Pc erg traag bij opstarten - Nationaal Computer Forum

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	Pc erg traag bij opstarten - Nationaal Computer Forum De laatste tijd is mijn PC wel heeeel traag bij het opstarten. Ik heb het gevoel dat er allerlei programma's? Worden opgestart waar ik niet om vraag. Hierbij mijn Hijack log. Trend Micro HijackThis v2.0.2 Scan saved at 13:22:49, on 13-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: c:\windows\system32\ smss.exe c:\windows\system32\ csrss.exe c:\windows\system32\ winlogon.exe c:\windows\system32\ services.exe c:\windows\system32\ lsass.exe c:\windows\system32\ svchost.exe c:\windows\system32\ svchost.exe c:\program files\windows defender\ msmpeng.exe c:\windows\system32\ svchost.exe c:\windows\system32\ svchost.exe c:\windows\system32\ svchost.exe c:\windows\system32\ spoolsv.exe c:\windows\ explorer.exe c:\progra~1\avg\avg8\ avgwdsvc.exe c:\windows\system32\ svchost.exe c:\windows\system32\ ctsvccda.exe c:\windows\ehome\ ehrecvr.exe c:\windows\ehome\ ehsched.exe c:\windows\system32\ svchost.exe c:\program files\java\jre6\bin\ jqs.exe c:\windows\system32\ svchost.exe c:\windows\system32\ svchost.exe c:\windows\ehome\ mcrdsvc.exe c:\progra~1\avg\avg8\ avgrsx.exe c:\program files\windows media player\ wmpnetwk.exe c:\program files\java\jre6\bin\ jusched.exe c:\program files\nokia\nokia pc suite 6\ launchapplication.exe c:\program files\common files\pcsuite\datalayer\ datalayer.exe c:\program files\quicktime\ qttask.exe c:\windows\system32\ rundll32.exe c:\program files\windows defender\ msascui.exe c:\progra~1\avg\avg8\ avgtray.exe c:\windows\ startupmonitor.exe c:\program files\creative\mediasource\detector\ ctdetect.exe c:\windows\system32\ ctfmon.exe c:\program files\dell support\ dsagnt.exe c:\program files\windows media player\ wmpnscfg.exe c:\progra~1\common~1\pcsuite\services\ servic~1.exe c:\program files\hitman pro\ srhelper.exe c:\program files\intervideo\common\bin\ wincinemamgr.exe c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtmng.exe c:\program files\logitech\setpoint\ setpoint.exe c:\windows\system32\ alg.exe c:\windows\system32\ dllhost.exe c:\windows\system32\wbem\ wmiprvse.exe c:\program files\toshiba\bluetooth toshiba stack\ tosa2dp.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbthsp.exe c:\program files\common files\logishrd\khal2\ khalmnpr.exe c:\program files\toshiba\bluetooth toshiba stack\ tosavrc.exe c:\program files\toshiba\bluetooth toshiba stack\ tosobex.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtproc.exe c:\program files\microsoft office\office11\ winword.exe c:\program files\lavasoft\ad-aware\ aawservice.exe c:\windows\system32\wbem\ unsecapp.exe c:\program files\lavasoft\ad-aware\ aawtray.exe c:\program files\internet explorer\ iexplore.exe c:\program files\trend micro\hijackthis\ hijackthis.exe c:\windows\system32\wbem\ wmiprvse.exe ,start page = http://www.google.nl/ //go.microsoft.com/fwlink/?linkid=69157 r0 - hkcu\software\microsoft\internet explorer\toolbar ,linksfoldername = koppelingen o2 - bho : (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file) o2 - bho : adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\ acroiehelper.dll o2 - bho : wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\ avgssie.dll o2 - bho : driveletteraccess - {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\ dlashx_w.dll o2 - bho : canon easy web print helper - {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\ ewpbrowseloader.dll o2 - bho : java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ ssv.dll o2 - bho : windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\ jp2ssv.dll o2 - bho : jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\ jqs_plugin.dll o3 - toolbar : (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file) o3 - toolbar : easy-webprint - {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\ toolband.dll o4 - hklm\..\run : [pinnacledrivercheck] c:\windows\system32\\ psdrvcheck.exe o4 - hklm\..\run : [isuspm startup] c:\program files\common files\installshield\updateservice\ isuspm.exe -startup o4 - hklm\..\run : [sunjavaupdatesched] c:\program files\java\jre6\bin\ jusched.exe o4 - hklm\..\run : [cleanregpath] c:\progra~1\adslmo~1\ cleanreg.exe o4 - hklm\..\run : [pcsuitetrayapplication] c:\program files\nokia\nokia pc suite 6\ launchapplication.exe -onlytray o4 - hklm\..\run : [datalayer] c:\program files\common files\pcsuite\datalayer\ datalayer.exe o4 - hklm\..\run : [kernel and hardware abstraction layer] khalmnpr.exe o4 - hklm\..\run : [wtask] c:\windows\media\ ltaskup.exe o4 - hklm\..\run : [quicktime task] c:\program files\quicktime\ qttask.exe -atboottime o4 - hklm\..\run : [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent o4 - hklm\..\run : [windows defender] c:\program files\windows defender\ msascui.exe -hide o4 - hklm\..\run : [avg8_tray] c:\progra~1\avg\avg8\ avgtray.exe o4 - hklm\..\run : [incd] i:\nero\incd\ incd.exe o4 - hklm\..\run : [run startupmonitor] startupmonitor.exe o4 - hklm\..\run : [ad-watch] c:\program files\lavasoft\ad-aware\ aawtray.exe o4 - hkcu\..\run : [setdefaultmidi] mididef.exe o4 - hkcu\..\run : [creative detector] c:\program files\creative\mediasource\detector\ ctdetect.exe /r o4 - hkcu\..\run : [ctfmon.exe] c:\windows\system32\ ctfmon.exe o4 - hkcu\..\run : [dellsupport] c:\program files\dell support\ dsagnt.exe /startup o4 - hkcu\..\run : [ldm] c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe o4 - hkcu\..\run : [msnmsgr] c:\program files\hitman pro\ surfright.exe "\msnmsgr.exe" /background o4 - hkcu\..\run : [wmpnscfg] c:\program files\windows media player\ wmpnscfg.exe o4 - hkus\s-1-5-19\..\run : [ctfmon.exe] c:\windows\system32\ ctfmon.exe (user 'lokale service') o4 - hkus\s-1-5-20\..\run : [ctfmon.exe] c:\windows\system32\ ctfmon.exe (user 'netwerkservice') o4 - hkus\s-1-5-18\..\run : [ctfmon.exe] c:\windows\system32\ ctfmon.exe (user 'system') o4 - hkus\.default\..\run : [ctfmon.exe] c:\windows\system32\ ctfmon.exe (user 'default user') o4 - global startup : adobe reader speed launch.lnk = c:\program files\adobe\acrobat 7.0\reader\ reader_sl.exe o4 - global startup : bluetooth manager.lnk = ? o4 - global startup : intervideo wincinema manager.lnk = c:\program files\intervideo\common\bin\ wincinemamgr.exe o4 - global startup : logitech desktop messenger.lnk = c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe o4 - global startup : logitech setpoint.lnk = c:\program files\logitech\setpoint\ setpoint.exe c:\progra~1\micros~3\office11\ excel.exe /3000 o8 - extra context menu item : easy-webprint afdrukken - res:// c:\program files\canon\easy-webprint\ toolband.dll /rc_print.html o8 - extra context menu item : easy-webprint afdrukvoorbeeld - res:// c:\program files\canon\easy-webprint\ toolband.dll /rc_preview.html o8 - extra context menu item : easy-webprint toevoegen aan afdruklijst - res:// c:\program files\canon\easy-webprint\ toolband.dll /rc_addtolist.html o8 - extra context menu item : easy-webprint versneld afdrukken - res:// c:\program files\canon\easy-webprint\ toolband.dll /rc_hsprint.html o8 - extra context menu item : verzenden naar &bluetooth - c:\program files\conceptronic\bluetooth software\ btsendto_ie_ctx.htm o8 - extra context menu item : zoeken op ebay - res:// c:\program files\ebay\ebay toolbar2\ ebaytb.dll /rcsearch.html o9 - extra button : (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file) o9 - extra button : onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~3\office11\ refiebar.dll o9 - extra button : @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\conceptronic\bluetooth software\ btsendto_ie.htm (file missing) o9 - extra 'tools' menuitem : @btrez.dll,-4017 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\conceptronic\bluetooth software\ btsendto_ie.htm (file missing) o9 - extra button : (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\ xpnetdiag.exe o9 - extra 'tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\ xpnetdiag.exe o9 - extra button : messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\ msmsgs.exe o9 - extra 'tools' menuitem : windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\ msmsgs.exe o16 - dpf : {01a88bb1-1174-41ec-accb-963509eae56b} (sysprowmi class) - http://support.euro.dell.com/systemprofiler/syspro.cab o16 - dpf : {08bcd971-a13b-4d6e-a2a5-e9b2324fc00d} (clientexe class) - http://europe.samsungportal.com/ep/web/common/cabfiles/cm_clientexe.cab o16 - dpf : {193c772a-87be-4b19-a7bb-445b226fe9a1} (ewidoonlinescan control) - http://downloads.ewido.net/ewidoonlinescan.cab o16 - dpf : {493acf15-5cd9-4474-82a6-91670c3dd66e} (linkedin contactfindercontrol) - http://www.linkedin.com/cab/linkedincontactfindercontrol.cab o16 - dpf : {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - http://duijndic.spaces.live.com//photoupload/msnpupld.cab o16 - dpf : {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab o16 - dpf : {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1221896450296 o16 - dpf : {9d67ebf0-af1a-4bce-bac9-c84a9383e0b3} (ssocheck class) - http://europe.samsungportal.com/ep/web/common/cabfiles/unissocheck.cab o16 - dpf : {c4d88b8e-352b-11d6-bf77-0080c740a177} (setup class) - http://europe.samsungportal.com/ep/web/common/cabfiles/activexsetup.cab o16 - dpf : {d83c1bd1-dcbb-11d4-9425-0050bf33fa6e} (cycloscopelite control) - http://www.cyclomedia.nl/download/components/cycloscopelite.cab o18 - protocol : bwfile-8876480 - {9462a756-7b47-47bc-8c80-c34b9b80b32b} - c:\program files\logitech\desktop messenger\8876480\program\ gaplugprotocol-8876480.dll o18 - protocol : linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\ avgpp.dll o20 - winlogon notify : avgrsstarter - c:\windows\system32\ avgrsstx.dll o23 - service : avg free8 watchdog (avg8wd) - avg technologies cz, s.r.o. - c:\progra~1\avg\avg8\ avgwdsvc.exe o23 - service : bluetooth service (btwdins) - unknown owner - c:\program files\conceptronic\bluetooth software\bin\ btwdins.exe (file missing) o23 - service : creative labs licensing service - creative labs - c:\program files\common files\creative labs shared\service\ creativelicensing.exe o23 - service : creative service for cdrom access - creative technology ltd - c:\windows\system32\ ctsvccda.exe o23 - service : installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\ idrivert.exe o23 - service : java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\ jqs.exe o23 - service : lavasoft ad-aware service - lavasoft - c:\program files\lavasoft\ad-aware\ aawservice.exe o23 - service : logitech bluetooth service (lbtserv) - logitech, inc. - c:\program files\common files\logitech\bluetooth\ lbtserv.exe o23 - service : intel ncs netservice (netsvc) - intel(r) corporation - c:\program files\intel\prosetwired\ncs\sync\ netsvc.exe o23 - service : pc tools auxiliary service (sdauxservice) - pc tools - c:\program files\spyware doctor\ pctsauxs.exe o23 - service : pc tools security service (sdcoreservice) - pc tools - c:\program files\spyware doctor\ pctssvc.exe o24 - desktop component 0 : (no name) - file:///c:/docume~1/dickdu~1/locals~1/temp/msohtml1/01/clip_image001.jpg -- end of file - 12695 bytes


