Archief - Verschillende kwaaltjes - Voornaamste: niet ontvangen van berichten

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Plutus

Legacy Member
De computer heeft last van verschillende kwaaltjes. Wat mij de laatste tijd het meeste ergert is dat ik tijdens gesprekken op Live Messenger vaak bepaalde berichten niet ontvang. Dit is vrij irritant tijdens een gesprek, mensen denken dan dat ik er niet meer ben ofzo, terwijl ik hun bericht nooit ontvangen heb.

Ik heb Live Messenger al verwijderd en weer geïnstalleerd, dit hielp niet.
Er is ook al een scan gebeurd met Malwarebytes (Anti Malware), deze verwijderde 2 geïnfecteerde bestanden. Die hadden echter niets met Messenger te maken.
Ik heb ook geprobeerd AVG te installeren, maar om een of andere reden mislukt die installatie altijd.

Een ander kwaaltje is dat op willekeurige momenten mijn geluid uitvalt. Als mijn muziek in iTunes bv. aan het spelen is valt dat plots uit. De knop staat nog op 'Play' (dus hij is nog aan het spelen), maar de tijdsas gaat niet meer vooruit en er is geen geluid meer. Ook filmpjes op internet, online muziek, geluidjes van programma's, .... zijn niet meer te horen. Ik moet herstarten om het probleem (tijdelijk) te verhelpen.

Logje hieronder. Ik zie niets raars ma bon, ik ben dan ook geen expert.
--------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:58, on 7/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Manu\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6618 bytes

Plutus

Legacy Member
Of kan Windows Vista Service Pack 1 hier voor iets tussenzitten? Met de blok die er aankomt heb ik geen tijd om mij hier mee bezig te houden dus het is behelpen met die oude versie. In februari eens formatteren en Windows 7 halen :)
Maar ik draai al hele tijd op dit OS met dat service pack, en dit probleem heb ik pas enkele weken.

Jurgenv1

Legacy Member
Download combofix.exe: ComboFix is not available at this time
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Plutus

Legacy Member
Heftig dingetje. Kon jouw instructies niet volgen, ik startte combofix, Daemon tools werd afgesloten en pc werd heropgestart, moest/kon niks ingeven of instructies volgen.

Combofix logje:
---------------------

ComboFix 09-12-19.01 - Manu 20/12/2009 10:30:17.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1043.18.2047.977 [GMT 1:00]
Gestart vanuit: c:\users\Manu\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-20 to 2009-12-20 ))))))))))))))))))))))))))))))
.

2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\users\Manu\AppData\Local\temp
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 19:38 . 2009-12-18 19:38 -------- d-----w- c:\program files\Microsoft
2009-12-18 19:37 . 2009-12-18 19:37 -------- d-----w- c:\program files\Windows Live
2009-12-15 20:17 . 2009-12-15 20:17 149104 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 17:31 . 2008-01-21 02:21 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2009-12-13 07:59 . 2009-12-13 07:59 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-07 21:03 . 2009-12-07 21:03 -------- d-----w- c:\users\Manu\AppData\Roaming\AVG8
2009-12-07 20:04 . 2009-12-07 20:04 -------- d-----w- c:\users\Manu\AppData\Roaming\Malwarebytes
2009-12-07 20:04 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 20:04 . 2009-12-07 20:04 -------- d-----w- c:\programdata\Malwarebytes
2009-12-07 20:04 . 2009-12-07 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 20:04 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 08:25 . 2009-12-06 08:25 -------- d-----w- c:\program files\iPod
2009-12-06 08:22 . 2009-12-06 08:22 -------- d-----w- c:\program files\QuickTime
2009-12-06 08:20 . 2009-12-06 08:20 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-06 08:19 . 2009-12-06 08:19 -------- d-----w- c:\program files\Safari
2009-12-06 08:18 . 2009-12-06 08:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-28 12:58 . 2009-11-28 12:58 -------- d-----w- c:\program files\YouTube Downloader

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 09:34 . 2008-01-21 06:39 670076 ----a-w- c:\windows\system32\perfh013.dat
2009-12-20 09:34 . 2008-01-21 06:39 127694 ----a-w- c:\windows\system32\perfc013.dat
2009-12-16 17:43 . 2009-02-06 20:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-16 17:38 . 2009-02-06 20:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-15 20:17 . 2009-01-31 20:43 -------- d-----w- c:\users\Manu\AppData\Roaming\Apple Computer
2009-12-07 21:01 . 2009-07-04 14:19 -------- d-----w- c:\program files\Native Instruments
2009-12-07 20:57 . 2009-07-08 16:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-06 08:25 . 2009-01-31 20:42 -------- d-----w- c:\program files\iTunes
2009-12-06 08:24 . 2009-01-31 20:41 -------- d-----w- c:\program files\Common Files\Apple
2009-11-29 17:29 . 2009-09-21 16:35 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-06 15:18 . 2009-11-06 15:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 15:16 . 2009-11-06 15:16 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 19:42 . 2009-10-03 09:04 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 18:33 . 2009-02-06 18:25 -------- d-----w- c:\users\Manu\AppData\Roaming\mIRC
2009-10-31 18:31 . 2009-01-31 21:06 38 ----a-w- c:\users\Manu\jagex_runescape_preferences.dat
2009-10-31 18:29 . 2009-10-31 18:27 63 ----a-w- c:\users\Manu\jagex_runescape_preferences2.dat
2009-10-31 18:19 . 2009-02-06 18:25 -------- d-----w- c:\program files\mIRC
2009-10-19 16:29 . 2009-08-23 16:29 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-10 17:17 . 2009-03-04 19:41 38208 ----a-w- c:\users\Manu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-21 16:37 . 2009-08-23 16:29 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-09-21 16:37 . 2009-08-23 16:29 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-09-21 16:37 . 2009-08-23 20:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-21 16:37 . 2009-08-23 16:29 168800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-09-21 16:37 . 2009-08-23 16:29 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-09-21 16:37 . 2009-08-23 16:29 349008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-09-21 16:37 . 2009-09-21 16:37 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-21 16:37 . 2009-08-23 16:29 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-09-21 16:37 . 2009-08-23 16:29 84320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-09-21 16:37 . 2009-08-23 16:29 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-09-21 16:36 . 2009-08-23 16:29 246640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-09-21 16:36 . 2009-08-23 16:29 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-09-21 16:36 . 2009-09-21 16:36 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-21 16:36 . 2009-09-21 16:36 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-21 16:36 . 2009-08-23 16:29 664936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-09-21 16:30 . 2009-08-23 16:29 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-09-21 16:30 . 2009-08-23 16:29 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-09-21 16:29 . 2009-08-23 16:29 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-21 16:29 . 2009-08-23 16:29 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-09-21 16:29 . 2009-08-23 16:29 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-03-31 15:00 . 2009-03-31 15:00 3314 ----a-w- c:\program files\DeIsL3.isu
2009-03-31 14:50 . 2009-03-31 14:49 7932 ----a-w- c:\program files\DeIsL2.isu
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-10 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23-8-2009 17:29 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18-1-2009 22:34 1028432]
R3 L6UX1;Service - Line 6 UX1;c:\windows\System32\drivers\L6UX1.sys [24-10-2008 23:29 530560]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1-2-2009 13:03 717296]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [30-4-2004 12:35 24832]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
FF - ProfilePath - c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\082irp3g.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\082irp3g.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-20 10:36
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\TEMP\TMP00000030EC5442A0D6C79744 524288 bytes executable

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2009-12-20 10:38:27
ComboFix-quarantined-files.txt 2009-12-20 09:38

Pre-Run: 10.120.208.384 bytes beschikbaar
Post-Run: 10.793.840.640 bytes beschikbaar

- - End Of File - - 586E32C870F4329DBFF12E5C851A4A44

Plutus

Legacy Member
En nog een Hijackthis-log:
--------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:50, on 20/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Manu\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 5507 bytes

Jurgenv1

Legacy Member
Ziet er goed uit hoor, ik vrees dat dit geen malware probleem is. Start anders een topic in het software forum. :)

Plutus

Legacy Member
Ok. Op zich dan toch positief dat er geen malware is, bedankt :)
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan