Mededeling

Collapse
No announcement yet.

Trage laptop, veel foutmeldingen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Trage laptop, veel foutmeldingen

    Hoi,

    De laatste tijd merkte ik dat mijn laptop heel erg sloom deed(trage start, hoge CPU etc). Tegelijktijd kreeg het ook veel foutmeldingen en irritante pop-ups bij IE7, terwijl niet in gebruik.

    Ik heb de volgende anti-spyware gebruikt: Ad-ware, Spybot S&D en Ewido.
    Meerdere malen kwam ik dropper.agent.dgo tegen!

    De logjes:

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________

    Name: Backdoor.Agent.dbm
    Path: C:\Documents and Settings\Glin\Local Settings\Temporary Internet Files\Content.IE5\529VR4JT\gamadril20071203[1]
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\Program Files\Dell Support\DSAgnt.exe
    Risk: High

    Name: Downloader.VB.ccs
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP707\A0069329.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP707\A0069330.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP707\A0069345.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP707\A0069380.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP707\A0069388.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0070383.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0070392.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0070435.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0070445.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0071435.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0071443.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0071475.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP708\A0071484.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071508.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071536.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071546.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071572.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071580.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP709\A0071581.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP710\A0072571.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP710\A0072581.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP710\A0072651.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072683.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072705.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072713.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072735.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072742.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072744.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072772.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072795.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072803.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072805.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072837.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072859.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072880.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072886.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072887.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072888.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072889.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0072890.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0073890.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074889.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074895.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074896.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074898.EXE
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074899.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074900.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP711\A0074907.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0075900.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0075909.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0075960.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0076959.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP712\A0077960.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\WINDOWS\system32\ctfmon.exe.tmp
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\WINDOWS\system32\fccdc.exe
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
    Risk: High

    Name: Dropper.Agent.dgo
    Path: C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
    Risk: High

    -------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:37:40, on 2/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    F3 - REG:win.ini: load=C:\WINDOWS\system32\fccdc.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [2c2a0e48] rundll32.exe "C:\WINDOWS\system32\ncbctwnj.dll",b
    O4 - HKLM\..\Run: [BM2f193dd4] Rundll32.exe "C:\WINDOWS\system32\vryglwcf.dll",s
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\smguxvks.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7995 bytes


    Alvast bedankt!
    Labels: Geen
    • Citaat
  • #2
    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)

    Klik op 'Fix checked' om de items te verwijderen.

    Plaats ook een nieuw HijackThis log.
    • Citaat

    Comment

    • #3
      ComboFix 08-02.05.3 - Glin 2008-02-06 9:25:54.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.529 [GMT 1:00]
      Running from: C:\Documents and Settings\Glin\Desktop\ComboFix.exe
      * Created a new restore point

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\fccdc.dll
      C:\WINDOWS\system32\iifdbca.dll
      C:\WINDOWS\system32\qyracngt.dll
      C:\Program Files\Temporary
      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\WINDOWS\powerplayer.dll
      C:\WINDOWS\psnetwork.dll
      C:\WINDOWS\system32\apmasrtr.ini
      C:\WINDOWS\system32\arbriddl.ini
      C:\WINDOWS\system32\beqdcvhj.dll
      C:\WINDOWS\system32\bhuioncy.dll
      C:\WINDOWS\system32\bkeppghi.dll
      C:\WINDOWS\system32\blcmkxvd.ini
      C:\WINDOWS\system32\boktftxg.dll
      C:\WINDOWS\system32\bqyshkyx.exe
      C:\WINDOWS\system32\cdccf.ini
      C:\WINDOWS\system32\cdccf.ini2
      C:\WINDOWS\system32\chiiyapb.ini
      C:\WINDOWS\system32\ctfmon.exe.tmp
      C:\WINDOWS\system32\dhdvsdnm.ini
      C:\WINDOWS\system32\dicfktps.dll
      C:\WINDOWS\system32\dvxkmclb.dll
      C:\WINDOWS\system32\eppvavrm.ini
      C:\WINDOWS\system32\evkfotbt.dll
      C:\WINDOWS\system32\f1
      C:\WINDOWS\system32\fasmphbw.dll
      C:\WINDOWS\system32\fccdc.dll
      C:\WINDOWS\system32\fccdc.exe
      C:\WINDOWS\system32\fofypiwp.ini
      C:\WINDOWS\system32\fpekgtho.exe
      C:\WINDOWS\system32\fsaugyin.dll
      C:\WINDOWS\system32\fssuswqw.dll
      C:\WINDOWS\system32\gdsmppvr.ini
      C:\WINDOWS\system32\glavkwlk.ini
      C:\WINDOWS\system32\haiyqlyk.dll
      C:\WINDOWS\system32\hxjqabju.dll
      C:\WINDOWS\system32\iifdbca.dll
      C:\WINDOWS\system32\iptpgyqs.ini
      C:\WINDOWS\system32\ixebqcpi.ini
      C:\WINDOWS\system32\jnwtcbcn.ini
      C:\WINDOWS\system32\khmfxesu.exe
      C:\WINDOWS\system32\kvejlokc.ini
      C:\WINDOWS\system32\lgajbdmd.ini
      C:\WINDOWS\system32\linmcfdq.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\mrvavppe.dll
      C:\WINDOWS\system32\mxschpne.dll
      C:\WINDOWS\system32\nlyxjwmd.ini
      C:\WINDOWS\system32\nrpqktiv.ini
      C:\WINDOWS\system32\nsfjwcyv.dll
      C:\WINDOWS\system32\oirwhgkf.ini
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\pcuntftr.ini
      C:\WINDOWS\system32\pjknrlxh.exe
      C:\WINDOWS\system32\qaxuwujx.dll
      C:\WINDOWS\system32\qghegytr.exe
      C:\WINDOWS\system32\qhubmcte.dll
      C:\WINDOWS\system32\qyracngt.dll
      C:\WINDOWS\system32\qyracngt.dllbox
      C:\WINDOWS\system32\rfcsktbs.exe
      C:\WINDOWS\system32\rhiqtbjd.exe
      C:\WINDOWS\system32\rtrsampa.dll
      C:\WINDOWS\system32\rvppmsdg.dll
      C:\WINDOWS\system32\sedvrtpb.exe
      C:\WINDOWS\system32\sfltakyj.dll
      C:\WINDOWS\system32\svejeodt.ini
      C:\WINDOWS\system32\tcfxxwig.dll
      C:\WINDOWS\system32\ukheohfw.dll
      C:\WINDOWS\system32\uoevacmt.ini
      C:\WINDOWS\system32\vewhcybr.ini
      C:\WINDOWS\system32\vggrqaky.exe
      C:\WINDOWS\system32\vitkqprn.dll
      C:\WINDOWS\system32\vryglwcf.dll
      C:\WINDOWS\system32\wgfhxomi.dll
      C:\WINDOWS\system32\windows
      C:\WINDOWS\system32\wwtdffxs.dll
      C:\WINDOWS\system32\xxpyiuft.ini
      C:\WINDOWS\system32\y2
      C:\WINDOWS\system32\ydvwvsry.exe
      C:\WINDOWS\system32\yvoydvoy.dll
      C:\WINDOWS\ystem~1

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_DOMAINSERVICE
      -------\DomainService


      ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
      .

      2008-02-05 22:08 . 2004-08-04 12:00 388,608 --a------ C:\kmd.exe
      2008-02-05 19:44 . 2008-02-05 19:44 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
      2008-02-05 19:44 . 2008-02-05 19:44 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
      2008-02-05 13:03 . 2008-02-05 13:03 90,688 --a------ C:\WINDOWS\system32\ncbctwnj.dll
      2008-01-29 13:56 . 2008-01-29 13:56 <DIR> d-------- C:\Program Files\nLite
      2008-01-29 13:03 . 2008-02-06 02:22 16,540 --a------ C:\WINDOWS\BM2f193dd4.xml
      2008-01-29 13:03 . 2008-02-06 09:26 21 --a------ C:\WINDOWS\pskt.ini
      2008-01-26 22:57 . 2006-02-17 06:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
      2008-01-26 22:57 . 2006-02-17 06:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
      2008-01-14 22:34 . 2008-01-14 22:34 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-14 22:34 . 2008-01-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-05 12:05 --------- d-----w C:\Program Files\mIRC
      2008-02-04 21:11 --------- d-----w C:\Documents and Settings\Glin\Application Data\uTorrent
      2008-02-04 16:03 --------- d-----w C:\Program Files\Dell Support
      2008-01-31 23:04 --------- d-----w C:\Documents and Settings\Glin\Application Data\Skype
      2008-01-14 21:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-14 21:08 --------- d-----w C:\Documents and Settings\Glin\Application Data\Lavasoft
      2008-01-05 22:30 --------- d-----w C:\Program Files\QuickTime
      2008-01-05 20:08 --------- d-----w C:\Program Files\iTunes
      2008-01-05 13:35 --------- d-----w C:\Program Files\Soulseek
      2008-01-03 12:33 --------- d-----w C:\Program Files\VideoLAN
      2008-01-03 09:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-01-03 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-03 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-02 01:41 --------- d-----w C:\Program Files\Trend Micro
      2007-12-16 19:37 --------- d-----w C:\Program Files\iPod
      2007-12-16 19:34 --------- d-----w C:\Program Files\Apple Software Update
      2007-12-16 19:33 --------- d-----w C:\Program Files\Common Files\Apple
      2007-12-16 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2006-05-06 15:02 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .
      Code:
      <pre>
----a-w            39,792 2008-01-03 00:57:48  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            81,920 2008-01-03 00:57:23  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w            86,016 2008-01-03 00:57:24  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w            68,856 2008-01-03 00:58:09  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w         6,731,312 2008-01-14 16:30:20  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas       .exe
----a-w           267,048 2008-01-05 12:11:54  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            32,881 2008-01-03 00:57:20  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w           217,088 2008-01-03 00:57:36  C:\Program Files\Logitech\Video\LogiTray .exe
----a-w         1,460,560 2008-01-03 00:58:19  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           761,947 2008-01-03 00:57:25  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           823,362 2008-01-03 00:57:33  C:\Program Files\Trend Micro\Internet Security 12\pccguide .exe
----a-w           176,201 2008-01-03 00:58:01  C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
----a-w           208,952 2008-02-06 08:15:12  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w            15,360 2008-02-06 08:15:25  C:\WINDOWS\system32\ctfmon .exe
----a-w            77,824 2008-01-03 00:57:40  C:\WINDOWS\system32\hkcmd .exe
----a-w           114,688 2008-01-03 00:57:42  C:\WINDOWS\system32\igfxpers .exe
----a-w            94,208 2008-01-03 00:57:39  C:\WINDOWS\system32\igfxtray .exe
----a-w           221,184 2008-01-03 00:57:33  C:\WINDOWS\system32\LVCOMSX .EXE
----a-w         1,392,640 2008-01-03 00:57:30  C:\WINDOWS\system32\WLTRAY .exe
----a-w            59,392 2008-02-06 08:15:12  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w           455,168 2008-02-06 08:15:09  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
</pre>

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [ ]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
      "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 12:00 208952]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 12:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 12:00 455168]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [ ]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 12:00 59392]
      "2c2a0e48"="C:\WINDOWS\system32\ncbctwnj.dll" [2008-02-05 13:03 90688]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-17 06:10:26 24576]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "DellSupport"="C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
      "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

      R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-22 02:18]
      S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
      S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
      S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
      S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7063e90-15a3-11db-9045-00142294e5cf}]
      \Shell\AutoRun\command - E:\reper.exe

      .
      Contents of the 'Scheduled Tasks' folder
      "2008-01-24 11:21:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-11 16:18:50 C:\WINDOWS\Tasks\Easy Onderhoud.job"
      - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
      "2008-02-05 13:10:29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5BAC1AAC-8758-44FB-B5D7-295CE606CB0C}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-06 09:46:29
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\system32\ncbctwnj.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\brss01a.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2008-02-06 9:49:23 - machine was rebooted [Glin]
      ComboFix-quarantined-files.txt 2008-02-06 08:49:18
      .
      2008-01-10 01:56:26 --- E O F ---

      --------------------------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:21:30, on 2/6/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5700.0006)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\brss01a.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [2c2a0e48] rundll32.exe "C:\WINDOWS\system32\ncbctwnj.dll",b
      O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

      --
      End of file - 6901 bytes

      Alstublieft
      • Citaat

      Comment

      • #4
        Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
        • Code:
           
File::
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\ncbctwnj.dll
C:\reper.exe

RENV::
----a-w            39,792 2008-01-03 00:57:48  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            81,920 2008-01-03 00:57:23  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w            86,016 2008-01-03 00:57:24  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w            68,856 2008-01-03 00:58:09  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w         6,731,312 2008-01-14 16:30:20  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas       .exe
----a-w           267,048 2008-01-05 12:11:54  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            32,881 2008-01-03 00:57:20  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w           217,088 2008-01-03 00:57:36  C:\Program Files\Logitech\Video\LogiTray .exe
----a-w         1,460,560 2008-01-03 00:58:19  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           761,947 2008-01-03 00:57:25  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           823,362 2008-01-03 00:57:33  C:\Program Files\Trend Micro\Internet Security 12\pccguide .exe
----a-w           176,201 2008-01-03 00:58:01  C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
----a-w           208,952 2008-02-06 08:15:12  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w            15,360 2008-02-06 08:15:25  C:\WINDOWS\system32\ctfmon .exe
----a-w            77,824 2008-01-03 00:57:40  C:\WINDOWS\system32\hkcmd .exe
----a-w           114,688 2008-01-03 00:57:42  C:\WINDOWS\system32\igfxpers .exe
----a-w            94,208 2008-01-03 00:57:39  C:\WINDOWS\system32\igfxtray .exe
----a-w           221,184 2008-01-03 00:57:33  C:\WINDOWS\system32\LVCOMSX .EXE
----a-w         1,392,640 2008-01-03 00:57:30  C:\WINDOWS\system32\WLTRAY .exe
----a-w            59,392 2008-02-06 08:15:12  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w           455,168 2008-02-06 08:15:09  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7063e90-15a3-11db-9045-00142294e5cf}]

        Sla dit op op je Bureaublad als CFScript.txt.

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.

        Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

        Heb je op E: een USB aansluiting?
        Last edited by Steggel; 06-02-08, 11:00.
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X