	Hallo Dick, je hebt o.a. Een besmetting in je systeem, doe daarom eerst de volgende stappen: 1) download, installeer en ga >MBAM< Gebruiken. Na de installatie wil MBAM< Zijn database opwaarderen toestaan dus. Ook bij herhaald gebruik: eerst de tab >Update< Aandoen! http://www.idealsoftware.nl/MBAM/ Start MBAM< En kies voor >Snelle Scan< Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik dan op de knop >OK< , daarna op de knop >Bekijk Resultaten< Om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: >Verwijder geselecteerde< . Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. De log wordt automatisch bewaard door MBAM< En dat kan je terugvinden door op de tab >Logs< Te klikken in MBAM< . Indien MBAM< Moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op >OK< Klikken! Daarna zal MBAM< Vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt. 2) Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het eerste scanresultaat van MBAM posten; tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop >Open the Misc Tools section<, dan op de knop >Open Uninstall Manager< En als laatse op de knop >Save<) .


	Na de scan het volgende resultaat van Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:46:39, on 13-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\StartupMonitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Hitman Pro\srhelper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [InCD] I:\nero\incd\InCD.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Hitman Pro\surfright.exe" "\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Zoeken op eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm (file missing) O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://europe.samsungportal.com/EP/w..._ClientEXE.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://duijndic.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1221896450296 O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/w...niSSOCheck.cab O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/w...tiveXSetup.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/co...oScopeLite.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe (file missing) O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DICKDU~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg -- End of file - 12294 bytes Aangifte inkomstenbelasting 2007 Aangifte inkomstenbelasting 2008 ACDSee for Pentax 2.0 ACUBE UniSSOTray V1.0 Ad-Aware Ad-Aware Adobe Flash Player ActiveX Adobe Reader 7.1.0 ADSL Modem Utility (Annex A) ADSL USB MODEM LAN Adapter Ahead Nero Express Andrea VoiceCenter ArcSoft Software Suite ARTEuro AVG Anti-Rootkit Free AVG Free 8.0 Beveiligingsupdate for Windows Media Player 10 (KB911565) Beveiligingsupdate for Windows Media Player 10 (KB917734) Beveiligingsupdate for Windows XP (KB941569) Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090) Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969) Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768) Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566) Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143) Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127) Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653) Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615) Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533) Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759) Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838) Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390) Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215) Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714) Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260) Beveiligingsupdate voor Windows Media Player (KB952069) Beveiligingsupdate voor Windows Media Player 11 (KB936782) Beveiligingsupdate voor Windows Media Player 11 (KB954154) Beveiligingsupdate voor Windows XP (KB938464) Beveiligingsupdate voor Windows XP (KB946648) Beveiligingsupdate voor Windows XP (KB950760) Beveiligingsupdate voor Windows XP (KB950762) Beveiligingsupdate voor Windows XP (KB950974) Beveiligingsupdate voor Windows XP (KB951066) Beveiligingsupdate voor Windows XP (KB951376) Beveiligingsupdate voor Windows XP (KB951376-v2) Beveiligingsupdate voor Windows XP (KB951698) Beveiligingsupdate voor Windows XP (KB951748) Beveiligingsupdate voor Windows XP (KB952954) Beveiligingsupdate voor Windows XP (KB953839) Beveiligingsupdate voor Windows XP (KB954211) Beveiligingsupdate voor Windows XP (KB954459) Beveiligingsupdate voor Windows XP (KB954600) Beveiligingsupdate voor Windows XP (KB955069) Beveiligingsupdate voor Windows XP (KB956391) Beveiligingsupdate voor Windows XP (KB956802) Beveiligingsupdate voor Windows XP (KB956803) Beveiligingsupdate voor Windows XP (KB956841) Beveiligingsupdate voor Windows XP (KB957095) Beveiligingsupdate voor Windows XP (KB957097) Beveiligingsupdate voor Windows XP (KB958644) Beveiligingsupdate voor Windows XP (KB958687) Beveiligingsupdate voor Windows XP (KB958690) Beveiligingsupdate voor Windows XP (KB960225) Beveiligingsupdate voor Windows XP (KB960715) Bluetooth Stack for Windows by Toshiba CDDRV_Installer ColorPic Corel Photo Album 6 Creative MediaSource Dell CinePlayer Dell Driver Reset Tool Dell Support 3.1 DiscAPI (Studio 10) DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Web Player Easy-WebPrint Essentiële update voor Windows Media Player 11 (KB959772) High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hitman Pro Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix voor Windows Internet Explorer 7 (KB947864) Hotfix voor Windows Media Player 11 (KB939683) Hotfix voor Windows XP (KB952287) Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections InterVideo XPack (DVD Only) J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 11 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 KhalInstallWrapper Last.fm Player 1.1.4 Logitech Desktop Messenger Logitech SetPoint Macromedia Shockwave Player Malwarebytes' Anti-Malware MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office FrontPage 2003 Microsoft Office Professional Editie 2003 Microsoft Office Project Professional 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works 7.0 Mozilla Firefox (2.0.0.20) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nikon Message Center Nokia Connectivity Cable Driver Nokia PC Suite Pakket voor de provider van Microsoft Base-smartcardcryptografieservice Picasa 2 Productregistratie Sound Blaster Audigy ADVANCED MB QuickTime RAPID Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Samsung Mobie USB Driver Installer Samsung Mobile USB Modem Software Samsung PC Studio II Internet Access SmartSound Quicktracks Plugin Sonic Activation Module Sonic Advanced Decoder Sonic Encoders Sonic Update Manager Sound Blaster Audigy ADVANCED MB Spyware Doctor 6.0 StartupMonitor Studio 10 Toshiba Bluetooth Driver Server Pack 1 Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update Rollup 2 voor Windows XP Media Center Edition 2005 Update voor Windows XP (KB951072-v2) Update voor Windows XP (KB951978) Update voor Windows XP (KB955839) Update voor Windows XP (KB967715) USB ADSL Router VC80CRTRedist - 8.0.50727.762 VistaPrint Electronic Business Card Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebCyberCoach 3.2 Dell WiDESYNC 2.0 Windows Defender Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 WinRAR WinSysClean 2009 Trial WinSysClean 2009 Trial


