Archief - Lock-ups

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Insano

Legacy Member
Eerst wil ik degene die de tijd neemt om te helpen op voorhand al bedanken! :woohoo:

Ik heb sinds een lange tijd last van lock-ups in Windows XP waarbij ineens het scherm vastloopt en ik moet rebooten. Ik krijg geen BSOD.

Ik heb als antivirus AVG en als antispyware Avast en Spybot.

Hier is mijn log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:17, on 14/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\NVIDIA Corporation\nTune\nTuneService.exe
D:\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
D:\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Lavasoft\Ad-Aware\AAWTray.exe
D:\Windows Live\Messenger\msnmsgr.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\MICROS~4\wcescomm.exe
D:\MICROS~4\rapimgr.exe
D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Windows Live\Contacts\wlcomm.exe
D:\Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] D:\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] D:\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\MICROS~4\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = D:\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157576147218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{473B629F-C1ED-4557-81DA-40C344BA17BD}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8549 bytes

Juisterr

Legacy Member
1) Zet TeaTimer van Spybot even uit tijdens de fix want hij kan veranderingen in de weg staan.
- Start Spybot S&D
- Ga naar het Mode menu en selecteer "Advanced Mode"
- Aan de linkerkant, kies "Tools"kies "Tools" (of gereedschap ) en klik op > Resident
- Uitvinken "Resident TeaTimer" en en sluit Spybot S&D.
- Herstart de computer.

2) Download het volgende naar je bureaublad: ResetTeaTimer.exe
Dubbelklik daarna op ResetTeaTimer.exe
Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via TeaTimer terug resetten.

LET OP: Startup/exefile [msnmsgr] msnmsgr.exe komt meerdere keren voor bij CC of op onbekende directory

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.



Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Insano

Legacy Member
Log van Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.37
Database versie: 2284
Windows 5.1.2600 Service Pack 3

15/06/2009 20:42:08
mbam-log-2009-06-15 (20-42-08).txt

Scan type: Snelle Scan
Objecten gescand: 98493
Verstreken tijd: 3 minute(s), 29 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\secpol.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Log HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:36, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\NVIDIA Corporation\nTune\nTuneService.exe
D:\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Lavasoft\Ad-Aware\AAWTray.exe
D:\Windows Live\Messenger\msnmsgr.exe
D:\MICROS~4\wcescomm.exe
D:\MICROS~4\rapimgr.exe
D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
D:\Logitech\SetPoint\SetPoint.exe
D:\Firefox\firefox.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Windows Live\Contacts\wlcomm.exe
D:\Malwarebytes' Anti-Malware\mbam.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] D:\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] D:\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\MICROS~4\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = D:\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157576147218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{473B629F-C1ED-4557-81DA-40C344BA17BD}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8051 bytes

Insano

Legacy Member
Nu al een paar uur dat hij goed loopt, maar de lock-ups waren vaak heel random. Ik zal over een paar dagen nog eens posten of de problemen wegblijven.

Alvast bedankt!

Insano

Legacy Member
Ik breng slecht nieuws. Sinds mijn laatste post is mijn systeem nog meer als vijf keer vastgelopen. Dit is op de desktop, dus niet tijdens intensieve berekeningen (gamen, ...).

Ik denk niet dat het de hardware is die te warm wordt, want mijn CPU blijft onder de 50° en mijn airflow is ook in orde (6 fans for the win).

Helaas pindakaas, heb je nog ideeën?

Juisterr

Legacy Member
Gaan we verder zoeken.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Insano

Legacy Member
Cheers:

ComboFix 09-06-19.01 - Neo 20/06/2009 18:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1178 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Neo\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Neo\LOCALS~1\Temp\swt-gdip-win32-3448.dll
c:\docume~1\Neo\LOCALS~1\Temp\swt-win32-3448.dll
c:\documents and settings\Neo\Local Settings\Temp\swt-gdip-win32-3448.dll
c:\documents and settings\Neo\Local Settings\Temp\swt-win32-3448.dll
c:\windows\jestertb.dll
c:\windows\system32\HPZc3212.dll
c:\windows\system32\HPZidr12.dll
c:\windows\system32\HPZipr12.dll
c:\windows\system32\wl.exe
E:\desktop.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))
.

