opstarten langsaam

harger

13-01-2009 22:25

Wil iemand dit logje nakijken ivm de laatste tijd opstarten. Heb alles gedaan wat word gevraagt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:42, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: Ati2mdxx.exe
O4 - HKLM\..\Run: “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM\..\Run: C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: geBsrRhe - geBsrRhe.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
–
End of file - 6217 bytes
harger

14-01-2009 15:54

Malwarebytes' Anti-Malware 1.32
Database versie: 1648
Windows 5.1.2600 Service Pack 3
13-1-2009 21:54:56
mbam-log-2009-01-13 (21-54-56).txt
Scan type: Volledige Scan (C:\|)
Objecten gescand: 86257
Verstreken tijd: 1 hour(s), 16 minute(s), 24 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Sorry deze moest er nog bij.
b.v.d. harger
Argus

14-01-2009 19:16

Sluit alle vensters en start Hijack This
Klik: Do a Systemscan only
Zet een hekje in het hokje voor:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} –
O20 - Winlogon Notify: geBsrRhe - geBsrRhe.dll (file missing)
klik: Fix checked
Combofix
Download Combofix naar je Bureaublad.
Dubbelklik Combofix.exe
Volg de instructies, accepteer de disclaimer door 1 (continue) te typen gevolgd door een ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien tijdens tijdens het gebruik van Combofix een melding komt van je Antivirus- of een andere realtime scanner, schakel deze scanner dan uit en download Combofix opnieuw. Sommige scanners zien onderdelen die Combofix gebruikt als verdacht en kunnen deze blokkeren of verwijderen! Hierdoor kan combofix niet naar behoren functioneren.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post
harger

14-01-2009 22:01

ComboFix 09-01-13.04 - gerda 2009-01-14 21:50:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.168
Gestart vanuit: c:\documents and settings\gerda\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1296 *On-access scanning disabled* (Outdated)
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))
.
2009-01-14 17:32 . 2009-01-14 17:32 d——– c:\documents and settings\harry\Application Data\OpenOffice.org
2009-01-12 22:50 . 2009-01-12 22:51 dr-h—– c:\documents and settings\gerda\Onlangs geopend
2009-01-12 22:47 . 2009-01-12 22:47 d——– c:\program files\Comodo
2009-01-12 22:47 . 2009-01-14 21:26 d——– c:\documents and settings\All Users\Application Data\BOC427
2009-01-12 22:47 . 2008-07-14 05:09 212,728 –a—— c:\windows\CMDLIC.DLL
2009-01-12 22:47 . 2008-07-14 05:09 205,560 –a—— c:\windows\UNBOC.EXE
2009-01-12 22:47 . 2008-04-14 18:02 24,576 –a—— c:\windows\system32\wsock32.dlb
2009-01-12 22:47 . 2009-01-14 21:46 8,418 –a—— c:\windows\BOC427.INI
2009-01-12 21:37 . 2009-01-12 21:37 d——– c:\documents and settings\gerda\Application Data\OpenOffice.org
2009-01-12 21:31 . 2009-01-12 21:31 d——– c:\program files\OpenOffice.org 3
2009-01-06 22:17 . 2009-01-06 22:17 dr-h—– c:\documents and settings\harry\Onlangs geopend
2009-01-04 21:07 . 2009-01-04 21:07 10 –a—— c:\windows\WININIT.INI
2009-01-04 14:16 . 2009-01-13 19:05 d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 20:58 . 2008-07-15 11:48 208,896 –a—— c:\windows\system32\ConTest.dll
2008-12-16 22:44 . 2008-12-16 22:44 2,560 –a—— c:\windows\_MSRSTRT.EXE
2008-12-16 21:11 . 2008-12-16 22:45 d——– c:\program files\Common Files\Stardock
2008-12-14 16:21 . 2001-08-17 22:07 56,960 –a–c— c:\windows\system32\dllcache\aic78xx.sys
2008-12-14 16:21 . 2001-08-17 22:07 55,168 –a–c— c:\windows\system32\dllcache\aic78u2.sys
2008-12-14 16:21 . 2001-08-17 20:11 27,678 –a–c— c:\windows\system32\dllcache\ali5261.sys
2008-12-14 16:21 . 2001-08-17 21:49 26,624 –a–c— c:\windows\system32\dllcache\alifir.sys
2008-12-14 16:21 . 2001-09-06 21:27 24,576 –a–c— c:\windows\system32\dllcache\agcgauge.ax
2008-12-14 16:21 . 2001-08-17 20:11 16,969 –a–c— c:\windows\system32\dllcache\amb8002.sys
2008-12-14 16:21 . 2001-08-17 21:52 12,800 –a–c— c:\windows\system32\dllcache\aha154x.sys
2008-12-14 16:21 . 2001-08-17 21:52 12,032 –a–c— c:\windows\system32\dllcache\amsint.sys
2008-12-14 16:21 . 2001-08-17 21:51 5,248 –a–c— c:\windows\system32\dllcache\aliide.sys
2008-12-14 16:13 . 2001-09-06 21:26 66,048 –a–c— c:\windows\system32\dllcache\s3legacy.dll
2008-12-14 15:58 . 2008-12-14 16:06 d——– c:\documents and settings\gerda\Application Data\GlarySoft
2008-12-14 15:54 . 2008-12-14 15:54 d——– c:\program files\Glary Utilities
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:20 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:06 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-04 19:57 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-01-04 17:59 ——— d—–w c:\documents and settings\gerda\Application Data\AutoSizer
2009-01-04 17:38 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 13:20 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-04 12:29 ——— d—–w c:\program files\Common Files\Adobe
2008-12-29 21:40 ——— d—–w c:\documents and settings\gerda\Application Data\LimeWirePlus
2008-12-24 22:17 ——— d—–w c:\program files\Auslogics
2008-12-22 21:16 ——— d—–w c:\program files\CCleaner
2008-12-14 19:15 ——— d—–w c:\documents and settings\harry\Application Data\SPAMfighter
2008-12-14 15:09 ——— d—–w c:\program files\LimeWire Plus
2008-12-14 15:09 ——— d—–w c:\program files\CDBurnerXP
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-12-10 20:38 ——— d—–w c:\documents and settings\harry\Application Data\aignes
2008-12-03 19:49 ——— d—–w c:\program files\Java
2008-12-03 19:42 ——— d—–w c:\program files\Common Files\Adobe AIR
2008-12-01 20:12 ——— d—–w c:\program files\Windows Live
2008-12-01 20:11 ——— d—–w c:\program files\Microsoft SQL Server Compact Edition
2008-12-01 20:08 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
2008-12-01 20:06 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-25 19:50 ——— d—–w c:\program files\Secunia
2008-11-23 22:33 ——— d—–w c:\documents and settings\gerda\Application Data\skypePM
2008-11-23 18:11 ——— d—–w c:\documents and settings\harry\Application Data\Malwarebytes
2008-11-23 16:08 ——— d—–w c:\program files\AutoSizer
2008-11-19 16:00 ——— d—–w c:\documents and settings\harry\Application Data\AutoSizer
2008-11-18 13:36 7,808 —-a-w c:\windows\system32\drivers\psi_mf.sys
2008-11-15 13:08 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-15 13:07 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2008-11-14 22:33 ——— d—–w c:\program files\Lavasoft
2008-11-14 21:22 ——— d—–w c:\documents and settings\gerda\Application Data\Lavasoft
2008-11-14 20:48 ——— d—–w c:\program files\ESET
2008-11-14 17:04 ——— d—–w c:\program files\JEDISware
2008-11-13 21:16 164 —-a-w C:\install.dat
2008-11-11 21:59 7,726 —-a-w C:\idsuite_run.bat
2008-11-10 04:43 410,984 -c–a-w c:\windows\system32\deploytk.dll
2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 -c–a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 -c–a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 -c–a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 -c–a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 -c–a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 -c–a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c–a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 -c–a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 -c–a-w c:\windows\system32\muweb.dll
2008-02-06 21:26 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-30 19:51 39,959 -c–a-w c:\documents and settings\gerda\Application Data\mdb.bin
2008-06-20 20:02 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008062020080621\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-14_21.34.09,74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 20:46:34 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_5b4.dat
+ 2009-01-14 20:46:06 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_654.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe”
“BOC-427”=“c:\progra~1\Comodo\CBOClean\BOC427.exe”
“ATIModeChange”=“Ati2mdxx.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\gerda\Menu Start\Programma's\Opstarten\
OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe
–a—— 2008-11-23 17:08 131072 c:\program files\AutoSizer\AutoSizer.exe
–a—— 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\LimeWire Plus\\LimeWire.exe”=
“c:\\Program Files\\Hyves Kwekker\\HyvesDesktop_2.exe”=
“c:\\Program Files\\MSN Messenger\\msnmsgr.exe”=
“c:\\Program Files\\MSN Messenger\\livecall.exe”=
“c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe”=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe
.
Inhoud van de ‘Gedeelde Taken’ map
2009-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe
2009-01-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe
2009-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe
2009-01-14 c:\windows\Tasks\User_Feed_Synchronization-{3AF4E9EB-2A03-402B-B372-C4540BF8BFF7}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Connection Wizard,ShellNext = iexplore
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 21:54:10
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-01-14 21:57:15
ComboFix-quarantined-files.txt 2009-01-14 20:57:10
ComboFix2.txt 2009-01-14 20:36:13
Pre-Run: 108.428.804.096 bytes beschikbaar
Post-Run: 108,417,802,240 bytes beschikbaar
177 — E O F — 2009-01-13 13:11:03
ben benieuwd alvast bedankt
Argus

14-01-2009 23:08

Van een Infectie is niets te herkennen
Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Dit zal combofix deïnstalleren.
harger

15-01-2009 21:38

Hij is niet echt sneller geworden met opstarten. Dat langzame doet hij sinds een goede anderhalve maand.
In iedergeval zitten er geen ongenode gasten op mijn computer.
Heel erg bedankt voor de aandacht.
gr. gerda
huib

15-01-2009 22:23

Hoi Harger,
Heb je het schoonmaakplan ook al eens uitgevoerd:?
http://www.virushelp.nl/onderhoud.htm
Aangevuld met Ccleaner en Clean up:
http://www.wurksjops.nl/ccleaner/
Let wel op bij het installeren van Ccleaner dat je het vinkje weg haalt voor het installeren van de Yahoo toolbar.
http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=72
Ccleaner en Clean up kun je dagelijk voordat je gaat afsluiten laten draaien.
De 1e x dat je deze draait zal het een ietsie pietsie langer duren, maar verder neemt het niet meer tijd in beslag dan zon 2 minuutjes.
Succes,
Huib:)
harger

16-01-2009 23:14

Dank je voor het meedenken Huib, heb clean up gedownload en laten lopen haalde wel een hoop weg. Maar nu had ik bij het opstarten een zwart beeld (even) waar onder andere op staat “Windows recovery console” enzo niet echt storend hoor hij starte gewoon op via windows, maar toch heb ik die cleanup er maar weer afgegooid en dat maakt dus niets uit hij start hetzelfde op met dat zwarte scherm! Ccleaner had ik sowieso al op de computer staan. En ik had het opschoonmaakplan allemaal gedaan/gehad.
Ik wist trouwens niet dat die cleanup alleen geld voor de account die hem heeft gedownload en de andere 2 dus apart moest downloaden.
Ben geen expert maar lees veel mee en daar leer ik wel een hoop van.
bedankt in ieder geval.
huib

17-01-2009 00:07

Hoi Harger,
Er zijn dus meerdere accounts op die computer.
Graag dan ook van de andere accounts een HijackThis logje;)
Groetjes Huib:)
harger

17-01-2009 22:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:28, on 17-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: Ati2mdxx.exe
O4 - HKLM\..\Run: C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-602162358-813497703-1343024091-1004\..\Run: C:\WINDOWS\system32\ctfmon.exe (User ‘gerda’)
O4 - HKUS\S-1-5-21-602162358-813497703-1343024091-1005\..\Run: C:\WINDOWS\system32\ctfmon.exe (User ‘harry’)
O4 - HKUS\S-1-5-21-602162358-813497703-1343024091-1005\..\Run: “C:\Program Files\AutoSizer\AutoSizer.exe” (User ‘harry’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - S-1-5-21-602162358-813497703-1343024091-1004 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User ‘gerda’)
O4 - S-1-5-21-602162358-813497703-1343024091-1004 User Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User ‘gerda’)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
–
End of file - 6047 bytes

opstarten langsaam

harger

harger

Argus

harger

Argus

harger

huib

harger

huib

harger