Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Harry(O)
Hallo Huib
Combo fix gedraaid.
Daarbij kwam de melding van windows dat de "maximale registergrootte te klein is en dat deze vergroot dient te worden.
Dat zou ik wel willen maar ik weet niet hoe.
Kun jij me dat uitleggen?
Na de herstart kwam combofix met het logje en de mededeling nog geen programma te starten voor combofix klaar was.
Daar trok “TrayApp” zich niets van aan en starte toch de installatie.
Gelukkig kwam het logje toch nog.
Hartelijk dank dat je wil proberen om mijn pc weer normaal te laten functioneren.
Groetjes Harry 
ComboFix 09-01-05.02 - H. Ovink 05-01-2009 21:23:16.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1043.18.479.155
Gestart vanuit: c:\documents and settings\H. Ovink\Bureaublad\ComboFix.exe
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\H. Ovink\Favorieten\Videos.url
c:\windows\start.exe
c:\windows\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_PASSWORD
——-\Service_seneka
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))
.
2009-01-05 21:27 . 09-01-05 21:27 16,384 –a—-t- c:\windows\SYSTEM32\Perflib_Perfdata_250.dat
2009-01-04 13:43 . 09-01-04 13:43 d——– C:\$WIN_NT$.~BT
2009-01-04 13:30 . 09-01-04 23:01 556,486 —h—– c:\windows\ShellIconCache
2009-01-03 21:54 . 09-01-03 21:54 d——– c:\windows\All Users\Application Data\ESET
2008-12-31 16:48 . 08-12-31 16:48 d——– c:\program files\InfraRecorder
2008-12-31 16:48 . 08-12-31 16:49 d——– c:\documents and settings\H. Ovink\Application Data\InfraRecorder
2008-12-31 16:34 . 03-04-18 10:24 357,915 -ra—— C:\txtsetup.sif
2008-12-31 16:34 . 03-04-18 10:23 229,904 -ra—— C:\$LDR$
2008-12-30 21:30 . 08-12-30 21:30 82,944 –a—— c:\windows\SYSTEM32\bgl.exe
2008-12-30 21:11 . 08-12-30 21:10 416,800 –a—— c:\windows\SYSTEM32\msvcp60.dll
2008-12-29 19:51 . 08-12-29 19:51 d——– c:\program files\AC3Filter
2008-12-29 19:51 . 03-08-19 08:20 180,224 –a—— c:\windows\SYSTEM32\ac3filter.cpl
2008-12-28 20:39 . 08-12-28 20:39 d——– c:\documents and settings\H. Ovink\Application Data\vlc
2008-12-28 20:32 . 08-12-28 20:32 d——– c:\windows\All Users\Application Data\Winferno
2008-12-28 20:29 . 08-12-28 20:29 d——– c:\program files\VideoLAN
2008-12-28 20:28 . 08-12-28 20:28 d——– c:\program files\Free Offers from Freeze.com
2008-12-28 20:28 . 06-07-24 08:56 212,240 –a—— c:\windows\SYSTEM32\Richtx32.ocx
2008-12-28 20:26 . 08-12-28 20:26 d——– c:\program files\Smart-Shopper
2008-12-28 17:18 . 08-12-28 20:35 d——– c:\program files\AddRemove
2008-12-28 17:18 . 08-12-28 17:18 1 –a—— c:\windows\AR.DAT
2008-12-28 12:39 . 09-01-03 18:14 d——– c:\windows\All Users\Application Data\avg8
2008-12-28 12:39 . 08-12-28 12:39 d——– c:\program files\AVG
2008-12-22 21:12 . 08-12-22 21:10 512,096 –a—— c:\windows\SYSTEM32\DRIVERS\amon.sys
2008-12-22 21:12 . 08-12-22 21:10 298,104 –a—— c:\windows\SYSTEM32\imon.dll
2008-12-22 21:12 . 08-12-22 21:10 15,424 –a—— c:\windows\SYSTEM32\DRIVERS\nod32drv.sys
2008-12-20 20:59 . 08-12-20 20:59 d-a—— c:\program files\Trend Micro
2008-12-19 21:22 . 08-12-19 21:22 d-a—— c:\windows\All Users\Application Data\Malwarebytes
2008-12-19 21:22 . 08-12-19 21:22 d-a—— c:\program files\Malwarebytes' Anti-Malware
2008-12-19 21:22 . 08-12-19 21:22 d——– c:\documents and settings\H. Ovink\Application Data\Malwarebytes
2008-12-19 21:22 . 08-12-03 19:52 38,496 –a—— c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-19 21:22 . 08-12-03 19:52 15,504 –a—— c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-12-17 20:42 . 08-12-17 20:42 45 —h—– c:\windows\dsez5745.dat
2008-12-08 20:28 . 08-12-08 20:28 410,984 –a—— c:\windows\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 20:54 ——— d—–w c:\program files\ESET
2008-12-30 20:32 ——— d—a-w c:\windows\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 20:32 ——— d—–w c:\program files\Spybot - Search & Destroy
2008-12-30 17:40 ——— d—–w c:\program files\Common Files\Roxio Shared
2008-12-28 20:47 ——— d—–w c:\program files\Common Files\Adobe
2008-12-28 19:37 ——— d—–w c:\program files\DivX
2008-12-26 13:10 ——— d—a-w c:\windows\All Users\Application Data\TEMP
2008-12-20 17:02 ——— d—–w c:\program files\CleanUp!
2008-12-16 21:13 ——— d—–w c:\documents and settings\H. Ovink\Application Data\GrabIt
2008-12-08 19:28 ——— d—–w c:\program files\Java
2008-12-02 19:47 ——— d—–w c:\documents and settings\H. Ovink\Application Data\DivX
2008-11-23 20:53 ——— d—–w c:\program files\Common Files\Real
2008-11-21 20:44 ——— d—–w c:\program files\SmartFTP Client 2.0
2008-11-19 19:24 ——— d—–w c:\documents and settings\H. Ovink\Application Data\TransRender
2008-11-19 19:24 ——— d—–w c:\documents and settings\H. Ovink\Application Data\Temporary
2008-11-17 21:39 ——— d—–w c:\documents and settings\H. Ovink\Application Data\Image Zone Express
2006-10-08 19:04 22,085 —h–w c:\program files\folder.htt
2006-02-03 06:57 917,376 —-a-w c:\program files\Feb2006_MDX1_x86.cab
2006-02-03 06:57 41,892 —-a-w c:\program files\dxdllreg_x86.cab
2006-02-03 06:57 3,918,624 —-a-w c:\program files\Feb2006_MDX1_x86_Archive.cab
2006-02-03 06:57 179,247 —-a-w c:\program files\Feb2006_xact_x64.cab
2006-02-03 06:57 133,297 —-a-w c:\program files\Feb2006_xact_x86.cab
2006-02-03 06:57 1,363,684 —-a-w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 06:57 1,085,608 —-a-w c:\program files\Feb2006_d3dx9_29_x86.cab
2006-01-08 09:36 774,144 ——w c:\program files\RngInterstitial.dll
2008-09-19 21:55 479,232 —-a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-09-19 21:55 548,864 —-a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-09-19 21:55 626,688 —-a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{7D688A77-C613-11D0-999B-00C04FD655E1}”
06-07-13 08:10 2385680 –a—— c:\windows\system32\SHELL32.DLL
“internat.exe”=“internat.exe”
“Gene USB Monitor”=“c:\windows\system32\UMonit2k.exe”
“KPN”=“c:\program files\KPN\bin\sprtcmd.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“Synchronization Manager”=“mobsync.exe”
“internat.exe”=“internat.exe”
“^SetupICWDesktop”=“c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe”
c:\windows\All Users\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
“VIDC.VDOM”= vdowave.drv
“aux”= mmdrv.dll
“VIDC.ACDV”= ACDV.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer
–a—— 03-06-19 20:05 112400 c:\windows\SYSTEM32\mobsync.exe
“msnmsgr”=“c:\program files\MSN MESSENGER\MSNMSGR.EXE” /background
“smapp”=c:\program files\Analog Devices\SoundMAX\SMTray.exe
R1 epfwtdir;epfwtdir;c:\windows\SYSTEM32\DRIVERS\epfwtdir.sys
R1 nod32drv;nod32drv;c:\windows\SYSTEM32\DRIVERS\nod32drv.sys
R3 usbhub20;USB 2.0 Root Hub Support;c:\windows\SYSTEM32\DRIVERS\usbhub20.sys
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
R4 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\PPSIO2.SYS
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service\Common\Database\bin\fbserver.exe
S3 USTOR2K;Genesys USB Mass Storage Windows Driver;c:\windows\SYSTEM32\DRIVERS\ustor2k.sys
S3 viafilter;VIA USB Filter;c:\windows\SYSTEM32\DRIVERS\viausb.sys
S4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl –> c:\program files\CyberLink\PowerDVD\000.fcl
S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe
— Other Services/Drivers In Memory —
*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
Inhoud van de ‘Gedeelde Taken’ map
2009-01-03 c:\windows\Tasks\avast! Antivirus.job
- c:\progra~1\ALWILS~1\AVAST4\ASHAVAST.EXE
2009-01-05 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE
2009-01-05 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe
2009-01-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\SYMANTEC\LIVEUPDATE\NDETECT.EXE
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
LSP: c:\windows\system32\imon.dll
LSP: %SystemRoot%\system32\msafd.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
c:\windows\Downloaded Program Files\Internet Explorer Classes for Java.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\H. Ovink\Application Data\Mozilla\Firefox\Profiles\tumwuwtc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startpagina.nl
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 21:28:54
Windows 5.0.2195 Service Pack 4 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
“ImagePath”="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(196)
c:\windows\system32\wzcdlg.dll
c:\windows\system32\WZCSAPI.DLL
- - - - - - - > ‘lsass.exe’(236)
c:\windows\system32\imon.dll
.
Voltooingstijd: 2009-01-05 21:33:00 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-05 20:32:21
Pre-Run: 6.093.687.808 bytes beschikbaar
Post-Run: 6,143,808,512 bytes beschikbaar
199 — E O F — 2009-01-05 18:23:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:08, on 5-1-2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UMonit2k.exe
C:\Program Files\KPN\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\internat.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: C:\WINDOWS\system32\UMonit2k.exe
O4 - HKLM\..\Run: “C:\Program Files\KPN\bin\sprtcmd.exe” /P KPN
O4 - HKLM\..\Run: mobsync.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKCU\..\Run: internat.exe
O4 - HKUS\.DEFAULT\..\Run: internat.exe (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225021582343
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe
–
End of file - 5908 bytes
