SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Resultaten 1 tot 14 van de 14
  1. #1
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17

    welk programma staat te draaien?

    Als ik alle programma's heb afgesloten staat er nog een programma enorme hoeveelheden te versturen. Ik kom er niet achter wat er voor rommel op zit.
    Logfile > Alles al zoveel mogelijk schoongemaakt.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:23:10, on 28-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŽn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updateservice (gupdate1c9c1cd3331c148) (gupdate1c9c1cd3331c148) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11558 bytes

  2. #2
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Als ik alle programma's heb afgesloten staat er nog een programma enorme hoeveelheden te versturen.
    Kan je hier wat duidelijker over zijn aub?
    Desnoods met een screenshot.
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  3. #3
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    Als ik alle progr. Afsluit dan zie ik bij de draadloze verbinding dat hij nog constant staat te ontvangen en verzenden. Dat treedt telkens op als hij ongeveer 10 min. aanstaat en wordt dan ook heel traag.

  4. #4
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Voor we beginnen , wil ik even vriendelijk op het volgende wijzen:

    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • De instructies die worden gegeven, zijn enkel geldig voor jouw PC.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer gťťn software of hardware terwijl we met je probleem bezig zijn.
    • Log enkel in als beheerder met alle rechten.
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.



    Stap 1:

    Opruimen van tijdelijke bestanden...

    Download TFC en sla deze op je Bureaublad op.
    • Dubbelklik op TFC.exe om het programma te openen.
    • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
    • Klik op de knop Start om het programma te starten.
    • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
      Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

    ___________________________________________________________

    Stap 2:

    Malware scannen en verwijderen....


    Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:

    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geÔnstalleerd worden.


    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dit geval post je dus de twee logs.

    Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!
    1. Problemen bij het installeren van Malwarebytes' Anti-Malware
    2. Problemen bij het starten van Malwarebytes' Anti-Malware
    3. Problemen bij het updaten van Malwarebytes' Anti-Malware



    ___________________________________________________________

    Stap 3:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien:

    • MBAM
    • Hijackthis
    • checkup.txt


    Emphyrio
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  5. #5
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    AVG 2011
    Norton 360
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Adobe Flash Player 10.1.102.64
    Adobe Reader 8.1.2 - Nederlands
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5594

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    27-1-2011 16:23:55
    mbam-log-2011-01-27 (16-23-54).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 49063
    Time elapsed: 2 hour(s), 53 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:45:38, on 29-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŽn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updateservice (gupdate1c9c1cd3331c148) (gupdate1c9c1cd3331c148) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11688 bytes

    En alvast bedankt voor de moeite en je tijd.

  6. #6
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Download Combofix en plaats het op je bureaublad.

    Lees deze handleiding door en voer uit wat er staat..

    Extra nota... Zorg ervoor dat je Security software uitschakeld is (Antivirus, Firewall, AntiSpyware) tijdens het gebruik van Combofix.
    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt onterecht zien als geÔnfecteerd, en Combofix zullen blokkeren.


    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

    OPMERKING :

    Wanneer je AVG 2011 hebt als Antivirus tool, zal Combofix je hierop wijzen.



    Verwijder AVG 2011 tijdelijk van je pc via Software, download en run AVG 2011 removal tool .

    Herstart je PC.


    Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
    Open dus geen andere applicaties totdat Combofix de log heeft gepreseneert.


    Als Combofix vraagt om een update, dan staat je dit toe.

    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

    Deze kan je vinden op C:\combofix.txt.

    Post het Combofixlogje samen met een nieuw HijackThislogje in je volgende antwoord.

    Emphyrio
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  7. #7
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    Alles uitgevoerd.

    ComboFix 11-01-28.03 - janke 29-01-2011 15:24:26.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1254.7.1043.18.1023.707 [GMT 1:00]
    Running from: c:\documents and settings\janke\Bureaublad\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\test.txt
    c:\windows\BackUp
    c:\windows\patch.exe
    c:\windows\system32\Data
    c:\windows\system32\windir
    c:\windows\version.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-28 10:37 . 2011-01-29 11:40 -------- d--h--r- c:\documents and settings\janke\Onlangs geopend
    2011-01-28 10:34 . 2011-01-28 10:35 -------- d-----w- c:\program files\CCleaner
    2011-01-27 21:37 . 2011-01-27 21:37 388096 ----a-r- c:\documents and settings\janke\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-27 21:37 . 2011-01-27 21:37 -------- d-----w- c:\program files\Trend Micro
    2011-01-27 09:14 . 2011-01-27 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-01-11 19:42 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-01-11 19:42 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-01-10 18:34 . 2011-01-10 18:34 -------- d-----w- c:\program files\W3i
    2011-01-10 18:34 . 2011-01-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
    2011-01-10 18:32 . 2011-01-10 18:32 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-01-06 21:55 . 2011-01-06 21:55 -------- d-----w- c:\program files\Common Files\Java
    2011-01-02 17:07 . 2011-01-02 17:13 -------- d-----w- C:\ezgamerx
    2011-01-02 17:05 . 2011-01-02 17:07 -------- d-----w- c:\documents and settings\janke\Local Settings\Application Data\ConduitEngine
    2011-01-02 17:05 . 2011-01-10 19:13 -------- d-----w- c:\program files\ConduitEngine

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-24 00:26 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-21 13:43 . 2010-12-21 13:43 1409 ----a-w- c:\windows\QTFont.for
    2010-12-20 17:09 . 2010-12-05 01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2010-12-05 01:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 18:45 . 2010-11-29 18:45 1513984 ----a-w- c:\documents and settings\janke\Application Data\MacroRecorder.exe
    2010-11-12 17:53 . 2010-05-13 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 15:34 . 2010-05-16 08:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-10 19:13 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
    2011-01-10 19:13 3913000 ----a-w- c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-05 328568]
    "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-11 6729728]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
    "nwiz"="nwiz.exe" [2005-05-11 1519616]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-11 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-05-13 155648]
    "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-24 274608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCMSMMSG"="BCMSMMSG.exe" [2002-05-16 65536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2010-5-18 106496]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    S2 gupdate1c9c1cd3331c148;Google Updateservice (gupdate1c9c1cd3331c148);c:\program files\Google\Update\GoogleUpdate.exe [20-4-2009 16:32 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 15:31]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 15:31]

    2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-375558186-2419212556-1931716929-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

    2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-375558186-2419212556-1931716929-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\janke\Application Data\Mozilla\Firefox\Profiles\6mk8fr6f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c88dd30&v=6.011.025.001&i=23&tp=ab&iy=&ychte=nl&lng=nl&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 15:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-375558186-2419212556-1931716929-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(376)
    c:\windows\system32\tabhook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\System32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\Tablet.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\BCMSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-29 15:38:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-29 14:38

    Pre-Run: 21.121.855.488 bytes beschikbaar
    Post-Run: 21.117.075.456 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 98F9F427BD727929E8FD2D4EA4134117

  8. #8
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Mag ik eveneens een verse Hijackthis log, Paul ?
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  9. #9
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    Sorry hier is tie.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:41:13, on 29-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst...lic=OUxTRlJFRS
    1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTA3NDg4OTE4LVQxLVhMKzEtVUNBTEwrMS1VQ0FMTD IrMi1UQjgr
    Mi1GTCs4LVFJWDErNC1YMjAxMCsyLUYxME0rNQ"&"prod=55"&"ver=10.0.1204
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŽn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updateservice (gupdate1c9c1cd3331c148) (gupdate1c9c1cd3331c148) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11199 bytes
    Laatst gewijzigd door Emphyrio; 29-01-11 om 15:52. Reden: Uitrekking van O4 item

  10. #10
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Start Hijackthis op.Selecteer “Do a system scan only”.
    Selecteer alleen de items die hieronder zijn genoemd:

    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst...RlJFRS1WUFVaNy
    1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNTA3NDg4OTE4LVQxLVhMKzEtVUNBTEwrMS1VQ0FMTDIrMi1UQj grMi1GTCs4LVFJWDErN
    C1YMjAxMCsyLUYxME0rNQ"&"prod=55"&"ver=10.0.1204

    Sluit alle vensters behalve HijackThis (HJT) en klik op Fix checked.
    Indien er een vraag komt over backups antwoord je hierop met 'Ja'.
    Sluit HJT.




    Open een kladblokbestand.
    Kopieer het onderstaande en plak dit in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    KillAll::
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

    Maak een nieuwe hijackthislog en post deze ook.
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  11. #11
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    ok ik had avg er weer op gezet. nu weer verwijderd en wacht met installeren tot je zegt dat hij er weer op kan. (ik ga nu even naar een feestje. Morgen verder. Merci tot dusver)

    hier is de log>>


    ComboFix 11-01-28.03 - janke 29-01-2011 17:10:21.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1254.7.1043.18.1023.709 [GMT 1:00]
    Running from: c:\documents and settings\janke\Bureaublad\ComboFix.exe
    Command switches used :: c:\documents and settings\janke\Bureaublad\CFScript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-28 10:37 . 2011-01-29 16:06 -------- d--h--r- c:\documents and settings\janke\Onlangs geopend
    2011-01-28 10:34 . 2011-01-28 10:35 -------- d-----w- c:\program files\CCleaner
    2011-01-27 21:37 . 2011-01-27 21:37 388096 ----a-r- c:\documents and settings\janke\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-27 21:37 . 2011-01-27 21:37 -------- d-----w- c:\program files\Trend Micro
    2011-01-27 09:14 . 2011-01-27 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-01-11 19:42 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-01-11 19:42 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-01-10 18:34 . 2011-01-10 18:34 -------- d-----w- c:\program files\W3i
    2011-01-10 18:34 . 2011-01-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
    2011-01-10 18:32 . 2011-01-10 18:32 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-01-06 21:55 . 2011-01-06 21:55 -------- d-----w- c:\program files\Common Files\Java
    2011-01-02 17:07 . 2011-01-02 17:13 -------- d-----w- C:\ezgamerx
    2011-01-02 17:05 . 2011-01-02 17:07 -------- d-----w- c:\documents and settings\janke\Local Settings\Application Data\ConduitEngine
    2011-01-02 17:05 . 2011-01-10 19:13 -------- d-----w- c:\program files\ConduitEngine

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-24 00:26 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-21 13:43 . 2010-12-21 13:43 1409 ----a-w- c:\windows\QTFont.for
    2010-12-20 17:09 . 2010-12-05 01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2010-12-05 01:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 18:45 . 2010-11-29 18:45 1513984 ----a-w- c:\documents and settings\janke\Application Data\MacroRecorder.exe
    2010-11-12 17:53 . 2010-05-13 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 15:34 . 2010-05-16 08:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-10 19:13 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
    2011-01-10 19:13 3913000 ----a-w- c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMes1.dll" [2011-01-10 3913000]

    [HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-05 328568]
    "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-11 6729728]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
    "nwiz"="nwiz.exe" [2005-05-11 1519616]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-11 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-05-13 155648]
    "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-24 274608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCMSMMSG"="BCMSMMSG.exe" [2002-05-16 65536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2010-5-18 106496]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    S2 gupdate1c9c1cd3331c148;Google Updateservice (gupdate1c9c1cd3331c148);c:\program files\Google\Update\GoogleUpdate.exe [20-4-2009 16:32 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 15:31]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 15:31]

    2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-375558186-2419212556-1931716929-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

    2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-375558186-2419212556-1931716929-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\janke\Application Data\Mozilla\Firefox\Profiles\6mk8fr6f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c88dd30&v=6.011.025.001&i=23&tp=ab&iy=&ychte=nl&lng=nl&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 17:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-375558186-2419212556-1931716929-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1140)
    c:\windows\system32\tabhook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\System32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\Tablet.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\BCMSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-29 17:23:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-29 16:23
    ComboFix2.txt 2011-01-29 14:38

    Pre-Run: 20.669.263.872 bytes beschikbaar
    Post-Run: 20.632.141.824 bytes beschikbaar

    - - End Of File - - 1735191189A6179848CB1675F7946A85


    En hier de HJ log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:27:53, on 29-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Messenger Plus Live Netherlands - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMes1.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŽn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updateservice (gupdate1c9c1cd3331c148) (gupdate1c9c1cd3331c148) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9465 bytes

  12. #12
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Hoi Paul,

    Logs zien er goed uit.

    We gaan opruimen.....

    Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

    ComboFix /Uninstall

    Zorg ervoor dat er dus een spatie is tussen Combofix en /
    Daarna klik je op Enter.


    Klik op de afbeelding om te vergroten....


    Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.


    Download OTC.exe (by OldTimer)
    • Plaats het bestand op je bureaublad.
    • Zorg dat er een internetverbinding is.
    • Vista / W7 Gebruikers :
      • Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
    • XP Gebruikers:
      • Dubbelklik op OTC
    • Klik nu op de knop "CleanUp!"
    • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
      mag je dit toestaan, het programma heeft die connectie nodig.
    • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.


    Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.


    1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

    2) Wis even je bestaande herstelpunten volgens deze procedure.

    [Hoe gaat het nu ?


    Emphyrio
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

  13. #13
    Schermafbeelding van paulT
    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Firewall
    Berichten
    17
    Zo, alles uitgevoerd. opgeschoond. AVG er weer op.Lege mappen van oude programma's weggegooid.
    temp files gewist. opnieuw opgestart. defragmentatie,opnieuw opgestart en ziet er nu weer goed uit.
    Bedankt voor het support en een rustig weekend.

  14. #14
    Schermafbeelding van Emphyrio



    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows 10 Home 64 bits
    Antivirus
    Bitdefender Free
    Firewall
    Windows Firewall
    Berichten
    16.029
    Blog Berichten
    26
    Graag gedaan, Paul
    Malware Research Engineer@Malwarebytes (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen
  •