Vraag & Antwoord

Beveiliging & privacy

Langzaam en foutmelding

11 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:39, on 5-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vnvompcn.dll",sitypnow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8423 bytes Ik heb problemen met mijn computer, hij is opeens heel langzaam, kan iemand mij helpen?
  • Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je [b:3f070a584a]Bureaublad[/b:3f070a584a]. Dubbelklik [b:3f070a584a]Combofix.exe[/b:3f070a584a] Volg de instructies, aanvaard de disclaimer door "[b:3f070a584a]1[/b:3f070a584a]" te typen en te bevestigen via "[b:3f070a584a]Enter[/b:3f070a584a]". Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:3f070a584a]combofix.txt[/b:3f070a584a] openen. [i:3f070a584a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:3f070a584a] Note: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. Succes
  • Hallo Pim, Alvast bedankt voor je hulp, hierbij de logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49:17, on 5-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0BDC505B-02D2-41F7-9EE0-C9C981AD1711} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {C82C6B27-A5EC-46F4-ADCF-23BAA199910A} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: nnnljhf - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8904 bytes ComboFix 07-10-05.3 - Maasbach 2007-10-05 11:35:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.157 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Maasbach\Local Settings\Temporary Internet Files\Content.IE5\7UJELPZT\ComboFix[1].exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\WINDOWS\retadpu1000520.exe C:\WINDOWS\system32\gchgxpmp.dll C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\huxnisdr.dll C:\WINDOWS\system32\lqbbgkft.ini C:\WINDOWS\system32\ncpmovnv.ini C:\WINDOWS\system32\olbwpoti.dll C:\WINDOWS\system32\pmpxghcg.ini C:\WINDOWS\system32\rdsinxuh.ini C:\WINDOWS\system32\tfkgbbql.dll C:\WINDOWS\system32\vnvompcn.dll C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 C:\WINDOWS\system32\ycbeg.ini C:\WINDOWS\system32\ycbeg.ini2 C:\WINDOWS\system32\ycbeg.tmp . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))) . 2007-10-01 21:58 <DIR> d-------- C:\Program Files\RegCleaner 2007-10-01 21:32 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-01 18:58 <DIR> d-------- C:\Program Files\Avira 2007-10-01 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-09-30 12:55 <DIR> d-------- C:\Program Files\Uniblue 2007-09-29 19:54 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\Uniblue 2007-09-29 18:23 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-09-28 18:02 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-09-28 17:48 <DIR> d-------- C:\Program Files\CDBurnerXP 2007-09-28 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-09-24 18:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Google 2007-09-23 11:06 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-23 10:12 <DIR> d-------- C:\WINDOWS\pss 2007-09-22 08:18 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten 2007-09-16 23:20 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\SurfRight 2007-09-16 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-09-16 11:36 <DIR> d-------- C:\Program Files\iTunes 2007-09-16 11:36 <DIR> d-------- C:\Program Files\iPod 2007-09-15 20:12 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar 2007-09-15 20:12 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\Adssite Advanced Toolbar 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Shared 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Incomplete 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-05 11:44 --------- d-------- C:\Program Files\Symantec AntiVirus 2007-10-05 11:11 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Skype 2007-10-03 14:30 --------- d-------- C:\Program Files\Google 2007-10-02 20:23 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google 2007-10-02 20:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-10-02 20:19 --------- d-------- C:\Program Files\CyberLink 2007-10-01 23:16 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-01 22:46 --------- d-------- C:\Program Files\Spyware Doctor 2007-10-01 22:46 --------- d-------- C:\Program Files\Hitman Pro 2007-10-01 22:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-28 10:30 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\uTorrent 2007-09-24 19:04 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Lavasoft 2007-09-21 18:03 --------- d-------- C:\Program Files\DVD Shrink 2007-09-16 14:08 --------- d-------- C:\Program Files\Apple Software Update 2007-09-15 20:11 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-14 19:14 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Apple Computer 2007-08-30 21:46 40256 --a------ C:\WINDOWS\system32\drivers\Xprotector.sys 2007-08-18 13:06 --------- d-------- C:\Program Files\Compedia Multimedia . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BDC505B-02D2-41F7-9EE0-C9C981AD1711}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C82C6B27-A5EC-46F4-ADCF-23BAA199910A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-07-26 10:05] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-07-26 09:45] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40] "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-06-23 16:35] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-09-06 15:27] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 20:25] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56] Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-12-04 20:26:58] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljhf] R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Xprotector.sys R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" *Newly Created Service* - PCANDIS5 . Inhoud van de 'Gedeelde Taken' map "2007-09-28 16:05:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 11:44:37 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... ************************************************************************** . Voltooingstijd: 2007-10-05 11:47:36 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-05 11:46 C:\ComboFix2.txt ... 2007-09-23 11:27 . --- E O F ---
  • Hoi Sturing, 1. Ik zie twee actieve virusscanners in je logfile staan, Avira en Symantec. Meerdere virusscanner gaan ruzie met elkaar maken en leiden enkel tot traagheid. Verwijder daarom één van de twee virusscanners via configuratiescherm --> software. 2. [b:40e9a2ba0c]Herstart[/b:40e9a2ba0c] je Pc. 3. Je hebt Combofix gestart vanuit je downloadvenster van je internet browser. Download Combofix opnieuw naar je [b:40e9a2ba0c]bureaublad[/b:40e9a2ba0c]. Doe er verder nog niks mee! 4. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:40e9a2ba0c] Driver:: mchInjDrv.sys Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BDC505B-02D2-41F7-9EE0-C9C981AD1711}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C82C6B27-A5EC-46F4-ADCF-23BAA199910A}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljhf] [/b:40e9a2ba0c] Sla dit op op je Bureaublad als [b:40e9a2ba0c]CFScript.txt[/b:40e9a2ba0c] Sleep CFScript.txt in [b:40e9a2ba0c]ComboFix.exe[/b:40e9a2ba0c] zoals getoond in onderstaand voorbeeld : [img:40e9a2ba0c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:40e9a2ba0c] Dit zal [b:40e9a2ba0c]ComboFix[/b:40e9a2ba0c] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:40e9a2ba0c]Combofix.txt[/b:40e9a2ba0c] in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim
  • Zoals je merkt ben ik niet geen computer expert, je hulp wordt zeer gewaardeerd. Hierbij de logs: ComboFix 07-10-05.3 - Maasbach 2007-10-05 12:34:46.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.213 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Maasbach\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Maasbach\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))) . 2007-10-01 21:58 <DIR> d-------- C:\Program Files\RegCleaner 2007-10-01 21:32 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-01 18:58 <DIR> d-------- C:\Program Files\Avira 2007-10-01 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-09-30 12:55 <DIR> d-------- C:\Program Files\Uniblue 2007-09-29 19:54 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\Uniblue 2007-09-29 18:23 <DIR> d-------- C:\Program Files\SPYWAREfighter 2007-09-28 18:02 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-09-28 17:48 <DIR> d-------- C:\Program Files\CDBurnerXP 2007-09-28 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-09-24 18:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Google 2007-09-23 11:06 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-23 10:12 <DIR> d-------- C:\WINDOWS\pss 2007-09-22 08:18 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten 2007-09-16 23:20 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\SurfRight 2007-09-16 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-09-16 11:36 <DIR> d-------- C:\Program Files\iTunes 2007-09-16 11:36 <DIR> d-------- C:\Program Files\iPod 2007-09-15 20:12 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar 2007-09-15 20:12 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\Adssite Advanced Toolbar 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Shared 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Incomplete 2007-09-14 18:50 <DIR> d-------- C:\Documents and Settings\Maasbach\Application Data\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-05 12:20 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-05 11:50 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Skype 2007-10-03 14:30 --------- d-------- C:\Program Files\Google 2007-10-02 20:23 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google 2007-10-02 20:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-10-02 20:19 --------- d-------- C:\Program Files\CyberLink 2007-10-01 23:16 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-01 22:46 --------- d-------- C:\Program Files\Spyware Doctor 2007-10-01 22:46 --------- d-------- C:\Program Files\Hitman Pro 2007-10-01 22:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-28 10:30 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\uTorrent 2007-09-24 19:04 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Lavasoft 2007-09-21 18:03 --------- d-------- C:\Program Files\DVD Shrink 2007-09-16 14:08 --------- d-------- C:\Program Files\Apple Software Update 2007-09-15 20:11 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-09-14 19:14 --------- d-------- C:\Documents and Settings\Maasbach\Application Data\Apple Computer 2007-08-30 21:46 40256 --a------ C:\WINDOWS\system32\drivers\Xprotector.sys 2007-08-18 13:07 50620 --a------ C:\WINDOWS\system32\command.com 2007-08-18 13:06 --------- d-------- C:\Program Files\Compedia Multimedia 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-07-26 10:05] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-07-26 09:45] "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-06-23 16:35] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-09-06 15:27] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 20:25] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56] Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-12-04 20:26:58] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00] R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Xprotector.sys R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS . Inhoud van de 'Gedeelde Taken' map "2007-09-28 16:05:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 12:37:01 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-05 12:38:18 C:\ComboFix-quarantined-files.txt ... 2007-10-05 12:38 C:\ComboFix2.txt ... 2007-10-05 11:47 C:\ComboFix3.txt ... 2007-09-23 11:27 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:45, on 5-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe -- End of file - 7330 bytes
  • Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt[/url] (by OldTimer) naar je Bureaublad. [list:76a2023927] Dubbelklik op [b:76a2023927]OTMoveIt.exe[/b:76a2023927] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:76a2023927] C:\WINDOWS\system32\Drivers\mchInjDrv.sys C:\Documents and Settings\All Users\Application Data\Symantec [/b:76a2023927] Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:76a2023927]Paste List of Files/Folders to be moved" venster[/b:76a2023927] Klik op de rode [color=red:76a2023927]MoveIt![/color:76a2023927] knop [b:76a2023927]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:76a2023927] Sluit [b:76a2023927]OTMoveIt[/b:76a2023927] [/list:u:76a2023927] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:76a2023927]Ja/Yes[/b:76a2023927]. succes!
  • C:\WINDOWS\system32\Drivers\mchInjDrv.sys moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec moved successfully. Created on 10-05-2007 13:23:31
  • Ziet er goed uit! Doe het volgende nog even. Verwijder onderstaande mappen C:\[b:5a5fd54137]OTMoveIt[/b:5a5fd54137] C:\[b:5a5fd54137]Qoobox[/b:5a5fd54137] Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] Dubbelklik op [b:5a5fd54137]ATF cleaner[/b:5a5fd54137] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Gebruik je ook [b:5a5fd54137]Firefox[/b:5a5fd54137] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:5a5fd54137]Opera[/b:5a5fd54137] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:5a5fd54137]Exit [/b:5a5fd54137]om het programma af te sluiten. Schakel systeemherstel uit, herstart je computer en schakel systeemherstel weer in. Zo haal eventuele resten van malware uit je systeemherstel. [url=http://users.telenet.be/marcvn/spyware/1852808.htm] Zie hier hoe dat moet[/url] Hoe is het inmiddels met je problemen? Pim
  • Verwijder onderstaande mappen C:\OTMoveIt C:\Qoobox Bedoel je hiermee vanuit de verkenner of verwijderen met OTmove? Computer werkt inmiddels weer als vanouds, dank alvast.
  • Die kan je verwijderen m.b.v. de verkenner. Combofix en OTmoveit mag je ook verwijderen van je bureaublad, evenals Hijackthis.
  • Beste Pim, Allemaal gelukt pc loopt weer als een zonnetje, bedankt voor je hulp en bedankt voor je geduld.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.