	De geïnstalleerde Java runtimes zijn al oude versies met alle veiligheidsrisico's van dien! Java runtime dient altijd actueel te zijn altijd eerst de oude versie deïnstalleren en vooraleerst daarna de PC herstarten! Download naar je bureaublad > Java SE Runtime Environment (JRE) 6 Update 12 : https://cds.sun.com/is-bin/INTERSHOP...-CDS_Developer Nu ga je eerst naar >Configuratiescherm >Software en dan verwijder je J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 11 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 Hierna de computer opnieuw starten! Daarna kan je de nieuwe versie van Java installeren! Hierna is het de beurt aan Combofix! Let op: Combofix is vernieuwd! Om Combofix te kunnen gebruiken geld het volgende! - er mogen geen webbrowsers openstaan - antivirus moet geheel gedeaktiveerd zijn - aktieve mal- en spywarescanners moeten gedeaktiveerd zijn. Niet in het aktieve Combofixvnster klikken dit zal Combofix doen bevriezen! Combofix sluit de internet verbinding probeer deze tussentijds niet te herstellen! Vistagebruikers starten Combofix op met Administratorrechten! Combofix - http://www.nationaalcomputerforum.nl...18&postcount=3


	Bedankt voor je snelle reactie. Ik heb alles netjes uitgevoerd tot Combifix. Deze heeft problemen met AGV. Ik heb AGV van de machine af willen halen maar kreeg de volgende melding: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Error 0x80070005 Heb ik het register bij Current Version alle authorisatie aangepast en het lukt nog niet. Daarna windowsSP3 eraf gegeooid en dat had ook geen succes. Wil nu Combifix opstarten met voor zover ik weet AGV uitgezet en enter wel door de foutmeldingen van Combifix. Vraag is wat kan dit voor mogelijke problemen geven? groet Dick


	Hallo Dick, ServicePack 3 had je echt niet hoeven te verwijderen! En AVG 8 Free verwijderen gaat ook niet zomaar, daarvoor heb je het AVG Remover tool nodig: http://www.avg.com/download-tools . Bovendien: Spyware Doctor en Windows Defender moeten ook gedeaktiveert worden! Prrobeer daarna Combofix opnieuw - wel eerst een nieuwe versie downloaden ! Tip over gratis antivirus: Avira Antivir Personal Free versie 2009 is uit! Met geoptimaaliseerde scanmachine (meerkerns processoren - scan ca 20% sneller) en nieuw: scan inclusief zoeken/verwijderen mal- en spyware! http://www.chip.de/artikel/AntiVir-P..._35352294.html - inclusief "Fotostrecke" hoe Avira in terichten! Bovendien: Avira heeft een veel betere virusherkenning dan AVG en gaat bescheidener om met resources in de PC!


	Oke, dat is dan uiteindelijk gelukt. Hierbij het resultaat van Combofix welke ik eerst door de kleurencoder heb laten converteren. [hjt] combofix 09-03-15.01 - dick duijnhouwer 2009-03-18 19:27:02.1 - ntfsx86 microsoft windows xp professional 5.1.2600.3.1252.1.1043.18.2038.1559 [gmt 1:00] gestart vanuit: c:\documents and settings\dick duijnhouwer\bureaublad\ combofix.exe av: on-access scanning disabled (updated) fw: disabled * nieuw herstelpunt werd aangemaakt . andere verwijderingen . i:\ autorun.inf . bestanden gemaakt van 2009-02-18 to 2009-03-18 . 2009-03-16 20:50 . 2009-03-16 20:53 <dir> D c:\windows\servicepackfiles 2009-03-16 20:30 . 2008-04-14 18:02 1,888,992 c:\windows\system32\ ati3duag.dll 2009-03-16 19:58 . 2008-08-14 14:27 2,193,536 c:\windows\system32\dllcache\ ntoskrnl.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,149,888 c:\windows\system32\dllcache\ ntkrnlmp.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,070,400 c:\windows\system32\dllcache\ ntkrnlpa.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,028,544 c:\windows\system32\dllcache\ ntkrpamp.exe 2009-03-16 19:58 . 2008-12-05 07:58 144,896 c:\windows\system32\dllcache\ schannel.dll 2009-03-16 19:57 . 2008-10-24 12:21 455,296 c:\windows\system32\dllcache\ mrxsmb.sys 2009-03-16 19:56 . 2009-02-09 15:08 1,846,912 c:\windows\system32\dllcache\ win32k.sys 2009-03-16 19:56 . 2008-12-11 11:57 333,952 c:\windows\system32\dllcache\ srv.sys 2009-03-16 19:55 . 2008-09-04 18:17 1,106,944 c:\windows\system32\dllcache\ msxml3.dll 2009-03-16 19:55 . 2008-10-15 17:37 337,408 c:\windows\system32\dllcache\ netapi32.dll 2009-03-15 14:23 . 2009-03-15 14:25 128,672,836 --a c:\ registrybackup.reg 2009-03-14 12:22 . 2009-03-14 12:21 73,728 --a c:\windows\system32\javacpl.cpl 2009-03-14 11:59 . 2009-03-14 12:03 <dir> D c:\documents and settings\dick duijnhouwer\.sundownloadmanager 2009-03-13 13:22 . 2009-03-13 13:22 <dir> D c:\program files\trend micro 2009-03-13 13:05 . 2009-03-13 13:09 <dir> D c:\program files\spyware doctor 2009-03-13 13:05 . 2009-03-13 13:09 <dir> D c:\program files\common files\pc tools 2009-03-13 13:05 . 2009-03-13 13:05 <dir> D c:\documents and settings\all users\application data\pc tools 2009-03-13 13:05 . 2008-12-11 08:38 159,600 --a c:\windows\system32\drivers\ pctgntdi.sys 2009-03-13 13:05 . 2009-03-06 16:45 130,424 --a c:\windows\system32\drivers\ pctcore.sys 2009-03-13 13:05 . 2008-12-18 12:16 73,840 --a c:\windows\system32\drivers\ pctappevent.sys 2009-03-13 13:05 . 2008-12-10 12:36 64,392 --a c:\windows\system32\drivers\ pctplsg.sys 2009-03-13 12:59 . 2009-03-13 12:30 15,688 --a c:\windows\system32\ lsdelete.exe 2009-03-13 12:30 . 2009-03-13 12:30 64,160 --a c:\windows\system32\drivers\ lbd.sys 2009-03-13 12:26 . 2009-03-13 12:26 <dir> D c:\program files\lavasoft 2009-03-13 12:26 . 2009-03-13 12:30 <dir> D c:\documents and settings\all users\application data\lavasoft 2009-03-13 12:26 . 2009-03-13 12:26 <dir> D--h-c--- c:\documents and settings\all users\application data\ {83c91755-2546-441d-ac40-9a6b4b860800} 2009-03-13 09:57 . 2009-03-13 09:57 <dir> D c:\windows\system32\logfiles 2009-03-13 09:53 . 2009-03-13 09:53 <dir> D--h-c--- c:\documents and settings\all users\application data\ {f808cc3a-3f9a-41d2-8d37-5ae398d2cd2b} 2009-03-13 09:52 . 2009-03-13 09:52 <dir> D c:\program files\winsysclean 2009 trial 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\program files\malwarebytes' anti-malware 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\documents and settings\dick duijnhouwer\application data\malwarebytes 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\documents and settings\all users\application data\malwarebytes 2009-03-12 07:29 . 2009-02-11 10:19 38,496 --a c:\windows\system32\drivers\ mbamswissarmy.sys 2009-03-12 07:29 . 2009-02-11 10:19 15,504 --a c:\windows\system32\drivers\ mbam.sys 2009-03-09 20:53 . 2009-03-13 13:19 54,156 --ah c:\windows\qtfont.qfn 2009-03-09 20:53 . 2009-03-09 20:53 1,409 --a c:\windows\qtfont.for . find3m rapport )) . 2009-03-18 18:32 d w c:\program files\hitman pro 2009-03-18 16:53 d w c:\documents and settings\all users\application data\avg8 2009-03-14 11:14 d w c:\program files\java 2009-03-13 12:21 d---a-w c:\documents and settings\all users\application data\temp 2009-03-13 12:09 2,560 ----a-w c:\windows\system32\drivers\ mchinjdrv.sys 2009-03-13 09:20 d w c:\documents and settings\dick duijnhouwer\application data\ebay 2009-03-13 09:20 d w c:\documents and settings\all users\application data\ebay 2009-03-13 09:19 d--h--w c:\program files\installshield installation information 2009-03-13 09:19 d w c:\program files\ebay 2009-02-11 19:58 d w c:\program files\divx 2009-02-09 19:22 d w c:\documents and settings\dick duijnhouwer\application data\belastingdienst 2007-10-19 07:58 893 ----a-w c:\documents and settings\dick duijnhouwer\ emails.dat 2007-10-10 16:13 10 ----a-w c:\documents and settings\dick duijnhouwer\ user.dat 2009-03-13 08:08 67,688 ----a-w c:\program files\mozilla firefox\components\ jar50.dll 2009-03-13 08:08 54,368 ----a-w c:\program files\mozilla firefox\components\ jsd3250.dll 2009-03-13 08:08 34,944 ----a-w c:\program files\mozilla firefox\components\ myspell.dll 2009-03-13 08:08 46,712 ----a-w c:\program files\mozilla firefox\components\ spellchk.dll 2009-03-13 08:08 172,136 ----a-w c:\program files\mozilla firefox\components\ xpinstal.dll 2008-05-21 17:44 56 --sh--r c:\windows\system32\ 243b6f39bc.sys 2008-05-21 17:44 3,922 --sha-w c:\windows\system32\ kgygaavl.sys . reg opstartpunten ) . . nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond regedit4 [hkey_current_user\software\microsoft\windows\curre ntversion\run] "wmpnscfg"= c:\program files\windows media player\ wmpnscfg.exe [2006-11-02 204288] "msnmsgr"= c:\program files\hitman pro\ surfright.exe [2007-10-26 751480] "ldm"= c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe [2007-03-09 67128] "dellsupport"= c:\program files\dell support\ dsagnt.exe [2005-05-15 332800] "ctfmon.exe"= c:\windows\system32\ ctfmon.exe [2008-04-14 15360] "creative detector"= c:\program files\creative\mediasource\detector\ ctdetect.exe [2004-12-02 102400] "setdefaultmidi"="mididef.exe" [2004-12-22 c:\windows\ mididef.exe ] [hkey_local_machine\software\microsoft\windows\curr entversion\run] "sunjavaupdatesched"= c:\program files\java\jre6\bin\ jusched.exe [2009-03-14 148888] "quicktime task"= c:\program files\quicktime\ qttask.exe [2008-03-20 98304] "pinnacledrivercheck"= c:\windows\system32\\ psdrvcheck.exe [2004-03-10 406016] "pcsuitetrayapplication"= c:\program files\nokia\nokia pc suite 6\ launchapplication.exe [2005-03-22 167936] "isuspm startup"= c:\program files\common files\installshield\updateservice\ isuspm.exe [2005-06-10 249856] "datalayer"= c:\program files\common files\pcsuite\datalayer\ datalayer.exe [2005-03-31 1106944] "cleanregpath"= c:\progra~1\adslmo~1\ cleanreg.exe [2003-10-23 24576] "ad-watch"= c:\program files\lavasoft\ad-aware\ aawtray.exe [2009-03-13 515416] "run startupmonitor"="startupmonitor.exe" [2000-05-20 c:\windows\ startupmonitor.exe ] "kernel and hardware abstraction layer"="khalmnpr.exe" [2007-09-21 c:\windows\ khalmnpr.exe ] "bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [hkey_users\.default\software\microsoft\windows\cur rentversion\run] "ctfmon.exe"= c:\windows\system32\ ctfmon.exe [2008-04-14 15360] c:\documents and settings\all users\menu start\programma's\opstarten\ adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\ reader_sl.exe [2008-04-23 29696] bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\ tosbtmng1.exe [2004-12-21 45056] intervideo wincinema manager.lnk - c:\program files\intervideo\common\bin\ wincinemamgr.exe [2006-03-25 114688] logitech desktop messenger.lnk - c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe [2007-03-09 67128] logitech setpoint.lnk - c:\program files\logitech\setpoint\ setpoint.exe [2006-12-07 784912] [hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\notify\lbtwlgn] 2007-11-15 10:10 72208 c:\program files\common files\logitech\bluetooth\ lbtwlgn.dll [hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= vdrcodec.dll "vidc.acdv"= acdv.dll "msacm.cegsm"= mobilev.acm "vidc.mjpg"= pvmjpg30.dll "vidc.pim1"= pclepim1.dll [hkey_local_machine\system\currentcontrolset\contro l\session manager] bootexecute reg_multi_sz autocheck autochk \ 0 ssiefr.e\ 0 lsdelete [hkey_local_machine\system\currentcontrolset\contro l\safeboot\minimal\lavasoft ad-aware service] @="service" [hkey_local_machine\system\currentcontrolset\contro l\safeboot\minimal\wdfloadgroup] @="" [hkey_local_machine\software\microsoft\security center\monitoring\mcafeeantivirus] "disablemonitoring"=dword: 1 [hkey_local_machine\software\microsoft\security center\monitoring\mcafeefirewall] "disablemonitoring"=dword: 1 [hklm\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\authorizedapplications\list] %windir%\\system32\\ sessmgr.exe = c:\\program files\\messenger\\ msmsgs.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ rm.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ studio.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ pmsregisterfile.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ umi.exe = c:\\program files\\mozilla firefox\\ firefox.exe = %windir%\\network diagnostic\\ xpnetdiag.exe = c:\\program files\\logitech\\desktop messenger\\8876480\\program\\ logitechdesktopmessenger.exe = r0 lbd;lbd; C:\windows\system32\drivers\ lbd.sys [2009-03-13 64160] r0 pctcore;pctools kds; C:\windows\system32\drivers\ pctcore.sys [2009-03-13 130424] r1 mchinjdrv;madcodehook dll injection driver; C:\windows\system32\drivers\ mchinjdrv.sys [2008-11-15 2560] r2 lavasoft ad-aware service;lavasoft ad-aware service; C:\program files\lavasoft\ad-aware\ aawservice.exe [2009-01-18 951632] r2 lbeepke;lbeepke; C:\windows\system32\drivers\ lbeepke.sys [2006-12-07 3712] r2 windefend;windows defender; C:\program files\windows defender\ msmpeng.exe [2006-11-03 13592] r3 cnxetp;adsl usb modem lan adapter filter driver; C:\windows\system32\drivers\ cnxetp.sys [2006-02-28 60288] r3 cnxetu;adsl usb modem loader; C:\windows\system32\drivers\ cnxetu.sys [2006-02-28 646400] r3 cnxtgn;adsl usb modem lan adapter driver; C:\windows\system32\drivers\ cnxtgn.sys [2006-02-28 103622] s1 ctredr15.sys;ctredr15.sys;\??\ c:\windows\system32\drivers\ ctredr15.sys --> C:\windows\system32\drivers\ ctredr15.sys [?] s3 sdauxservice;pc tools auxiliary service; C:\program files\spyware doctor\ pctsauxs.exe [2009-03-13 348752] s3 wdm1;usb bridge cable driver; C:\windows\system32\drivers\ usbbc.sys [2008-04-07 15576] [hkey_current_user\software\microsoft\windows\curre ntversion\explorer\mountpoints2\ {e487a618-aadf-11da-980b-00d041381553} ] \shell\autorun\command - j:\ setupsnk.exe . inhoud van de 'gedeelde taken' map 2009-03-13 c:\windows\tasks\ ad-aware update (weekly).job - c:\program files\lavasoft\ad-aware\ ad-awareadmin.exe [2009-03-13 12:29] 2009-03-18 c:\windows\tasks\ mp scheduled scan.job - c:\program files\windows defender\ mpcmdrun.exe [2006-11-03 18:20] . - - - - orphans verwijderd - - - - hklm-run-wtask - c:\windows\media\ ltaskup.exe notify-avgrsstarter - avgrsstx.dll . bijkomende scan . ustart page = hxxp://www.google.nl/ usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.micros oft:en-us&ie=utf8&oe=utf8 usearchurl,(default) = hxxp://www.google.com/search?q=%s ie: e&xporteren naar microsoft excel - c:\progra~1\micros~3\office11\ excel.exe /3000 ie: easy-webprint afdrukken - c:\program files\canon\easy-webprint\ toolband.dll /rc_print.html ie: easy-webprint afdrukvoorbeeld - c:\program files\canon\easy-webprint\ toolband.dll /rc_preview.html ie: easy-webprint toevoegen aan afdruklijst - c:\program files\canon\easy-webprint\ toolband.dll /rc_addtolist.html ie: easy-webprint versneld afdrukken - c:\program files\canon\easy-webprint\ toolband.dll /rc_hsprint.html ie: verzenden naar &bluetooth - c:\program files\conceptronic\bluetooth software\ btsendto_ie_ctx.htm ie: zoeken op ebay - c:\program files\ebay\ebay toolbar2\ ebaytb.dll /rcsearch.html handler: bwfile-8876480 - {9462a756-7b47-47bc-8c80-c34b9b80b32b} - c:\program files\logitech\desktop messenger\8876480\program\ gaplugprotocol-8876480.dll dpf: {08bcd971-a13b-4d6e-a2a5-e9b2324fc00d} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/cm_clientexe.cab dpf: {193c772a-87be-4b19-a7bb-445b226fe9a1} - hxxp://downloads.ewido.net/ewidoonlinescan.cab dpf: {9d67ebf0-af1a-4bce-bac9-c84a9383e0b3} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/unissocheck.cab dpf: {c4d88b8e-352b-11d6-bf77-0080c740a177} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/activexsetup.cab dpf: {d83c1bd1-dcbb-11d4-9425-0050bf33fa6e} - hxxp://www.cyclomedia.nl/download/components/cycloscopelite.cab ff - profilepath - c:\documents and settings\dick duijnhouwer\application data\mozilla\firefox\profiles\m7vj0iol.default\ ff - prefs.js: browser.search.selectedengine - van dale woordenboek ff - prefs.js: browser.startup.homepage - hxxps://www.abnamro.nl/toegang/aanloggen ff - prefs.js: network.proxy.type - 4 ff - component: c:\program files\mozilla firefox\components\ xpinstal.dll . catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer, http://www.gmer.net rootkit scan 2009-03-18 19:32:29 windows 5.1.2600 service pack 3 ntfs scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... scan succesvol afgerond verborgen bestanden: 0 . vergrendelde register sleutels [hkey_local_machine\software\classes\clsid\ {47629d4b-2ad3-4e50-b716-a66c15c63153} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af ,b0,29,a3,98,7f,bd,42,55,f3, c2,1d,a6,e2,63,26,f1,3f,c8,ff,68,67,64,7a,16,0b,e5 ,2c,28,e2,63,26,f1,3f,c8,\ [hkey_local_machine\software\classes\clsid\ {604bb98a-a94f-4a5c-a67c-d8d3582c741c} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,68,92,3d,9a,25, 11,4d,c2,6a,9c,d6,61,af,45,84,18,52,89,56,41,b7,ab ,f2,a9,6a,9c,d6,61,af,45,\ [hkey_local_machine\software\classes\clsid\ {684373fb-9cd8-4e47-b990-5a4466c16034} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd ,91,e8,6f,31,a1,9e,85,fc,53, 3a,b4,91,ff,7c,85,e0,43,d4,0e,fe,ef,00,f2,a2,fe,d8 ,52,93,ff,7c,85,e0,43,d4,\ [hkey_local_machine\software\classes\clsid\ {74554ccd-f60f-4708-ad98-d0152d08c8b9} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0 ,57,5a,93,61,73,12,af,80,9a, 1a,9e,c5,86,8c,21,01,be,91,eb,e7,74,e4,57,94,13,71 ,c5,d5,86,8c,21,01,be,91,\ [hkey_local_machine\software\classes\clsid\ {7eb537f9-a916-4339-b91b-ded8e83632c0} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9 ,a6,33,6c,cd,5b,e9,45,57,fd, 60,1d,5e,f5,1d,4d,73,a8,13,5c,05,79,17,d4,a8,36,24 ,a3,c6,f5,1d,4d,73,a8,13,\ [hkey_local_machine\software\classes\clsid\ {948395e8-7a56-4fb1-843b-3e52d94db145} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab ,ec,6a,4e,ab,a3,4b,2c,e2,c4, 06,cf,30,df,20,58,62,78,6b,cf,c8,49,1f,21,e0,96,44 ,c2,09,df,20,58,62,78,6b,\ [hkey_local_machine\software\classes\clsid\ {ac3ed30b-6f1a-4bfc-a4f6-2ebdccd34c19} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a ,c7,f1,35,ee,41,3c,d1,b3,2c, b5,48,c3,fb,a7,78,e6,12,2f,9a,ea,27,9b,e2,7c,d4,83 ,b2,0d,fb,a7,78,e6,12,2f,\ [hkey_local_machine\software\classes\clsid\ {de5654ca-eb84-4df9-915b-37e957082d6d} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b ,a0,85,96,ab,81,b9,bb,e8,a1, e8,88,36,01,3a,48,fc,e8,04,4a,f1,37,b7,29,c6,4a,00 ,77,2f,01,3a,48,fc,e8,04,\ [hkey_local_machine\software\classes\clsid\ {e39c35e8-7488-4926-92b2-2f94619ac1a5} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58 ,98,5b,89,c9,88,37,cb,11,75, e4,9a,1c,f6,0f,4e,58,98,5b,89,c9,5b,a3,5e,78,c6,7a ,e6,8e,f6,0f,4e,58,98,5b,\ [hkey_local_machine\software\classes\clsid\ {eacafce5-b0e2-4288-8073-c02ff9619b6f} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3 ,a6,15,56,0a,5c,03,8c,7a,8e, ad,30,bb,3d,ce,ea,26,2d,45,aa,78,e6,ea,df,33,08,7c ,83,90,3d,ce,ea,26,2d,45,\ [hkey_local_machine\software\classes\clsid\ {f8f02add-7366-4186-9488-c21cb8b3dcec} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5 ,eb,bc,2f,6b,e4,51,4b,cf,21, 40,e0,89,2a,b7,cc,b5,b9,7f,41,e7,49,d5,89,56,85,ab ,5a,2f,2a,b7,cc,b5,b9,7f,\ [hkey_local_machine\software\classes\clsid\ {fee45de2-a467-4bf9-bf2d-1411304bcd84} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e ,aa,22,2f,9c,f1,a5,1b,e7,95, 14,ab,64,6c,43,2d,1e,aa,22,2f,9c,0e,c2,1f,3f,2e,7a ,77,db,6c,43,2d,1e,aa,22,\ [hkey_local_machine\software\microsoft\windows\curr entversion\installer\userdata\localsystem\componen ts\ø•€\|ÿÿÿÿ•€\|ù•9~] "3140710900063d11c8ef10054038389c"="c?\\windows\\s ystem32\\fm20enu.dll" "3140110900063d11c8ef10054038389c"="c?\\windows\\s ystem32\\fm20enu.dll" . dlls geladen onder lopende processen - - - - - - - > 'winlogon.exe'(924) c:\program files\common files\logitech\bluetooth\ lbtwlgn.dll c:\program files\common files\logitech\bluetooth\ lbtserv.dll . andere aktieve processen . c:\windows\system32\ ctsvccda.exe c:\windows\ehome\ ehrecvr.exe c:\windows\ehome\ ehsched.exe c:\program files\java\jre6\bin\ jqs.exe c:\windows\ehome\ mcrdsvc.exe c:\program files\windows media player\ wmpnetwk.exe c:\windows\system32\ dllhost.exe c:\windows\system32\wbem\ unsecapp.exe c:\windows\system32\ wscntfy.exe c:\windows\system32\ rundll32.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtmng.exe c:\progra~1\common~1\pcsuite\services\ servic~1.exe c:\program files\hitman pro\ srhelper.exe c:\program files\toshiba\bluetooth toshiba stack\ tosa2dp.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbthsp.exe c:\program files\common files\logishrd\khal2\ khalmnpr.exe c:\program files\toshiba\bluetooth toshiba stack\ tosavrc.exe c:\program files\toshiba\bluetooth toshiba stack\ tosobex.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtproc.exe c:\progra~1\common~1\nokia\mpapi\ mpapi3s.exe .


	Oke, dat is dan uiteindelijk gelukt. Hierbij het resultaat van Combofix welke ik eerst door de kleurencoder heb laten converteren. [hjt] combofix 09-03-15.01 - dick duijnhouwer 2009-03-18 19:27:02.1 - ntfsx86 microsoft windows xp professional 5.1.2600.3.1252.1.1043.18.2038.1559 [gmt 1:00] gestart vanuit: c:\documents and settings\dick duijnhouwer\bureaublad\ combofix.exe av: on-access scanning disabled (updated) fw: disabled * nieuw herstelpunt werd aangemaakt . andere verwijderingen . i:\ autorun.inf . bestanden gemaakt van 2009-02-18 to 2009-03-18 . 2009-03-16 20:50 . 2009-03-16 20:53 <dir> D c:\windows\servicepackfiles 2009-03-16 20:30 . 2008-04-14 18:02 1,888,992 c:\windows\system32\ ati3duag.dll 2009-03-16 19:58 . 2008-08-14 14:27 2,193,536 c:\windows\system32\dllcache\ ntoskrnl.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,149,888 c:\windows\system32\dllcache\ ntkrnlmp.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,070,400 c:\windows\system32\dllcache\ ntkrnlpa.exe 2009-03-16 19:58 . 2008-08-14 14:27 2,028,544 c:\windows\system32\dllcache\ ntkrpamp.exe 2009-03-16 19:58 . 2008-12-05 07:58 144,896 c:\windows\system32\dllcache\ schannel.dll 2009-03-16 19:57 . 2008-10-24 12:21 455,296 c:\windows\system32\dllcache\ mrxsmb.sys 2009-03-16 19:56 . 2009-02-09 15:08 1,846,912 c:\windows\system32\dllcache\ win32k.sys 2009-03-16 19:56 . 2008-12-11 11:57 333,952 c:\windows\system32\dllcache\ srv.sys 2009-03-16 19:55 . 2008-09-04 18:17 1,106,944 c:\windows\system32\dllcache\ msxml3.dll 2009-03-16 19:55 . 2008-10-15 17:37 337,408 c:\windows\system32\dllcache\ netapi32.dll 2009-03-15 14:23 . 2009-03-15 14:25 128,672,836 --a c:\ registrybackup.reg 2009-03-14 12:22 . 2009-03-14 12:21 73,728 --a c:\windows\system32\javacpl.cpl 2009-03-14 11:59 . 2009-03-14 12:03 <dir> D c:\documents and settings\dick duijnhouwer\.sundownloadmanager 2009-03-13 13:22 . 2009-03-13 13:22 <dir> D c:\program files\trend micro 2009-03-13 13:05 . 2009-03-13 13:09 <dir> D c:\program files\spyware doctor 2009-03-13 13:05 . 2009-03-13 13:09 <dir> D c:\program files\common files\pc tools 2009-03-13 13:05 . 2009-03-13 13:05 <dir> D c:\documents and settings\all users\application data\pc tools 2009-03-13 13:05 . 2008-12-11 08:38 159,600 --a c:\windows\system32\drivers\ pctgntdi.sys 2009-03-13 13:05 . 2009-03-06 16:45 130,424 --a c:\windows\system32\drivers\ pctcore.sys 2009-03-13 13:05 . 2008-12-18 12:16 73,840 --a c:\windows\system32\drivers\ pctappevent.sys 2009-03-13 13:05 . 2008-12-10 12:36 64,392 --a c:\windows\system32\drivers\ pctplsg.sys 2009-03-13 12:59 . 2009-03-13 12:30 15,688 --a c:\windows\system32\ lsdelete.exe 2009-03-13 12:30 . 2009-03-13 12:30 64,160 --a c:\windows\system32\drivers\ lbd.sys 2009-03-13 12:26 . 2009-03-13 12:26 <dir> D c:\program files\lavasoft 2009-03-13 12:26 . 2009-03-13 12:30 <dir> D c:\documents and settings\all users\application data\lavasoft 2009-03-13 12:26 . 2009-03-13 12:26 <dir> D--h-c--- c:\documents and settings\all users\application data\ {83c91755-2546-441d-ac40-9a6b4b860800} 2009-03-13 09:57 . 2009-03-13 09:57 <dir> D c:\windows\system32\logfiles 2009-03-13 09:53 . 2009-03-13 09:53 <dir> D--h-c--- c:\documents and settings\all users\application data\ {f808cc3a-3f9a-41d2-8d37-5ae398d2cd2b} 2009-03-13 09:52 . 2009-03-13 09:52 <dir> D c:\program files\winsysclean 2009 trial 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\program files\malwarebytes' anti-malware 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\documents and settings\dick duijnhouwer\application data\malwarebytes 2009-03-12 07:29 . 2009-03-12 07:29 <dir> D c:\documents and settings\all users\application data\malwarebytes 2009-03-12 07:29 . 2009-02-11 10:19 38,496 --a c:\windows\system32\drivers\ mbamswissarmy.sys 2009-03-12 07:29 . 2009-02-11 10:19 15,504 --a c:\windows\system32\drivers\ mbam.sys 2009-03-09 20:53 . 2009-03-13 13:19 54,156 --ah c:\windows\qtfont.qfn 2009-03-09 20:53 . 2009-03-09 20:53 1,409 --a c:\windows\qtfont.for . find3m rapport )) . 2009-03-18 18:32 d w c:\program files\hitman pro 2009-03-18 16:53 d w c:\documents and settings\all users\application data\avg8 2009-03-14 11:14 d w c:\program files\java 2009-03-13 12:21 d---a-w c:\documents and settings\all users\application data\temp 2009-03-13 12:09 2,560 ----a-w c:\windows\system32\drivers\ mchinjdrv.sys 2009-03-13 09:20 d w c:\documents and settings\dick duijnhouwer\application data\ebay 2009-03-13 09:20 d w c:\documents and settings\all users\application data\ebay 2009-03-13 09:19 d--h--w c:\program files\installshield installation information 2009-03-13 09:19 d w c:\program files\ebay 2009-02-11 19:58 d w c:\program files\divx 2009-02-09 19:22 d w c:\documents and settings\dick duijnhouwer\application data\belastingdienst 2007-10-19 07:58 893 ----a-w c:\documents and settings\dick duijnhouwer\ emails.dat 2007-10-10 16:13 10 ----a-w c:\documents and settings\dick duijnhouwer\ user.dat 2009-03-13 08:08 67,688 ----a-w c:\program files\mozilla firefox\components\ jar50.dll 2009-03-13 08:08 54,368 ----a-w c:\program files\mozilla firefox\components\ jsd3250.dll 2009-03-13 08:08 34,944 ----a-w c:\program files\mozilla firefox\components\ myspell.dll 2009-03-13 08:08 46,712 ----a-w c:\program files\mozilla firefox\components\ spellchk.dll 2009-03-13 08:08 172,136 ----a-w c:\program files\mozilla firefox\components\ xpinstal.dll 2008-05-21 17:44 56 --sh--r c:\windows\system32\ 243b6f39bc.sys 2008-05-21 17:44 3,922 --sha-w c:\windows\system32\ kgygaavl.sys . reg opstartpunten ) . . nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond regedit4 [hkey_current_user\software\microsoft\windows\curre ntversion\run] "wmpnscfg"= c:\program files\windows media player\ wmpnscfg.exe [2006-11-02 204288] "msnmsgr"= c:\program files\hitman pro\ surfright.exe [2007-10-26 751480] "ldm"= c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe [2007-03-09 67128] "dellsupport"= c:\program files\dell support\ dsagnt.exe [2005-05-15 332800] "ctfmon.exe"= c:\windows\system32\ ctfmon.exe [2008-04-14 15360] "creative detector"= c:\program files\creative\mediasource\detector\ ctdetect.exe [2004-12-02 102400] "setdefaultmidi"="mididef.exe" [2004-12-22 c:\windows\ mididef.exe ] [hkey_local_machine\software\microsoft\windows\curr entversion\run] "sunjavaupdatesched"= c:\program files\java\jre6\bin\ jusched.exe [2009-03-14 148888] "quicktime task"= c:\program files\quicktime\ qttask.exe [2008-03-20 98304] "pinnacledrivercheck"= c:\windows\system32\\ psdrvcheck.exe [2004-03-10 406016] "pcsuitetrayapplication"= c:\program files\nokia\nokia pc suite 6\ launchapplication.exe [2005-03-22 167936] "isuspm startup"= c:\program files\common files\installshield\updateservice\ isuspm.exe [2005-06-10 249856] "datalayer"= c:\program files\common files\pcsuite\datalayer\ datalayer.exe [2005-03-31 1106944] "cleanregpath"= c:\progra~1\adslmo~1\ cleanreg.exe [2003-10-23 24576] "ad-watch"= c:\program files\lavasoft\ad-aware\ aawtray.exe [2009-03-13 515416] "run startupmonitor"="startupmonitor.exe" [2000-05-20 c:\windows\ startupmonitor.exe ] "kernel and hardware abstraction layer"="khalmnpr.exe" [2007-09-21 c:\windows\ khalmnpr.exe ] "bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [hkey_users\.default\software\microsoft\windows\cur rentversion\run] "ctfmon.exe"= c:\windows\system32\ ctfmon.exe [2008-04-14 15360] c:\documents and settings\all users\menu start\programma's\opstarten\ adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\ reader_sl.exe [2008-04-23 29696] bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\ tosbtmng1.exe [2004-12-21 45056] intervideo wincinema manager.lnk - c:\program files\intervideo\common\bin\ wincinemamgr.exe [2006-03-25 114688] logitech desktop messenger.lnk - c:\program files\logitech\desktop messenger\8876480\program\ logitechdesktopmessenger.exe [2007-03-09 67128] logitech setpoint.lnk - c:\program files\logitech\setpoint\ setpoint.exe [2006-12-07 784912] [hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\notify\lbtwlgn] 2007-11-15 10:10 72208 c:\program files\common files\logitech\bluetooth\ lbtwlgn.dll [hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= vdrcodec.dll "vidc.acdv"= acdv.dll "msacm.cegsm"= mobilev.acm "vidc.mjpg"= pvmjpg30.dll "vidc.pim1"= pclepim1.dll [hkey_local_machine\system\currentcontrolset\contro l\session manager] bootexecute reg_multi_sz autocheck autochk \ 0 ssiefr.e\ 0 lsdelete [hkey_local_machine\system\currentcontrolset\contro l\safeboot\minimal\lavasoft ad-aware service] @="service" [hkey_local_machine\system\currentcontrolset\contro l\safeboot\minimal\wdfloadgroup] @="" [hkey_local_machine\software\microsoft\security center\monitoring\mcafeeantivirus] "disablemonitoring"=dword: 1 [hkey_local_machine\software\microsoft\security center\monitoring\mcafeefirewall] "disablemonitoring"=dword: 1 [hklm\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\authorizedapplications\list] %windir%\\system32\\ sessmgr.exe = c:\\program files\\messenger\\ msmsgs.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ rm.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ studio.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ pmsregisterfile.exe = c:\\program files\\pinnacle\\studio 10\\programs\\ umi.exe = c:\\program files\\mozilla firefox\\ firefox.exe = %windir%\\network diagnostic\\ xpnetdiag.exe = c:\\program files\\logitech\\desktop messenger\\8876480\\program\\ logitechdesktopmessenger.exe = r0 lbd;lbd; C:\windows\system32\drivers\ lbd.sys [2009-03-13 64160] r0 pctcore;pctools kds; C:\windows\system32\drivers\ pctcore.sys [2009-03-13 130424] r1 mchinjdrv;madcodehook dll injection driver; C:\windows\system32\drivers\ mchinjdrv.sys [2008-11-15 2560] r2 lavasoft ad-aware service;lavasoft ad-aware service; C:\program files\lavasoft\ad-aware\ aawservice.exe [2009-01-18 951632] r2 lbeepke;lbeepke; C:\windows\system32\drivers\ lbeepke.sys [2006-12-07 3712] r2 windefend;windows defender; C:\program files\windows defender\ msmpeng.exe [2006-11-03 13592] r3 cnxetp;adsl usb modem lan adapter filter driver; C:\windows\system32\drivers\ cnxetp.sys [2006-02-28 60288] r3 cnxetu;adsl usb modem loader; C:\windows\system32\drivers\ cnxetu.sys [2006-02-28 646400] r3 cnxtgn;adsl usb modem lan adapter driver; C:\windows\system32\drivers\ cnxtgn.sys [2006-02-28 103622] s1 ctredr15.sys;ctredr15.sys;\??\ c:\windows\system32\drivers\ ctredr15.sys --> C:\windows\system32\drivers\ ctredr15.sys [?] s3 sdauxservice;pc tools auxiliary service; C:\program files\spyware doctor\ pctsauxs.exe [2009-03-13 348752] s3 wdm1;usb bridge cable driver; C:\windows\system32\drivers\ usbbc.sys [2008-04-07 15576] [hkey_current_user\software\microsoft\windows\curre ntversion\explorer\mountpoints2\ {e487a618-aadf-11da-980b-00d041381553} ] \shell\autorun\command - j:\ setupsnk.exe . inhoud van de 'gedeelde taken' map 2009-03-13 c:\windows\tasks\ ad-aware update (weekly).job - c:\program files\lavasoft\ad-aware\ ad-awareadmin.exe [2009-03-13 12:29] 2009-03-18 c:\windows\tasks\ mp scheduled scan.job - c:\program files\windows defender\ mpcmdrun.exe [2006-11-03 18:20] . - - - - orphans verwijderd - - - - hklm-run-wtask - c:\windows\media\ ltaskup.exe notify-avgrsstarter - avgrsstx.dll . bijkomende scan . ustart page = hxxp://www.google.nl/ usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.micros oft:en-us&ie=utf8&oe=utf8 usearchurl,(default) = hxxp://www.google.com/search?q=%s ie: e&xporteren naar microsoft excel - c:\progra~1\micros~3\office11\ excel.exe /3000 ie: easy-webprint afdrukken - c:\program files\canon\easy-webprint\ toolband.dll /rc_print.html ie: easy-webprint afdrukvoorbeeld - c:\program files\canon\easy-webprint\ toolband.dll /rc_preview.html ie: easy-webprint toevoegen aan afdruklijst - c:\program files\canon\easy-webprint\ toolband.dll /rc_addtolist.html ie: easy-webprint versneld afdrukken - c:\program files\canon\easy-webprint\ toolband.dll /rc_hsprint.html ie: verzenden naar &bluetooth - c:\program files\conceptronic\bluetooth software\ btsendto_ie_ctx.htm ie: zoeken op ebay - c:\program files\ebay\ebay toolbar2\ ebaytb.dll /rcsearch.html handler: bwfile-8876480 - {9462a756-7b47-47bc-8c80-c34b9b80b32b} - c:\program files\logitech\desktop messenger\8876480\program\ gaplugprotocol-8876480.dll dpf: {08bcd971-a13b-4d6e-a2a5-e9b2324fc00d} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/cm_clientexe.cab dpf: {193c772a-87be-4b19-a7bb-445b226fe9a1} - hxxp://downloads.ewido.net/ewidoonlinescan.cab dpf: {9d67ebf0-af1a-4bce-bac9-c84a9383e0b3} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/unissocheck.cab dpf: {c4d88b8e-352b-11d6-bf77-0080c740a177} - hxxp://europe.samsungportal.com/ep/web/common/cabfiles/activexsetup.cab dpf: {d83c1bd1-dcbb-11d4-9425-0050bf33fa6e} - hxxp://www.cyclomedia.nl/download/components/cycloscopelite.cab ff - profilepath - c:\documents and settings\dick duijnhouwer\application data\mozilla\firefox\profiles\m7vj0iol.default\ ff - prefs.js: browser.search.selectedengine - van dale woordenboek ff - prefs.js: browser.startup.homepage - hxxps://www.abnamro.nl/toegang/aanloggen ff - prefs.js: network.proxy.type - 4 ff - component: c:\program files\mozilla firefox\components\ xpinstal.dll . catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer, http://www.gmer.net rootkit scan 2009-03-18 19:32:29 windows 5.1.2600 service pack 3 ntfs scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... scan succesvol afgerond verborgen bestanden: 0 . vergrendelde register sleutels [hkey_local_machine\software\classes\clsid\ {47629d4b-2ad3-4e50-b716-a66c15c63153} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af ,b0,29,a3,98,7f,bd,42,55,f3, c2,1d,a6,e2,63,26,f1,3f,c8,ff,68,67,64,7a,16,0b,e5 ,2c,28,e2,63,26,f1,3f,c8,\ [hkey_local_machine\software\classes\clsid\ {604bb98a-a94f-4a5c-a67c-d8d3582c741c} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,68,92,3d,9a,25, 11,4d,c2,6a,9c,d6,61,af,45,84,18,52,89,56,41,b7,ab ,f2,a9,6a,9c,d6,61,af,45,\ [hkey_local_machine\software\classes\clsid\ {684373fb-9cd8-4e47-b990-5a4466c16034} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd ,91,e8,6f,31,a1,9e,85,fc,53, 3a,b4,91,ff,7c,85,e0,43,d4,0e,fe,ef,00,f2,a2,fe,d8 ,52,93,ff,7c,85,e0,43,d4,\ [hkey_local_machine\software\classes\clsid\ {74554ccd-f60f-4708-ad98-d0152d08c8b9} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0 ,57,5a,93,61,73,12,af,80,9a, 1a,9e,c5,86,8c,21,01,be,91,eb,e7,74,e4,57,94,13,71 ,c5,d5,86,8c,21,01,be,91,\ [hkey_local_machine\software\classes\clsid\ {7eb537f9-a916-4339-b91b-ded8e83632c0} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9 ,a6,33,6c,cd,5b,e9,45,57,fd, 60,1d,5e,f5,1d,4d,73,a8,13,5c,05,79,17,d4,a8,36,24 ,a3,c6,f5,1d,4d,73,a8,13,\ [hkey_local_machine\software\classes\clsid\ {948395e8-7a56-4fb1-843b-3e52d94db145} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab ,ec,6a,4e,ab,a3,4b,2c,e2,c4, 06,cf,30,df,20,58,62,78,6b,cf,c8,49,1f,21,e0,96,44 ,c2,09,df,20,58,62,78,6b,\ [hkey_local_machine\software\classes\clsid\ {ac3ed30b-6f1a-4bfc-a4f6-2ebdccd34c19} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a ,c7,f1,35,ee,41,3c,d1,b3,2c, b5,48,c3,fb,a7,78,e6,12,2f,9a,ea,27,9b,e2,7c,d4,83 ,b2,0d,fb,a7,78,e6,12,2f,\ [hkey_local_machine\software\classes\clsid\ {de5654ca-eb84-4df9-915b-37e957082d6d} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b ,a0,85,96,ab,81,b9,bb,e8,a1, e8,88,36,01,3a,48,fc,e8,04,4a,f1,37,b7,29,c6,4a,00 ,77,2f,01,3a,48,fc,e8,04,\ [hkey_local_machine\software\classes\clsid\ {e39c35e8-7488-4926-92b2-2f94619ac1a5} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58 ,98,5b,89,c9,88,37,cb,11,75, e4,9a,1c,f6,0f,4e,58,98,5b,89,c9,5b,a3,5e,78,c6,7a ,e6,8e,f6,0f,4e,58,98,5b,\ [hkey_local_machine\software\classes\clsid\ {eacafce5-b0e2-4288-8073-c02ff9619b6f} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3 ,a6,15,56,0a,5c,03,8c,7a,8e, ad,30,bb,3d,ce,ea,26,2d,45,aa,78,e6,ea,df,33,08,7c ,83,90,3d,ce,ea,26,2d,45,\ [hkey_local_machine\software\classes\clsid\ {f8f02add-7366-4186-9488-c21cb8b3dcec} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5 ,eb,bc,2f,6b,e4,51,4b,cf,21, 40,e0,89,2a,b7,cc,b5,b9,7f,41,e7,49,d5,89,56,85,ab ,5a,2f,2a,b7,cc,b5,b9,7f,\ [hkey_local_machine\software\classes\clsid\ {fee45de2-a467-4bf9-bf2d-1411304bcd84} \inprocserver32] "threadingmodel"="apartment" @= c:\\windows\\system32\\ ole32.dll "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e ,aa,22,2f,9c,f1,a5,1b,e7,95, 14,ab,64,6c,43,2d,1e,aa,22,2f,9c,0e,c2,1f,3f,2e,7a ,77,db,6c,43,2d,1e,aa,22,\ [hkey_local_machine\software\microsoft\windows\curr entversion\installer\userdata\localsystem\componen ts\ø\|ÿÿÿÿ\|ù9~] "3140710900063d11c8ef10054038389c"="c?\\windows\\s ystem32\\fm20enu.dll" "3140110900063d11c8ef10054038389c"="c?\\windows\\s ystem32\\fm20enu.dll" . dlls geladen onder lopende processen - - - - - - - > 'winlogon.exe'(924) c:\program files\common files\logitech\bluetooth\ lbtwlgn.dll c:\program files\common files\logitech\bluetooth\ lbtserv.dll . andere aktieve processen . c:\windows\system32\ ctsvccda.exe c:\windows\ehome\ ehrecvr.exe c:\windows\ehome\ ehsched.exe c:\program files\java\jre6\bin\ jqs.exe c:\windows\ehome\ mcrdsvc.exe c:\program files\windows media player\ wmpnetwk.exe c:\windows\system32\ dllhost.exe c:\windows\system32\wbem\ unsecapp.exe c:\windows\system32\ wscntfy.exe c:\windows\system32\ rundll32.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtmng.exe c:\progra~1\common~1\pcsuite\services\ servic~1.exe c:\program files\hitman pro\ srhelper.exe c:\program files\toshiba\bluetooth toshiba stack\ tosa2dp.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbthsp.exe c:\program files\common files\logishrd\khal2\ khalmnpr.exe c:\program files\toshiba\bluetooth toshiba stack\ tosavrc.exe c:\program files\toshiba\bluetooth toshiba stack\ tosobex.exe c:\program files\toshiba\bluetooth toshiba stack\ tosbtproc.exe c:\progra~1\common~1\nokia\mpapi\ mpapi3s.exe .


	Hallo Dick, Combofix heeft een paar verwijderingen gedaan - dit waren eerder systeemfouten, dan wat anders. Het is volgens mij een Toshiba notebook, met software van Toshiba, welke zich belangrijk vindt, benevens een aantalandere applikaties, die zichzelf ook blangrijk vinden. Gevolg: er loopt heel veel me op de achtergrond! Geef het volgende opdracht in uitvoeren: MSCONFIG. Klik op de tab Opstarten en daar kan je middels de vinkjes weghalen, een aantal programma's uitschakelen bij opstarten met Windows!


	Hallo Abraham54, Ik heb wat programma's uitgeschakeld die bij de opstart Tab staan en dat geeft inderdaad wel enige verbetering. Ik wil je bedankken voor de tijd die je hebt willen vrijmaken om mijn probleem op te lossen. Grz Dick

Discussion Title: Pc erg traag bij opstarten
Title Keywords: traag opstarten Nationaal Computer Forum

Omgili Home

About

FAQ

Plugins

Usenet