2009-06-19 22:48 . 2009-06-19 22:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-19 21:04 . 2009-06-19 21:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-19 21:03 . 2009-06-20 16:05 -------- d-----w- d:\\Google
2009-06-19 17:40 . 2009-06-19 17:40 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 17:40 . 2009-06-19 17:40 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-19 17:40 . 2009-06-19 17:40 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-19 17:40 . 2009-06-19 17:40 -------- d-----w- c:\documents and settings\Neo\Local Settings\Application Data\PunkBuster
2009-06-18 20:16 . 2009-06-18 20:16 -------- d-----w- d:\\AutoHotkey
2009-06-18 20:04 . 2009-06-18 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-06-18 20:04 . 2009-06-20 16:04 -------- d-----w- c:\documents and settings\Neo\Application Data\Azureus
2009-06-18 20:03 . 2009-06-18 20:04 -------- d-----w- d:\\Vuze
2009-06-16 20:16 . 2009-06-16 20:16 -------- d-----w- d:\\LINGO11
2009-06-15 18:37 . 2009-06-15 18:37 -------- d-----w- c:\documents and settings\Neo\Application Data\Malwarebytes
2009-06-15 18:37 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:37 . 2009-06-15 18:37 -------- d-----w- d:\\Malwarebytes' Anti-Malware
2009-06-15 18:37 . 2009-06-15 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:37 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 23:25 . 2009-06-13 23:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-13 21:22 . 2009-06-13 20:23 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-13 20:27 . 2009-06-13 20:27 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-06-13 20:21 . 2009-06-13 20:21 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 20:21 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-13 20:21 . 2009-06-13 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-13 20:21 . 2009-06-13 20:21 -------- d-----w- d:\\Lavasoft
2009-06-13 11:06 . 2009-06-13 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-13 11:06 . 2009-06-13 11:06 -------- d-----w- c:\program files\Common Files\HP
2009-06-13 11:01 . 2009-06-13 11:07 113623 ----a-w- c:\windows\hpoins07.dat
2009-06-13 11:01 . 2005-05-24 06:50 21124 ------w- c:\windows\hpomdl07.dat
2009-06-13 11:01 . 2005-03-08 04:43 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-06-13 11:01 . 2005-03-08 04:43 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-06-13 11:01 . 2005-03-08 04:43 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-06-13 11:00 . 2005-04-08 01:51 258122 ----a-r- c:\windows\system32\hpovst08.dll
2009-06-13 11:00 . 2005-04-08 01:51 606208 ----a-r- c:\windows\system32\hpotscl.dll
2009-06-13 11:00 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-13 11:00 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-12 21:19 . 2004-09-29 10:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-06-12 21:19 . 2004-09-29 10:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-06-12 21:19 . 2004-09-29 10:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-06-12 21:19 . 2004-09-29 10:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-06-12 21:15 . 2009-06-12 21:15 -------- d-----w- d:\\HP
2009-06-12 21:09 . 2009-06-13 11:07 -------- d-----w- c:\documents and settings\Neo\Application Data\HP
2009-06-12 18:05 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-12 18:05 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-12 18:04 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-12 18:04 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-10 18:51 . 2009-06-13 20:10 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-06-10 18:32 . 2009-06-10 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- d:\\Hitman Pro 3.5
2009-06-10 18:31 . 2009-06-10 18:56 6330616 ----a-w- c:\documents and settings\All Users\Application Data\Hitman Pro 3\HitmanPro35.exe
2009-06-10 18:31 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 3
2009-06-10 07:44 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:44 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-05-28 01:09 . 2009-05-28 01:09 -------- d-sh--w- c:\documents and settings\Neo\PrivacIE
2009-05-28 01:06 . 2009-05-28 01:06 -------- d-sh--w- c:\documents and settings\Neo\IETldCache
2009-05-28 00:26 . 2009-05-28 00:26 -------- d-----w- c:\windows\ie8updates
2009-05-28 00:26 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 00:26 . 2009-05-28 00:26 -------- dc-h--w- c:\windows\ie8
2009-05-23 18:35 . 2009-06-20 16:06 -------- d-----w- c:\documents and settings\Neo\Tracing
2009-05-23 18:22 . 2009-05-23 18:22 -------- d-----w- d:\\Microsoft
2009-05-23 18:22 . 2009-05-23 18:22 -------- d-----w- d:\\Windows Live SkyDrive
2009-05-23 18:17 . 2009-05-23 18:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 19:33 . 2009-05-21 19:33 1915520 ----a-w- c:\documents and settings\Neo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 15:33 . 2006-09-06 20:38 -------- d-----w- d:\\Firefox
2009-06-20 13:34 . 2007-11-24 14:51 -------- d-----w- c:\documents and settings\Neo\Application Data\GrabIt
2009-06-19 23:41 . 2006-09-29 15:03 -------- d-----w- d:\\Steam
2009-06-19 21:32 . 2006-09-07 16:10 -------- d-----w- d:\\Warcraft III
2009-06-19 15:52 . 2009-05-15 18:58 -------- d-----w- d:\\eclipse
2009-06-18 23:37 . 2008-05-27 19:40 3350 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-18 23:37 . 2008-05-27 19:40 3350 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-13 11:07 . 2006-12-15 21:36 -------- d-----w- d:\\Config.Msi
2009-06-13 11:06 . 2007-04-15 19:51 -------- d-----w- d:\\Hewlett-Packard
2009-06-10 19:00 . 2008-04-04 13:36 -------- d-----w- d:\\Spybot - Search & Destroy
2009-06-10 19:00 . 2006-10-03 14:54 -------- d-----w- d:\\Hitman Pro
2009-06-10 18:59 . 2006-10-03 15:15 -------- d-----w- c:\documents and settings\Neo\Application Data\Lavasoft
2009-06-01 16:54 . 2008-01-13 11:50 54 ---h--w- c:\windows\popcreg.dat
2009-06-01 16:54 . 2008-01-04 23:25 61 ----a-w- c:\windows\popcinfot.dat
2009-05-30 20:46 . 2008-07-22 13:56 -------- d-----w- c:\documents and settings\Neo\Application Data\dvdcss
2009-05-24 17:11 . 2008-10-12 16:49 -------- d-----w- d:\\MSECache
2009-05-23 18:34 . 2006-09-06 18:24 79376 -c--a-w- c:\documents and settings\Neo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 18:22 . 2007-12-21 20:37 -------- d-----w- d:\\Windows Live
2009-05-20 16:34 . 2001-09-07 12:00 84286 ----a-w- c:\windows\system32\perfc013.dat
2009-05-20 16:34 . 2001-09-07 12:00 474824 ----a-w- c:\windows\system32\perfh013.dat
2009-05-18 23:11 . 2006-09-07 05:42 -------- d-----w- d:\\Messenger Plus! Live
2009-05-17 14:02 . 2006-09-07 16:12 65751 -c--a-w- c:\windows\War3Unin.dat
2009-05-16 10:41 . 2008-08-09 21:57 -------- d-----w- d:\\Microsoft Silverlight
2009-05-16 10:39 . 2009-05-16 10:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-16 10:39 . 2008-06-23 23:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-16 10:39 . 2008-06-23 23:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-16 10:36 . 2008-06-23 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-16 10:32 . 2006-10-03 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-15 20:52 . 2009-05-15 20:09 -------- d-----w- c:\documents and settings\Neo\Application Data\vlc
2009-05-15 19:19 . 2009-05-15 19:19 -------- d-----w- c:\documents and settings\Neo\Application Data\Subversion
2009-05-15 19:07 . 2007-11-25 13:49 -------- d--h--w- d:\\InstallShield Installation Information
2009-05-15 18:20 . 2008-02-16 18:57 -------- d-----w- d:\\Creative
2009-05-15 18:18 . 2007-11-24 14:50 -------- d-----w- d:\\GrabIt
2009-05-15 18:17 . 2006-10-14 20:39 -------- d-----w- d:\\eMule
2009-05-13 05:06 . 2004-08-23 16:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2001-09-07 12:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:51 . 2001-09-07 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:55 . 2006-09-08 14:53 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-04-18 20:34 . 2007-06-11 20:45 67696 ----a-w- d:\\mozilla firefox\components\jar50.dll
2008-04-18 20:34 . 2007-06-11 20:45 54376 ----a-w- d:\\mozilla firefox\components\jsd3250.dll
2008-04-18 20:34 . 2007-06-11 20:45 34952 ----a-w- d:\\mozilla firefox\components\myspell.dll
2008-04-18 20:34 . 2007-06-11 20:45 46720 ----a-w- d:\\mozilla firefox\components\spellchk.dll
2008-04-18 20:34 . 2007-06-11 20:45 172144 ----a-w- d:\\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\windows live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"H/PC Connection Agent"="d:\micros~4\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"amd_dc_opt"="d:\amd\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="d:\avg\AVG8\avgtray.exe" [2009-05-16 1947928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="d:\lavasoft\Ad-Aware\AAWTray.exe" [2009-06-13 518488]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"PD0630 STISvc"="P0630Pin.dll" - c:\windows\system32\P0630Pin.dll [2005-06-05 36864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - d:\adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
CoreCenter.lnk - d:\msi\Core Center\CoreCenter.exe [2006-9-6 927744]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2006-8-31 1376256]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2006-10-1 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-16 10:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\mIRC\\mirc.exe"=
"d:\\GrabIt\\GrabIt.exe"=
"d:\\Steam\\steamapps\\*snip*\\source sdk base\\hl2.exe"=
"d:\\Steam\\steamapps\\*snip*\\team fortress 2\\hl2.exe"=
"d:\\The Lord of the Rings Online\\lotroclient.exe"=
"d:\\Java\\jdk1.6.0_04\\jre\\bin\\java.exe"=
"d:\\Steam\\steamapps\\*snip*\\counter-strike source\\hl2.exe"=
"d:\\Corel\\DVD9\\WinDVD.exe"=
"d:\\Maple 11\\jre\\bin\\java.exe"=
"d:\\Maple 11\\jre\\bin\\maple.exe"=
"d:\\AVG\\AVG8\\avgupd.exe"=
"d:\\Steam\\steamapps\\*snip*\\day of defeat source\\hl2.exe"=
"d:\\FileZilla FTP Client\\filezilla.exe"=
"d:\\Steam\\steam.exe"=
"d:\\Firefox\\firefox.exe"=
"d:\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"d:\\Microsoft ActiveSync\\WCESMGR.EXE"=
"d:\microsoft activesync\rapimgr.exe"= d:\microsoft activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\\eclipse\\eclipse.exe"=
"d:\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"d:\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqste08.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpofxm08.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hposfx08.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hposid01.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqscnvw.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqkygrp.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqCopy.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpfccopy.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpzwiz01.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Hewlett-Packard\\Digital Imaging\\Bin\\hpoews01.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Vuze\\Azureus.exe"=
"d:\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16337:TCP"= 16337:TCP:BitComet 16337 TCP
"16337:UDP"= 16337:UDP:BitComet 16337 UDP
"119:TCP"= 119:TCP:Grabit
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/06/2009 22:23 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/06/2008 1:33 325896]
R2 avg8wd;AVG8 WatchDog;d:\avg\AVG8\avgwdsvc.exe [24/06/2008 1:33 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\lavasoft\Ad-Aware\AAWService.exe [9/03/2009 21:06 1005904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 gupdate1c9f1219146ac34;Google Updateservice (gupdate1c9f1219146ac34);d:\google\Update\GoogleUpdate.exe [19/06/2009 23:04 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [8/09/2006 23:32 44928]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [8/09/2006 23:32 55808]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [16/02/2008 21:17 91841]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - DIGICELLDRIVER
*NewlyCreated* - PCALERTDRIVER
*Deregistered* - DigiCellDriver
*Deregistered* - PCAlertDriver

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:23]

2008-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\apple software update\SoftwareUpdate.exe [2006-08-29 12:21]

2009-06-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\google\Update\GoogleUpdate.exe [2009-06-19 21:04]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - d:\micros~2\OFFICE11\EXCEL.EXE/3000
TCP: {473B629F-C1ED-4557-81DA-40C344BA17BD} = 192.168.2.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-20 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,a8,57,77,b6,21,9f,98,04,33,ba,89,bb,80,53,7e,4f,07,76,df,73,3a,93,
66,3a,2e,29,74,b9,f6,f5,10,f0,ea,22,65,0b,31,fb,a8,b8,ed,9e,75,7d,0f,c0,01,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1659004503-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,97,bb,66,e9,4f,c5,f8,be,8a,fc,48,18,94,09,49,8c,1c,42,9f,bf,
8e,cd,33,59,1d,35,fc,d2,a6,52,e6,56,3e,f3,0b,fd,94,dc,e7,9c,b2,ca,b9,cf,90,\
"rkeysecu"=hex:85,d0,39,53,75,6d,62,1c,91,f7,63,79,97,cb,77,cb
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3024)
d:\logitech\SetPoint\GameHook.dll
d:\logitech\SetPoint\lgscroll.dll
d:\logitech\SetPoint\HookDll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\rundll32.exe
d:\nvidia corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
d:\micros~4\rapimgr.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\HPZipm12.exe
d:\avg\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
d:\windows live\Contacts\wlcomm.exe
.
**************************************************************************
.
Voltooingstijd: 2009-06-20 18:10 - machine werd herstart
ComboFix-quarantined-files.txt 2009-06-20 16:10

Pre-Run: 51.530.907.648 bytes beschikbaar
Post-Run: 51.658.420.224 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

307 --- E O F --- 2009-06-11 17:03

Juisterr

Legacy Member
plaats ook even een nieuw HJT logje en vertel gelijk even hoe het nu gaat aub.

Insano

Legacy Member
De laatste twee uur is hij toch nog niet vastgelopen, dus dat is al positief. Ik zal over een paar dagen nog eens posten of hij in tussen tijd ook geen kuren meer heeft vertoond. Het is immers moeilijk om het op een korte periode te beoordelen.

Hier is het HJT logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:56, on 20/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Google\Update\GoogleUpdate.exe
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDLL32.exe
D:\NVIDIA Corporation\nTune\nTuneService.exe
D:\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Lavasoft\Ad-Aware\AAWTray.exe
D:\MICROS~4\wcescomm.exe
D:\MICROS~4\rapimgr.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
D:\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\AutoHotkey\AutoHotkey.exe
D:\GrabIt\GrabIt.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] D:\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] D:\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\MICROS~4\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = D:\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157576147218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{473B629F-C1ED-4557-81DA-40C344BA17BD}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c9f1219146ac34) (gupdate1c9f1219146ac34) - Google Inc. - D:\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8041 bytes
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan