Mededeling

**Marckie** · 30-01-08, 09:18

Je hijackthislogje vertoont geen sporen van malware Emile.
Download combofix.exe: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**Roxas** · 30-01-08, 18:01

de log:

ComboFix 08-01-30.6 - HP_Eigenaar 2008-01-30 17:35:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.62 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Eigenaar\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))
.

2008-01-29 20:54 . 2008-01-29 20:54 <DIR> dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2008-01-29 20:44 . 2008-01-29 20:44 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Nero
2008-01-29 20:28 . 2008-01-29 20:28 <DIR> d-------- C:\Program Files\Nero
2008-01-29 20:28 . 2008-01-29 20:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-29 20:28 . 2008-01-29 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-29 19:02 . 2008-01-29 19:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-29 17:20 . 2008-01-29 17:20 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\TuneUp Software
2008-01-29 17:20 . 2008-01-29 17:20 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-29 17:20 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-29 17:19 . 2008-01-29 17:32 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-29 17:19 . 2008-01-29 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-28 22:36 . 2008-01-28 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-01-28 19:58 . 2008-01-28 19:58 <DIR> d-------- C:\Program Files\VD
2008-01-28 18:21 . 2008-01-28 18:21 <DIR> d-------- C:\Program Files\VSO
2008-01-28 18:21 . 2008-01-29 17:32 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Vso
2008-01-28 18:21 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-01-28 18:21 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-01-28 18:21 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-01-28 18:21 . 2008-01-28 18:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-28 18:21 . 2008-01-28 18:21 47,360 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys
2008-01-28 17:47 . 2008-01-28 18:19 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 17:27 . 2008-01-28 17:28 <DIR> d-------- C:\Program Files\DLDIrc
2008-01-27 16:44 . 2008-01-27 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 14:20 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-01-27 14:20 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-01-27 14:20 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-01-27 14:20 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-01-27 14:19 . 2008-01-29 16:30 <DIR> d-------- C:\Program Files\LogMeIn
2008-01-26 18:26 . 2008-01-26 18:27 <DIR> d-------- C:\Program Files\Shareaza
2008-01-26 16:05 . 2008-01-26 16:05 <DIR> d-------- C:\Program Files\GrabIt
2008-01-24 16:41 . 2008-01-24 16:41 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2008-01-24 16:41 . 2008-01-24 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-01-22 08:22 . 2008-01-30 09:40 <DIR> d-------- C:\Documents and Settings\Wilma\Application Data\AVG7
2008-01-21 16:03 . 2008-01-21 16:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-21 15:56 . 2008-01-29 22:30 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\AVG7
2008-01-21 15:56 . 2008-01-21 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 15:56 . 2008-01-21 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-21 15:56 . 2008-01-21 15:56 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2008-01-21 15:56 . 2008-01-21 15:56 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-20 21:53 . 2005-03-29 18:51 <DIR> d-------- C:\Documents and Settings\Gast\WINDOWS
2008-01-20 21:53 . 2007-12-26 06:19 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-01-20 21:53 . 2008-01-20 21:53 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-01-20 21:53 . 2004-12-03 19:49 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-01-20 21:53 . 2008-01-20 21:53 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-01-20 21:53 . 2007-12-26 06:17 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-01-20 21:53 . 2008-01-20 21:53 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-01-20 21:53 . 2008-01-21 15:53 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-01-20 21:53 . 2005-03-29 19:07 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec
2008-01-20 21:53 . 2005-03-29 19:00 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\SampleView
2008-01-20 21:53 . 2005-03-29 18:50 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Apple Computer
2008-01-18 16:19 . 2008-01-22 17:42 <DIR> d-------- C:\Program Files\WiFiConnector
2008-01-18 14:55 . 2008-01-18 14:55 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Motive
2008-01-17 14:05 . 2008-01-17 14:05 25,601 --a------ C:\WINDOWS\CSTBox.INI
2008-01-17 13:56 . 2008-01-17 14:05 <DIR> d-------- C:\Documents and Settings\Wilma\Application Data\Canon
2008-01-16 18:09 . 2008-01-16 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-16 17:32 . 2008-01-16 17:35 <DIR> d-------- C:\Program Files\SMAC
2008-01-16 17:32 . 1999-12-07 07:00 61,491 --a------ C:\WINDOWS\system32\wbemdisp.TLB
2008-01-16 16:43 . 2008-01-16 16:45 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Shared
2008-01-16 16:43 . 2008-01-16 16:46 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Incomplete
2008-01-16 16:42 . 2008-01-16 16:46 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\FrostWire
2008-01-16 16:26 . 2008-01-20 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Banner Maker Pro 7
2008-01-15 17:53 . 2008-01-26 18:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\LimeWire
2008-01-13 20:33 . 2008-01-13 20:33 <DIR> d-------- C:\Program Files\SpacialAudio
2008-01-13 20:33 . 2008-01-13 20:33 <DIR> d-------- C:\Program Files\Firebird
2008-01-13 20:33 . 2004-07-14 01:05 356,431 --a------ C:\WINDOWS\system32\GDS32.DLL
2008-01-13 17:15 . 2008-01-13 17:16 <DIR> d-------- C:\Program Files\RadioXpi
2008-01-12 23:48 . 2008-01-12 23:48 <DIR> d-------- C:\Program Files\sms express
2008-01-12 18:00 . 2008-01-12 18:00 <DIR> d-------- C:\Program Files\iMesh Applications
2008-01-12 18:00 . 2008-01-26 18:04 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\iMesh
2008-01-12 18:00 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-12 17:57 . 2008-01-12 17:57 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-01-12 17:57 . 2008-01-29 20:04 <DIR> d-------- C:\Downloads
2008-01-12 17:57 . 2008-01-29 20:04 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Orbit
2008-01-12 16:20 . 2008-01-27 16:02 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\gtk-2.0
2008-01-12 16:20 . 2008-01-12 16:20 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\.thumbnails
2008-01-12 16:16 . 2008-01-27 16:02 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\.gimp-2.4
2008-01-12 16:14 . 2008-01-12 16:14 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-01-11 20:40 . 2007-12-17 03:34 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-01-11 20:39 . 2008-01-11 20:39 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-01-11 19:33 . 2008-01-29 19:49 <DIR> d-------- C:\Program Files\Paint.NET
2008-01-11 15:01 . 2008-01-11 15:01 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-11 15:00 . 2008-01-11 15:01 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\SystemRequirementsLab
2008-01-08 18:15 . 2008-01-08 18:15 <DIR> d-------- C:\Program Files\VST
2008-01-08 18:15 . 2008-01-08 18:15 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-01-08 18:15 . 2008-01-08 18:15 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-01-08 18:15 . 2008-01-08 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-01-08 18:15 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-01-07 23:29 . 2008-01-07 23:29 <DIR> d-------- C:\Documents and Settings\Wilma\Contacts
2008-01-07 18:24 . 2008-01-07 18:24 32 --a------ C:\WINDOWS\go
2008-01-07 11:17 . 2008-01-07 11:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 16:43 . 2008-01-11 20:39 <DIR> d-------- C:\Program Files\TechSmith
2008-01-06 16:43 . 2008-01-11 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-01-06 14:11 . 2008-01-06 14:11 <DIR> d-------- C:\Program Files\Wizzl
2008-01-05 20:14 . 2008-01-05 20:24 681 --a------ C:\WINDOWS\mozver.dat
2008-01-05 18:00 . 2008-01-05 18:42 <DIR> d-------- C:\Program Files\Eraser
2008-01-05 18:00 . 2007-12-08 01:37 311,296 --a------ C:\WINDOWS\system32\Eraser.dll
2008-01-05 18:00 . 2007-12-08 01:41 86,016 --a------ C:\WINDOWS\system32\Erasext.dll
2008-01-05 18:00 . 2007-12-08 01:37 77,824 --a------ C:\WINDOWS\system32\Eraserl.exe
2008-01-04 13:21 . 2008-01-04 13:22 <DIR> d-------- C:\WINDOWS\system32\js
2008-01-04 13:21 . 2008-01-04 13:21 <DIR> d-------- C:\WINDOWS\system32\images

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 14:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 12:11 155,995 ----a-w C:\WINDOWS\java\Packages\OWF3NPRN.ZIP
2007-12-30 16:01 114,688 ----a-w C:\WINDOWS\system32\msvos.dll
2007-12-25 21:54 --------- d-----w C:\Program Files\Java
2007-12-25 20:36 1,855 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PX706AA-ABH t3050.nl_YC_0Pavi_QCZB514_E52NLheBLT2_47_ISalmon_SASUSTek Computer INC._V1.04_B3.10_T050309_WXH2_L413_M384_J160_7AMD_8Sempron_91.81_#071225_N10390900_Z11C1048C_G103963 30.MRK
2007-11-15 17:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 17:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-08 07:19 847,112 ----a-w C:\WINDOWS\system32\hha.dll
2007-11-08 07:19 129,024 ----a-w C:\WINDOWS\system32\msstdfmt.dll
2007-11-08 00:26 228,872 ----a-w C:\WINDOWS\system32\vsjitdebugger.exe
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-10-08 04:38 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-21 15:56 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 15:56 219136]

C:\Documents and Settings\Wilma\Menu Start\Programma's\Opstarten\
SpamFighter.lnk - C:\Program Files\SPAMfighter\SFAgent.exe [2007-12-14 09:55:52 308880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-21 15:56 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Eraser"=C:\Program Files\Eraser\eraser.exe -hide
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-07-14 01:05]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 09:57]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-07-14 01:05]
S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-29 17:20]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2007-11-07 08:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-29 16:20:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- c:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 17:41:45
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-30 17:45:57
ComboFix-quarantined-files.txt 2008-01-30 16:45:51
.
2008-01-09 22:47:37 --- E O F ---

De pc doet nog steeds erg langzaam, voorbeelden:

Opstarten duurt letterlijk een half uur, daarna functioneert alles slecht.

Als ik de PC aan doe en ik krijg dat scherm van XP dan doet die balk er 14 rondjes over
ipv van 4 dagen terug maar 5.

Ik denk zelf dat het meschien aan AVG ligt? want steeds alsik CTRL ALT DELETE doe en
ik kijk bij processen dan heeft et ineens een hele hoge CPU

greets
emile

**Marckie** · 30-01-08, 18:27

In je logje zie ik niet direct wat de oorzaak zou kunnen zijn.
Indien AVG het cpu-verbruik doet stijgen, zou je kunnen overwegen het deïnstalleren en kijken of dat het probleem oplost.
Zorg wel dat je een alternatief hebt dan.

**Roxas** · 30-01-08, 19:15

Het probleempje is ook dat AVG het de eerste 3 weken goed deed, maar ineens niet meer.

Zou herinstaleren helpen?

**Marckie** · 30-01-08, 19:18

Je kan niet meer doen dan een keer proberen.
Als je deïnstalleert, kijk dan eerst of het probleem verholpen is.

**Roxas** · 02-02-08, 13:59

geprobeert, maar als het eraf is, dan zoekt de pc een ander slachtoffer om 90% CPU aan te verspillen.

Ik heb nog 107 GB Vrije ruimte over

Mn ram is wel heel laag volgens mij.

Opstarten blijft langzaam gaan.

Moetik meschien wat software eraf gooien (van spellen bijv)
Of is er een map waar de pc heel veel mee bezig is die ik meschien kan opruimen?

greets
Emile

**Marckie** · 02-02-08, 14:08

Welk process is het dan?

**Roxas** · 02-02-08, 14:13

de ene keer Firefox terwijl er maar 1 schermpje aanstaat.

dan weer ene usnsvc.exe

heel vaak is het scvhost waar er 7 van aanstaan tegelijk.

en ene NMIndexing service

en AVG natuurlijk heel veel:
avgamsvr.exe
avgcc.exe
avgemc.exe
avgfwsrv.exe
avgssvc.exe
avgrssvc.exe
avgupsvc.exe

**Marckie** · 02-02-08, 14:45

Voer de instructies uit die op deze site beschreven worden.
Help! Mijn computer is traag!

**Roxas** · 03-02-08, 15:18

thnxxx

ik ben er achter dat het Resident Shield van AVG is, dat het opstarten met 90%CPU
etc veroorzaakt,

want als die uistaat gaat alles snel.

maar ik moet natuurlijk wel een resident shield hebben.

Enig idee hoe ik kan zorgen dat ie aanstaat + dat die niet voor een hoog CPU en RAM zorgt?

**Marckie** · 03-02-08, 15:51

Schakel hem uit, en probeer TeaTimer van Spybot Search & Destroy eens.
(deze laatste heb je ook geïnstalleerd)

**Roxas** · 06-02-08, 17:22

gaat stukken sneller thnxx!!!

heb je meschien een idee waarmee ik kan uitzetten dat hij automatisch update met opstarten? dat doe ik altijd liever handmatig

**Marckie** · 07-02-08, 00:36

Je bedoelt Windows update?

**Roxas** · 07-02-08, 21:20

Nee de update van AVG Antivirus.

BTW
Ik had gister een keylogger perongeluk gedownload, die is er wel af, maar ik vertrouw het nog niet zo, zie je meschien nog iets verdachts in de volgende log?
:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix(2)\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: TeaTimer.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7202 bytes

greetssss

Mededeling

ineens ENORME sloomheid

ineens ENORME sloomheid

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment