26 20:04 -------- d-----w- C:\toy story

2010-11-23 20:22 . 2010-11-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-11-18 19:08 . 2010-11-21 10:22 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Citrix

2010-11-18 19:08 . 2010-11-18 19:46 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\ICAClient

2010-11-18 18:50 . 2010-11-18 18:50 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Uniblue

2010-11-18 18:50 . 2010-11-18 18:50 -------- d-----w- c:\program files\Uniblue

2010-11-18 18:49 . 2010-11-18 18:49 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\PackageAware

2010-11-18 18:42 . 2010-11-18 18:42 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVS4YOU

2010-11-18 18:10 . 2010-11-23 20:19 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-11-18 18:10 . 2010-09-03 12:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2010-11-18 18:10 . 2010-11-23 20:19 -------- d-----w- c:\program files\AVS4YOU

2010-11-18 18:10 . 2010-11-18 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-11-18 18:03 . 2010-11-18 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-13 11:19 . 2010-05-16 18:03 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 11:19 . 2010-05-16 18:03 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-11-23 20:17 . 2010-08-02 18:13 47360 ----a-w- c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2010-09-19 14:47 . 2010-08-02 18:13 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-09-18 10:23 . 2010-05-17 02:17 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2010-05-17 02:17 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2010-05-17 02:17 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2010-05-17 02:17 953856 ----a-w- c:\windows\system32\mfc40u.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-12-14_19.19.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-15 16:55 . 2010-12-15 16:55 16384 c:\windows\Temp\Perflib_Perfdata_23c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-19 196608]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-10-18 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [8-9-2009 18:13 65584]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16-5-2010 19:03 135336]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4-5-2010 11:07 503080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-5-2010 11:24 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]

.

Inhoud van de 'Gedeelde Taken' map

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 10:24]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 10:24]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.be/ExtraFilmUploader6.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-12-15 22:02

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]

"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2010-12-15 22:05:16

ComboFix-quarantined-files.txt 2010-12-15 21:05

ComboFix2.txt 2010-12-14 19:21

Pre-Run: 17.257.824.256 bytes beschikbaar

Post-Run: 17.289.977.856 bytes beschikbaar

- - End Of File - - BE11AA9CA70ED8E173D5384F243C2D73

[kape]

Ga naar de site van de .

• Klik op de knop ESET Online Scanner
  
• Zet een vinkje bij YES, I accept the Terms of Use
  
• Klik op Start
  
• Sta het ActiveX control toe om te installeren.
  
• Klik op "Advanced settings"
  
• Zet een vinkje bij de volgende opties:
  
  • Remove found threats
    
  • Scan archives
    
  • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
    

  [*]Klik op Start

  [*]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

  [*]Je mag het venster sluiten wanneer de scan klaar is.

  [*]Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt

  [*]Kopieer en plak de inhoud van dit logje in je volgende bericht.

[Gast KSVW1]

was een weekje op vakantie...heb dit eens bekeken met die eset scanner en dit is de log :

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e10ff6eed1d46842a907da509333c850

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-26 02:08:51

# local_time=2010-12-26 03:08:51 (+0100, Romance (standaardtijd))

# country="Netherlands"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 1170901 1170901 0 0

# compatibility_mode=1024 16777215 100 0 19314863 19314863 0 0

# compatibility_mode=1797 16775125 100 93 86418 29889429 79106 0

# compatibility_mode=8192 67108863 100 0 3735 3735 0 0

# scanned=74750

# found=18

# cleaned=18

# scan_time=19693

C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Nero 9.0.9.4 NLT-Release\Nero-9.0.9.4.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031819.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031826.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031827.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031828.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031829.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031830.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031831.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031883.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031884.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031885.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031886.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031887.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0032486.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP154\A0034191.rbf a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP180\A0039497.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP180\A0039498.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

[kape]

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Laat dan Eset opnieuw scannen en hang het resultaat in volgende bericht.

[Gast KSVW1]

ik denk dat hij de log van de tweede scan heeft toegevoegd aan het eerste log bestand :

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e10ff6eed1d46842a907da509333c850

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-26 02:08:51

# local_time=2010-12-26 03:08:51 (+0100, Romance (standaardtijd))

# country="Netherlands"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 1170901 1170901 0 0

# compatibility_mode=1024 16777215 100 0 19314863 19314863 0 0

# compatibility_mode=1797 16775125 100 93 86418 29889429 79106 0

# compatibility_mode=8192 67108863 100 0 3735 3735 0 0

# scanned=74750

# found=18

# cleaned=18

# scan_time=19693

C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Nero 9.0.9.4 NLT-Release\Nero-9.0.9.4.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031819.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031826.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031827.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031828.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031829.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031830.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP150\A0031831.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031883.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031884.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031885.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031886.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0031887.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP151\A0032486.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP154\A0034191.rbf a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP180\A0039497.msi a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{BA39F3A4-69D8-4284-ACA7-14F09D611D0B}\RP180\A0039498.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e10ff6eed1d46842a907da509333c850

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-27 12:24:15

# local_time=2010-12-27 01:24:15 (+0100, Romance (standaardtijd))

# country="Netherlands"

# lang=1043

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 1257915 1257915 0 0

# compatibility_mode=1024 16777215 100 0 19401877 19401877 0 0

# compatibility_mode=1797 16775125 100 93 173432 29976443 166120 0

# compatibility_mode=8192 67108863 100 0 90749 90749 0 0

# scanned=61780

# found=0

# cleaned=0

# scan_time=12804

[kape]

Hier zitten nog altijd besmette herstelpunten in. Heb je die verwijderd vóór je dit nieuwe log met ESET hebt gemaakt ?

[mopje330]

Je Kunt Beter Nog Is Scannen En De Besmette dingen verwijder

er zitten inderdaad nog wat zwakke punten in