Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Langzaam en foutmelding

Anoniem
pimvandenderen
11 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:18:39, on 5-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vnvompcn.dll",sitypnow
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 8423 bytes


    Ik heb problemen met mijn computer, hij is opeens heel langzaam, kan iemand mij helpen?
  • Download Combofix naar je [b:3f070a584a]Bureaublad[/b:3f070a584a].

    Dubbelklik [b:3f070a584a]Combofix.exe[/b:3f070a584a]
    Volg de instructies, aanvaard de disclaimer door "[b:3f070a584a]1[/b:3f070a584a]" te typen en te bevestigen via "[b:3f070a584a]Enter[/b:3f070a584a]".
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:3f070a584a]combofix.txt[/b:3f070a584a] openen.
    [i:3f070a584a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:3f070a584a]

    Note: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Succes
  • Hallo Pim,

    Alvast bedankt voor je hulp, hierbij de logs.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:17, on 5-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0BDC505B-02D2-41F7-9EE0-C9C981AD1711} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {C82C6B27-A5EC-46F4-ADCF-23BAA199910A} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: nnnljhf - C:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 8904 bytes

    ComboFix 07-10-05.3 - Maasbach 2007-10-05 11:35:36.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.157 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Maasbach\Local Settings\Temporary Internet Files\Content.IE5\7UJELPZT\ComboFix[1].exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\WINDOWS\retadpu1000520.exe
    C:\WINDOWS\system32\gchgxpmp.dll
    C:\WINDOWS\system32\gebcy.dll
    C:\WINDOWS\system32\huxnisdr.dll
    C:\WINDOWS\system32\lqbbgkft.ini
    C:\WINDOWS\system32
    cpmovnv.ini
    C:\WINDOWS\system32\olbwpoti.dll
    C:\WINDOWS\system32\pmpxghcg.ini
    C:\WINDOWS\system32\rdsinxuh.ini
    C:\WINDOWS\system32\tfkgbbql.dll
    C:\WINDOWS\system32\vnvompcn.dll
    C:\WINDOWS\system32\ycbeg.bak1
    C:\WINDOWS\system32\ycbeg.bak2
    C:\WINDOWS\system32\ycbeg.ini
    C:\WINDOWS\system32\ycbeg.ini2
    C:\WINDOWS\system32\ycbeg.tmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))
    .

    2007-10-01 21:58 <DIR> d——– C:\Program Files\RegCleaner
    2007-10-01 21:32 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-01 18:58 <DIR> d——– C:\Program Files\Avira
    2007-10-01 18:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2007-09-30 12:55 <DIR> d——– C:\Program Files\Uniblue
    2007-09-29 19:54 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\Uniblue
    2007-09-29 18:23 <DIR> d——– C:\Program Files\SPYWAREfighter
    2007-09-28 18:02 2,560 –a—— C:\WINDOWS\system32\drivers\mchInjDrv.sys
    2007-09-28 17:48 <DIR> d——– C:\Program Files\CDBurnerXP
    2007-09-28 10:18 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Ahead
    2007-09-24 18:53 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Google
    2007-09-23 11:06 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-23 10:12 <DIR> d——– C:\WINDOWS\pss
    2007-09-22 08:18 <DIR> dr——- C:\Documents and Settings\LocalService\Favorieten
    2007-09-16 23:20 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\SurfRight
    2007-09-16 16:22 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-09-16 11:36 <DIR> d——– C:\Program Files\iTunes
    2007-09-16 11:36 <DIR> d——– C:\Program Files\iPod
    2007-09-15 20:12 <DIR> d——– C:\Program Files\Adssite Advanced Toolbar
    2007-09-15 20:12 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\Adssite Advanced Toolbar
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Shared
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Incomplete
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-05 11:44 ——— d——– C:\Program Files\Symantec AntiVirus
    2007-10-05 11:11 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Skype
    2007-10-03 14:30 ——— d——– C:\Program Files\Google
    2007-10-02 20:23 ——— d——– C:\Documents and Settings\All Users\Application Data\Google
    2007-10-02 20:19 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-10-02 20:19 ——— d——– C:\Program Files\CyberLink
    2007-10-01 23:16 ——— d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-01 22:46 ——— d——– C:\Program Files\Spyware Doctor
    2007-10-01 22:46 ——— d——– C:\Program Files\Hitman Pro
    2007-10-01 22:41 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-28 10:30 ——— d——– C:\Documents and Settings\Maasbach\Application Data\uTorrent
    2007-09-24 19:04 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Lavasoft
    2007-09-21 18:03 ——— d——– C:\Program Files\DVD Shrink
    2007-09-16 14:08 ——— d——– C:\Program Files\Apple Software Update
    2007-09-15 20:11 ——— d——– C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-14 19:14 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Apple Computer
    2007-08-30 21:46 40256 –a—— C:\WINDOWS\system32\drivers\Xprotector.sys
    2007-08-18 13:06 ——— d——– C:\Program Files\Compedia Multimedia
    .

    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BDC505B-02D2-41F7-9EE0-C9C981AD1711}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C82C6B27-A5EC-46F4-ADCF-23BAA199910A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-07-26 10:05]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-07-26 09:45]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40]
    "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-06-23 16:35]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-09-06 15:27]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 20:25]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56]
    Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-12-04 20:26:58]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify
    nnljhf]

    R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Xprotector.sys
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
    Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"

    *Newly Created Service* - PCANDIS5
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-28 16:05:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-05 11:44:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    **************************************************************************
    .
    Voltooingstijd: 2007-10-05 11:47:36 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-10-05 11:46
    C:\ComboFix2.txt … 2007-09-23 11:27
    .
    — E O F —



  • Hoi Sturing,

    1. Ik zie twee actieve virusscanners in je logfile staan, Avira en Symantec.
    Meerdere virusscanner gaan ruzie met elkaar maken en leiden enkel tot traagheid.
    Verwijder daarom één van de twee virusscanners via configuratiescherm –> software.

    2. [b:40e9a2ba0c]Herstart[/b:40e9a2ba0c] je Pc.

    3. Je hebt Combofix gestart vanuit je downloadvenster van je internet browser. Download
    Combofix opnieuw naar je [b:40e9a2ba0c]bureaublad[/b:40e9a2ba0c]. Doe er verder nog niks mee!

    4. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:40e9a2ba0c]
    Driver::
    mchInjDrv.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BDC505B-02D2-41F7-9EE0-C9C981AD1711}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C82C6B27-A5EC-46F4-ADCF-23BAA199910A}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify
    nnljhf]
    [/b:40e9a2ba0c]
    Sla dit op op je Bureaublad als [b:40e9a2ba0c]CFScript.txt[/b:40e9a2ba0c]

    Sleep CFScript.txt in [b:40e9a2ba0c]ComboFix.exe[/b:40e9a2ba0c] zoals getoond in onderstaand voorbeeld :
    [img:40e9a2ba0c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:40e9a2ba0c]


    Dit zal [b:40e9a2ba0c]ComboFix[/b:40e9a2ba0c] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:40e9a2ba0c]Combofix.txt[/b:40e9a2ba0c] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes!

    Pim

  • Zoals je merkt ben ik niet geen computer expert, je hulp wordt zeer gewaardeerd. Hierbij de logs:

    ComboFix 07-10-05.3 - Maasbach 2007-10-05 12:34:46.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.213 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Maasbach\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Maasbach\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))
    .

    2007-10-01 21:58 <DIR> d——– C:\Program Files\RegCleaner
    2007-10-01 21:32 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-01 18:58 <DIR> d——– C:\Program Files\Avira
    2007-10-01 18:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2007-09-30 12:55 <DIR> d——– C:\Program Files\Uniblue
    2007-09-29 19:54 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\Uniblue
    2007-09-29 18:23 <DIR> d——– C:\Program Files\SPYWAREfighter
    2007-09-28 18:02 2,560 –a—— C:\WINDOWS\system32\drivers\mchInjDrv.sys
    2007-09-28 17:48 <DIR> d——– C:\Program Files\CDBurnerXP
    2007-09-28 10:18 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Ahead
    2007-09-24 18:53 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Google
    2007-09-23 11:06 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-23 10:12 <DIR> d——– C:\WINDOWS\pss
    2007-09-22 08:18 <DIR> dr——- C:\Documents and Settings\LocalService\Favorieten
    2007-09-16 23:20 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\SurfRight
    2007-09-16 16:22 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-09-16 11:36 <DIR> d——– C:\Program Files\iTunes
    2007-09-16 11:36 <DIR> d——– C:\Program Files\iPod
    2007-09-15 20:12 <DIR> d——– C:\Program Files\Adssite Advanced Toolbar
    2007-09-15 20:12 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\Adssite Advanced Toolbar
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Shared
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Incomplete
    2007-09-14 18:50 <DIR> d——– C:\Documents and Settings\Maasbach\Application Data\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-05 12:20 ——— d——– C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-05 11:50 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Skype
    2007-10-03 14:30 ——— d——– C:\Program Files\Google
    2007-10-02 20:23 ——— d——– C:\Documents and Settings\All Users\Application Data\Google
    2007-10-02 20:19 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-10-02 20:19 ——— d——– C:\Program Files\CyberLink
    2007-10-01 23:16 ——— d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-01 22:46 ——— d——– C:\Program Files\Spyware Doctor
    2007-10-01 22:46 ——— d——– C:\Program Files\Hitman Pro
    2007-10-01 22:41 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-28 10:30 ——— d——– C:\Documents and Settings\Maasbach\Application Data\uTorrent
    2007-09-24 19:04 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Lavasoft
    2007-09-21 18:03 ——— d——– C:\Program Files\DVD Shrink
    2007-09-16 14:08 ——— d——– C:\Program Files\Apple Software Update
    2007-09-15 20:11 ——— d——– C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-14 19:14 ——— d——– C:\Documents and Settings\Maasbach\Application Data\Apple Computer
    2007-08-30 21:46 40256 –a—— C:\WINDOWS\system32\drivers\Xprotector.sys
    2007-08-18 13:07 50620 –a—— C:\WINDOWS\system32\command.com
    2007-08-18 13:06 ——— d——– C:\Program Files\Compedia Multimedia
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-07-26 10:05]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-07-26 09:45]
    "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-06-23 16:35]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-09-06 15:27]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 20:25]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56]
    Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-12-04 20:26:58]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

    R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Xprotector.sys
    R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-28 16:05:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-05 12:37:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-05 12:38:18
    C:\ComboFix-quarantined-files.txt … 2007-10-05 12:38
    C:\ComboFix2.txt … 2007-10-05 11:47
    C:\ComboFix3.txt … 2007-09-23 11:27
    .
    — E O F —

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:39:45, on 5-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maasbach\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe


    End of file - 7330 bytes
  • Download OTMoveIt (by OldTimer) naar je Bureaublad.
    [list:76a2023927]
    Dubbelklik op [b:76a2023927]OTMoveIt.exe[/b:76a2023927] om de tool te starten.
    Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst:
    [b:76a2023927]
    C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    C:\Documents and Settings\All Users\Application Data\Symantec
    [/b:76a2023927]
    Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:76a2023927]Paste List of Files/Folders to be moved" venster[/b:76a2023927]
    Klik op de rode
  • C:\WINDOWS\system32\Drivers\mchInjDrv.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate moved successfully.
    C:\Documents and Settings\All Users\Application Data\Symantec moved successfully.

    Created on 10-05-2007 13:23:31
  • Ziet er goed uit!

    Doe het volgende nog even.

    Verwijder onderstaande mappen
    C:\[b:5a5fd54137]OTMoveIt[/b:5a5fd54137]
    C:\[b:5a5fd54137]Qoobox[/b:5a5fd54137]

    Download ATF Cleaner

    Dubbelklik op [b:5a5fd54137]ATF cleaner[/b:5a5fd54137] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:5a5fd54137]Firefox[/b:5a5fd54137] als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:5a5fd54137]Opera[/b:5a5fd54137] als browser:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop [b:5a5fd54137]Exit [/b:5a5fd54137]om het programma af te sluiten.

    Schakel systeemherstel uit, herstart je computer en schakel systeemherstel weer in. Zo haal eventuele resten van malware uit je systeemherstel. Zie hier hoe dat moet

    Hoe is het inmiddels met je problemen?

    Pim
  • Verwijder onderstaande mappen
    C:\OTMoveIt
    C:\Qoobox

    Bedoel je hiermee vanuit de verkenner of verwijderen met OTmove?

    Computer werkt inmiddels weer als vanouds, dank alvast.
  • Die kan je verwijderen m.b.v. de verkenner.
    Combofix en OTmoveit mag je ook verwijderen van je bureaublad, evenals Hijackthis.
  • Beste Pim,


    Allemaal gelukt pc loopt weer als een zonnetje, bedankt voor je hulp en bedankt voor je geduld.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.