computer slaat vast bij gebruik internet,openen mappen

buuf

27-04-2011 16:13

Hallo,
Mijn computer loopt constant vast bij het openen van mappen en bij gebruik van internet. Ik heb gescanned maar kan niets raars vinden misschien dat jullie het wel kunnen?? Ik hoop van wel want dat scheelt een hoop ergenis.
(AGSeiApp.exe deze is bewust)
Hier de gevraagde logjes:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:07, on 27-4-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ik\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\suzanneenchris\Mijn documenten\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\RunOnce: cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABCAFoANgAtAFEARQBNAEIAUgA“&”inst=NwA2AC0ANQAwADcANgA5ADQAMwA0ADEALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBOADEARAArADEALQBQAEwAKwA5AA“&”prod=54“&”ver=9.0.894
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
–
End of file - 6409 bytes
het andere logje volgt want mijn computer doet weer raar en ik kan niet in mijn bureaublad komen
buuf

27-04-2011 16:18

Hier het volgende logje:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6456
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27-4-2011 14:27:15
mbam-log-2011-04-27 (14-27-15).txt
Scantype: Snelle scan
Objecten gescand: 141854
Verstreken tijd: 4 minuut/minuten, 10 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 7
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 8
Bestanden geïnfecteerd: 41
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GOOGLEUPDATEBETA (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\acrobat update.job (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttondown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonhot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonnor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\bottomborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\leftborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\rightborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\titlepattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
Ben

27-04-2011 18:51

Hallo,
Doe deze stappen na goedkeuring van Fazantje,
Start HijackThis en klik op “scan” en vink de volgende regel aan:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll
Sluit alle vensters, behalve HijackThis en klik op fix checked .
herstart de computer en verwijderen deze map;
c:\progra~1\wi9130~1\datamngr\datamngr.dll
heb je zelf het programma Golden eye op je pc gezet?
zo nee verwijder het onder software.
Plaat daarna een nieuw logje van hijack this.
Ben
buuf

27-04-2011 20:06

Hallo,
Hier mijn nw logje en ja ik heb Golden eye er zelf opgezet zoals ik al had aangegeven.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:06, on 27-4-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ik\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Documents and Settings\suzanneenchris\Mijn documenten\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\RunOnce: cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABCAFoANgAtAFEARQBNAEIAUgA“&”inst=NwA2AC0ANQAwADcANgA5ADQAMwA0ADEALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBOADEARAArADEALQBQAEwAKwA5AA“&”prod=54“&”ver=9.0.894
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
–
End of file - 6234 bytes
Gr. Buuf
Ben

28-04-2011 16:45

hallo,
Hab al toestemming om de stappen uit te voeren gehad??
Welke opstart pagina gebruik je Bing of dutch.toggle of bijde??
Hoe staat het verder met je probleem??
Ben
buuf

28-04-2011 19:33

Hallo,
Wat bedoel je met een opstartprogramma??
Het probleem is er nog steeds hij blijft vast slaan zelfs als ik mijn dokumenten probeer te openen.
Ook krijg ik als ik windows heb opgestart eerst mijn bureaublad te zien en dan een zwart scherm en dan weer mijn bureaublad. Hij slaat ook soms vast als ik mijn wachtwoord heb in getoetst dan wil hij niet opstarten.
Groeten Buuf
Ben

28-04-2011 19:47

Hallo,
Dan stel ik combofix voor.
Download Combofix naar je Bureaublad:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje
Ben
buuf

28-04-2011 20:24

Hallo,
Hier de logjes van combofix en hijjack this
ComboFix 11-04-27.04 - suzanneenchris 28-04-2011 20:10:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.894.459
Gestart vanuit: c:\documents and settings\suzanneenchris\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\suzanneenchris\Application Data\.#
c:\documents and settings\suzanneenchris\Application Data\chrtmp
c:\documents and settings\suzanneenchris\Application Data\install
c:\documents and settings\suzanneenchris\WINDOWS
c:\windows\system32\_005335_.tmp.dll
c:\windows\system32\_005336_.tmp.dll
c:\windows\system32\_005337_.tmp.dll
c:\windows\system32\_005338_.tmp.dll
c:\windows\system32\_005345_.tmp.dll
c:\windows\system32\_005346_.tmp.dll
c:\windows\system32\_005347_.tmp.dll
c:\windows\system32\_005348_.tmp.dll
c:\windows\system32\_005350_.tmp.dll
c:\windows\system32\_005351_.tmp.dll
c:\windows\system32\_005354_.tmp.dll
c:\windows\system32\_005355_.tmp.dll
c:\windows\system32\_005357_.tmp.dll
c:\windows\system32\_005358_.tmp.dll
c:\windows\system32\_005359_.tmp.dll
c:\windows\system32\_005361_.tmp.dll
c:\windows\system32\_005364_.tmp.dll
c:\windows\system32\_005365_.tmp.dll
c:\windows\system32\_005369_.tmp.dll
c:\windows\system32\_005370_.tmp.dll
c:\windows\system32\_005372_.tmp.dll
c:\windows\system32\_005375_.tmp.dll
c:\windows\system32\_005377_.tmp.dll
c:\windows\system32\_005378_.tmp.dll
c:\windows\system32\_005379_.tmp.dll
c:\windows\system32\_005380_.tmp.dll
c:\windows\system32\_005381_.tmp.dll
c:\windows\system32\_005384_.tmp.dll
c:\windows\system32\_005385_.tmp.dll
c:\windows\system32\_005386_.tmp.dll
c:\windows\system32\_005387_.tmp.dll
c:\windows\system32\_005388_.tmp.dll
c:\windows\system32\_005393_.tmp.dll
c:\windows\system32\_005395_.tmp.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_SSHNAS
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))
.
.
2011-04-28 18:16 . 2011-04-28 18:16 28752 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CD18451-AE81-42AD-88A6-51A10430A0B3}\MpKsl9ef72f82.sys
2011-04-27 17:27 . 2011-04-28 16:57 ——– d–h–r- c:\documents and settings\suzanneenchris\Onlangs geopend
2011-04-27 12:19 . 2011-04-27 12:19 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Malwarebytes
2011-04-27 12:19 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 12:19 . 2011-04-27 12:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-27 12:19 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 12:19 . 2011-04-27 12:19 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 09:39 . 2011-04-28 15:15 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\uTorrent
2011-04-25 21:02 . 2011-04-25 21:02 ——– d—–w- c:\documents and settings\suzanneenchris\Local Settings\Application Data\Astar Games
2011-04-22 07:15 . 2011-04-26 10:52 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Trio
2011-04-21 20:04 . 2011-04-21 20:18 ——– d—–w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-04-21 20:03 . 2011-04-21 20:18 ——– d—–w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2011-04-17 17:56 . 2011-04-17 17:56 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\HillStoneAnimationStudios
2011-04-15 20:01 . 2011-04-15 20:01 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\margrave3_full
2011-04-13 10:47 . 2011-04-11 07:04 7071056 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-11 15:20 . 2010-10-19 20:51 222080 ——w- c:\windows\system32\MpSigStub.exe
2011-04-11 15:15 . 2011-04-11 15:15 ——– d—–w- c:\program files\Microsoft Security Client
2011-04-10 18:54 . 2011-04-10 18:54 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Avant Profiles
2011-04-10 18:54 . 2011-04-10 18:54 ——– d—–w- c:\program files\Avant Browser
2011-04-09 18:59 . 2010-08-16 13:31 725064 —-a-w- c:\windows\system32\pwNative.exe
2011-04-09 18:59 . 2010-08-16 13:31 16472 ——w- c:\windows\system32\pwdrvio.sys
2011-04-09 18:59 . 2010-08-16 13:31 11104 ——w- c:\windows\system32\pwdspio.sys
2011-04-08 19:21 . 2011-04-08 19:21 84718440 —-a-w- c:\program files\Common Files\Windows Live\.cache\wlc20.tmp
2011-04-06 13:52 . 2009-05-18 11:17 26600 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-06 13:52 . 2008-04-17 10:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
2011-04-06 13:52 . 2011-04-06 13:52 ——– d—–w- c:\program files\iPod
2011-04-06 13:44 . 2011-04-10 18:47 ——– d—–w- c:\program files\Common Files\Apple
2011-04-01 15:22 . 2009-10-19 14:29 307200 —-a-w- c:\windows\system32\CNC350L.dll
2011-04-01 15:22 . 2009-10-05 16:09 1310720 —-a-w- c:\windows\system32\CNC350C.dll
2011-04-01 15:22 . 2009-10-05 16:08 110592 —-a-w- c:\windows\system32\CNC350I.dll
2011-04-01 15:22 . 2009-10-05 16:05 102400 —-a-w- c:\windows\system32\CNC350U.dll
2011-04-01 15:22 . 2008-08-25 16:02 15872 —-a-w- c:\windows\system32\CNHMCA.dll
2011-04-01 15:12 . 2011-04-01 15:12 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-04-01 14:40 . 2011-04-01 14:40 ——– d—–w- c:\program files\Common Files\CANON
2011-04-01 14:38 . 2011-04-01 14:38 ——– d—–w- c:\documents and settings\All Users\Application Data\CanonIJSetup001
2011-04-01 14:35 . 2010-06-03 13:12 94208 —-a-w- c:\windows\system32\CNC350O.dll
2011-04-01 14:35 . 2009-09-10 07:00 179200 —-a-w- c:\windows\system32\CNMIUA6.DLL
2011-04-01 14:35 . 2011-04-01 14:35 ——– d—–w- c:\windows\system32\STRING
2011-04-01 14:35 . 2009-10-09 06:01 137216 —-a-w- c:\windows\system32\CNMNPUI.DLL
2011-04-01 14:35 . 2009-10-09 06:01 354816 —-a-w- c:\windows\system32\CNMNPPM.DLL
2011-04-01 14:35 . 2011-04-01 14:35 ——– d—–w- c:\windows\system32\CHM
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:29 . 2011-02-23 14:29 27632 —-a-w- c:\windows\system32\drivers\seehcri.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“nwiz”=“nwiz.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“A8GSdsApp”=“e:\ik\A8GSdsApp\AGSeiApp.exe”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”
“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
.
“AvgUninstallURL”=“start http:”
.
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
.
@=“Service”
.
@=“Driver”
.
2011-03-07 13:33 421160 —-a-w- e:\i\iTunesHelper.exe
.
2011-02-28 14:15 427008 —-a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“e:\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“e:\\i\\iTunes.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\utorrent\\uTorrent.exe”=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 MpKsl9ef72f82;MpKsl9ef72f82;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CD18451-AE81-42AD-88A6-51A10430A0B3}\MpKsl9ef72f82.sys
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys
S1 MpKsl61b158b7;MpKsl61b158b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D86F75DC-FC7A-4318-8711-A1B5BEC04F06}\MpKsl61b158b7.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D86F75DC-FC7A-4318-8711-A1B5BEC04F06}\MpKsl61b158b7.sys
S1 MpKsl6205d0d5;MpKsl6205d0d5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsl6205d0d5.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsl6205d0d5.sys
S1 MpKsl6a68ed37;MpKsl6a68ed37;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11566764-CB51-4321-A862-76B9D4CE0E33}\MpKsl6a68ed37.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11566764-CB51-4321-A862-76B9D4CE0E33}\MpKsl6a68ed37.sys
S1 MpKsl793513a7;MpKsl793513a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsl793513a7.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsl793513a7.sys
S1 MpKsl7c051337;MpKsl7c051337;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8514159-94E4-4567-B0DE-BAF5855DC3BB}\MpKsl7c051337.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8514159-94E4-4567-B0DE-BAF5855DC3BB}\MpKsl7c051337.sys
S1 MpKsl8f2f202e;MpKsl8f2f202e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6733A53-5250-496F-B14E-BEB82EC8E536}\MpKsl8f2f202e.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6733A53-5250-496F-B14E-BEB82EC8E536}\MpKsl8f2f202e.sys
S1 MpKsl9771fe22;MpKsl9771fe22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C53A449-7206-46C9-BE51-9E3BF2AB9FEC}\MpKsl9771fe22.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C53A449-7206-46C9-BE51-9E3BF2AB9FEC}\MpKsl9771fe22.sys
S1 MpKsl989a7047;MpKsl989a7047;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6733A53-5250-496F-B14E-BEB82EC8E536}\MpKsl989a7047.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6733A53-5250-496F-B14E-BEB82EC8E536}\MpKsl989a7047.sys
S1 MpKslaac1b772;MpKslaac1b772;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKslaac1b772.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKslaac1b772.sys
S1 MpKslbbd0e9d9;MpKslbbd0e9d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A47E65FD-4C18-42A8-9058-4DFDB5E73C2A}\MpKslbbd0e9d9.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A47E65FD-4C18-42A8-9058-4DFDB5E73C2A}\MpKslbbd0e9d9.sys
S1 MpKsld891239e;MpKsld891239e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsld891239e.sys –> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{401F4477-F002-4D1C-9784-B2E3731F7702}\MpKsld891239e.sys
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys –> c:\program files\VMLaunch\BuddyVM.sys
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - MPKSL9EF72F82
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{33FC4C53-B05F-4A01-BB75-92ECC69D5A92}.job
- c:\windows\system32\msfeedssync.exe
.
2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{BA22967F-1414-42CD-B789-3DDD77ACE2E3}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AlcoholAutomount - e:\alcohol 120\axcmd.exe
AddRemove-Action Man Destruction X - e:\Uninst.isu
AddRemove-AsKlaver - e:\downloads\spel\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(540)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Voltooingstijd: 2011-04-28 20:21:06 - machine werd herstart
ComboFix-quarantined-files.txt 2011-04-28 18:21
.
Pre-Run: 41.211.691.008 bytes beschikbaar
Post-Run: 41.073.258.496 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
.
- - End Of File - - 19F913A2AA5F2D9FF1FBEA79B326CC83
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:25, on 28-4-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ik\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Documents and Settings\suzanneenchris\Mijn documenten\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\RunOnce: cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABCAFoANgAtAFEARQBNAEIAUgA“&”inst=NwA2AC0ANQAwADcANgA5ADQAMwA0ADEALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBOADEARAArADEALQBQAEwAKwA5AA“&”prod=54“&”ver=9.0.894
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
–
End of file - 5729 bytes
Groetjes Buuf
Ben

28-04-2011 21:33

hallo,
hoe staat het nu met je problemen??
Ben
buuf

29-04-2011 14:20

Hallo,
De problemen zijn er nog steeds. Als ik de map mijn dokumenten afsluit slaat hij ook vast. Ik snap er niks meer van.
Groeten Buuf

computer slaat vast bij gebruik internet,openen mappen

buuf

buuf

Ben

buuf

Ben

buuf

Ben

buuf

Ben

buuf