Mededeling

Collapse
No announcement yet.

webcry-spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • webcry-spyware

    Hallo, Eagle Creek, onderstaand logje van mijn PC.

    Probleem: Openen I.E. = 'about blank'
    Vervolgens toch via google websites aanklikken: word steevast doorgestuurd naar een site die begint met www.webcry..... (porno en andere),
    plus de pc werkt enorm traag, duurde een ganse dag gisteren voor spybot en ad-aware hun werk te laten doen (gelukt overigens, al bleef ad aware op ong 95% hangen bij 'scanning folders - conditional' en heb ik het met succes overgedaan via smart scan of zoiets (ook van ad-aware natuurlijk)

    Hopelijk slaat "gewenste moeilijkheid bij antwoorden: expert 5" op U, want ik ben een beginneling en had, geloof ik, 2 aangekruist als gew.moeilijkh.

    Alvast bedankt,

    Makke




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:07:30, on 2/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - C:\Program Files\Sotfone\1201687376.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8633DD} - C:\Program Files\Helper\1201687363.dll (file missing)
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll (file missing)
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2324A9D4-5162-4901-8E64-0B00AD60C677}: NameServer = 208.67.222.222
    O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.spele.nl/images/bg.jpg

    --
    End of file - 8124 bytes

  • #2
    Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer
    - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - C:\Program Files\Sotfone\1201687376.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8633DD} - C:\Program Files\Helper\1201687363.dll (file missing)
    O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll (file missing)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Download Combofix naar je bureaublad

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
    Groet,
    Pimmerd

    Comment


    • #3
      webcry-spyware

      ik krijg een blanco scherm met een rood kruisje als ik klik op ResetTeaTimer.bat, en verder gebeurt er niets. Als ik scherm vernieuw verandert rood kruisje in logo met drie meetkundige figuurtjes maar verder niets
      groeten
      makke


      Oorspronkelijk geplaatst door Pimmerd Bekijk Berichten
      Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
      - Start Spybot
      - Ga naar Mode > selecteer Advanced Mode
      - Ga naar Tools en klik op het Resident-icoon in de lijst
      - Haal het vinkje weg bij Resident TeaTimer en klik OK
      - Herstart de computer
      - Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat naar je Bureaublad.
      Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

      Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

      R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - C:\Program Files\Sotfone\1201687376.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
      O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
      O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8633DD} - C:\Program Files\Helper\1201687363.dll (file missing)
      O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll (file missing)
      O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
      O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
      O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)

      Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

      Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix naar je bureaublad

      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

      Dubbelklik op combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.

      Comment


      • #4
        Voer resetteatimer.bat maar uit en ga verder met de rest van de stappen
        Groet,
        Pimmerd

        Comment


        • #5
          webcry-spyware

          Hallo Pimmerd,

          met enige moeite en héél véél geduld eindelijk de logjes:

          1° COMBOFIXLOGje:

          ComboFix 08-02.03.1 - marc 2008-02-03 20:11:24.1 - NTFSx86
          Gestart vanuit: C:\Documents and Settings\marc\Bureaublad\ComboFixdownload.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
          C:\WINDOWS\ddwlxtqxdm.dll
          C:\WINDOWS\system32\f3PSSavr.scr

          ----- BITS: Mogelijk geïnfecteerde sites -----

          hxxp://77.91.228.186

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
          .

          2008-02-02 09:55 . 2008-02-02 09:55 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-01 22:47 . 2008-02-01 22:47 76 --ah----- C:\aaw7boot.cmd
          2008-02-01 17:23 . 2008-02-01 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-02-01 17:19 . 2008-02-01 17:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-01 13:13 . 2008-02-01 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-02-01 13:13 . 2008-02-01 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-01 10:58 . 2008-02-01 10:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
          2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d-------- C:\Documents and Settings\marc\Application Data\Grisoft
          2008-01-31 16:17 . 2008-01-31 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-01-31 16:17 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2008-01-31 15:40 . 2008-01-31 15:40 <DIR> d-------- C:\Program Files\Enigma Software Group
          2008-01-31 11:35 . 2008-01-31 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
          2008-01-31 11:23 . 2008-01-31 11:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
          2008-01-30 11:02 . 2008-02-03 19:49 <DIR> d-------- C:\Program Files\Sotfone
          2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
          2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
          2008-01-16 23:23 . 2008-01-16 21:12 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
          2008-01-16 23:21 . 2008-01-16 23:22 <DIR> d-------- C:\Program Files\MediaRoverCodec

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-03 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-03 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-02-01 16:23 --------- d-----w C:\Program Files\Lavasoft
          2008-02-01 11:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-31 08:58 --------- d-----w C:\Program Files\Common Files\InstallShield
          2008-01-31 08:42 --------- d-----w C:\Documents and Settings\lissa\Application Data\ROXIO
          2008-01-31 08:34 --------- d-----w C:\Program Files\Java
          2008-01-23 20:19 --------- d-----w C:\Program Files\Windows Live
          2008-01-23 20:16 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-16 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
          2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
          2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
          2008-01-06 22:11 --------- d-----w C:\Documents and Settings\marc\Application Data\U3
          2007-12-27 05:29 --------- d-----w C:\Program Files\Norton Internet Security
          2007-12-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-12-05 16:43 --------- d-----w C:\Program Files\Symantec
          2007-12-05 16:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2007-12-05 16:42 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2007-12-05 16:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2007-09-06 10:42 0 ----a-w C:\Documents and Settings\marc\us0129.exe
          2006-05-22 07:54 49,465 ----a-w C:\Program Files\moviepass Terms.html
          2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
          2007-05-05 17:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
          2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
          2008-01-31 08:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 10:44 188416]
          "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648]
          "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
          "Cmaudio"="cmicnfg.cpl"
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-28 14:10 282624]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
          "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
          "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
          "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
          "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 13:35 152952]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "DisableTaskMgr"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "NoActiveDesktopChanges"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

          R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
          R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
          R2 PPPoEService;PPPoE Service;C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe [2000-07-11 10:48]
          R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
          R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
          S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2001-08-03 11:32]
          S3 RAWESR;RAWESR;C:\PROGRA~1\Alcatel\ENTERN~1\app\RAWESR.SYS [2001-08-06 10:43]
          S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
          S3 TAPBIND;TAPBIND;C:\PROGRA~1\Alcatel\ENTERN~1\app\TAPBIND1.SYS [2001-08-07 12:07]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
          \Shell\AutoRun\command - E:\LaunchU3.exe -a

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c22595-74bb-11dc-9835-000d8752061d}]
          \Shell\AutoRun\command - E:\LaunchU3.exe -a

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97491b40-c9e5-11dc-9916-000d8752061d}]
          \Shell\AutoRun\command - E:\AutoeuVOX.exe

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-05-12 16:33:51 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
          - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
          "2008-01-31 11:10:53 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - marc.job"
          - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
          "2008-01-31 10:36:05 C:\WINDOWS\Tasks\Pareto UNS.job"
          - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-03 20:24:37
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-03 20:30:21
          ComboFix-quarantined-files.txt 2008-02-03 19:30:04
          .
          2007-12-14 05:53:12 --- E O F ---

          2° HIJACKLOGje:


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:40:21, on 3/02/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16544)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\WINDOWS\system32\cisvc.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
          C:\WINDOWS\system32\cidaemon.exe
          C:\WINDOWS\system32\cidaemon.exe
          C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
          O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
          O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
          O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
          O17 - HKLM\System\CCS\Services\Tcpip\..\{2324A9D4-5162-4901-8E64-0B00AD60C677}: NameServer = 208.67.222.222
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
          O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
          O24 - Desktop Component 0: (no name) - http://www.spele.nl/images/bg.jpg

          --
          End of file - 7195 bytes

          Comment


          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\WINDOWS\fxtqdrl.exe

            Folder::
            C:\Program Files\MediaRoverCodec

            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

            Hoe is het met je problemen?
            Groet,
            Pimmerd

            Comment


            • #7
              webcry-spyware

              Hallo Pimmerd,

              ik geraak nog steeds niet op een gewone manier in mijn berichten, maar dat terzijde. De pc is nog steeds enorm traag.

              Heb tot nu toe wel alles kunnen uitvoeren wat je vroeg: hierbijdµgevoegd de logjes van combofix en hijachthis

              bedankt,
              makke

              ComboFix 08-02.03.1 - marc 2008-02-04 20:06:13.3 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.34 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\marc\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\marc\Bureaublad\CFScript.txt.txt
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

              FILE
              C:\WINDOWS\fxtqdrl.exe
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Program Files\MediaRoverCodec
              C:\Program Files\MediaRoverCodec\install.ico
              C:\WINDOWS\fxtqdrl.exe

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
              .

              2008-02-02 09:55 . 2008-02-02 09:55 <DIR> d-------- C:\Program Files\Trend Micro
              2008-02-01 22:47 . 2008-02-01 22:47 76 --ah----- C:\aaw7boot.cmd
              2008-02-01 17:23 . 2008-02-01 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-02-01 17:19 . 2008-02-01 17:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-02-01 13:13 . 2008-02-01 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
              2008-02-01 13:13 . 2008-02-01 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-02-01 10:58 . 2008-02-01 10:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
              2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d-------- C:\Documents and Settings\marc\Application Data\Grisoft
              2008-01-31 16:17 . 2008-01-31 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2008-01-31 16:17 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
              2008-01-31 15:40 . 2008-01-31 15:40 <DIR> d-------- C:\Program Files\Enigma Software Group
              2008-01-31 11:35 . 2008-01-31 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
              2008-01-31 11:23 . 2008-01-31 11:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
              2008-01-30 11:02 . 2008-02-03 19:49 <DIR> d-------- C:\Program Files\Sotfone
              2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
              2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-02-04 19:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2008-02-04 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2008-02-01 16:23 --------- d-----w C:\Program Files\Lavasoft
              2008-02-01 11:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2008-01-31 08:58 --------- d-----w C:\Program Files\Common Files\InstallShield
              2008-01-31 08:42 --------- d-----w C:\Documents and Settings\lissa\Application Data\ROXIO
              2008-01-31 08:34 --------- d-----w C:\Program Files\Java
              2008-01-23 20:19 --------- d-----w C:\Program Files\Windows Live
              2008-01-23 20:16 --------- d-----w C:\Program Files\MSN Messenger
              2008-01-16 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
              2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
              2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
              2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
              2008-01-06 22:11 --------- d-----w C:\Documents and Settings\marc\Application Data\U3
              2007-12-27 05:29 --------- d-----w C:\Program Files\Norton Internet Security
              2007-12-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
              2007-12-05 16:43 --------- d-----w C:\Program Files\Symantec
              2007-12-05 16:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
              2007-12-05 16:42 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
              2007-12-05 16:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
              2007-09-06 10:42 0 ----a-w C:\Documents and Settings\marc\us0129.exe
              2006-05-22 07:54 49,465 ----a-w C:\Program Files\moviepass Terms.html
              2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
              2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
              2008-01-31 08:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

              [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
              "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

              [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
              "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 10:44 188416]
              "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648]
              "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
              "Cmaudio"="cmicnfg.cpl"
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-28 14:10 282624]
              "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
              "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
              "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
              "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
              "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 13:35 152952]

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
              SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

              R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
              R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
              R2 PPPoEService;PPPoE Service;C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe [2000-07-11 10:48]
              R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
              R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
              S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2001-08-03 11:32]
              S3 RAWESR;RAWESR;C:\PROGRA~1\Alcatel\ENTERN~1\app\RAWESR.SYS [2001-08-06 10:43]
              S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
              S3 TAPBIND;TAPBIND;C:\PROGRA~1\Alcatel\ENTERN~1\app\TAPBIND1.SYS [2001-08-07 12:07]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
              \Shell\AutoRun\command - E:\LaunchU3.exe -a

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c22595-74bb-11dc-9835-000d8752061d}]
              \Shell\AutoRun\command - E:\LaunchU3.exe -a

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97491b40-c9e5-11dc-9916-000d8752061d}]
              \Shell\AutoRun\command - E:\AutoeuVOX.exe

              *Newly Created Service* - COMHOST
              .
              Inhoud van de 'Gedeelde Taken' map
              "2007-05-12 16:33:51 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
              - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
              "2008-02-04 06:05:06 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - marc.job"
              - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
              "2008-01-31 10:36:05 C:\WINDOWS\Tasks\Pareto UNS.job"
              - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-02-04 20:11:55
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-02-04 20:15:00
              ComboFix-quarantined-files.txt 2008-02-04 19:14:39
              ComboFix2.txt 2008-02-04 18:54:19
              ComboFix3.txt 2008-02-03 19:30:24
              .
              2007-12-14 05:53:12 --- E O F ---

              ///////////////////////////////////////////////////////////////////////////////////

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 20:24:51, on 4/02/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16544)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
              C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\WINDOWS\System32\svchost.exe
              C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\notepad.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
              O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
              O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
              O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
              O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
              O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
              O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
              O17 - HKLM\System\CCS\Services\Tcpip\..\{2324A9D4-5162-4901-8E64-0B00AD60C677}: NameServer = 208.67.222.222
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
              O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
              O24 - Desktop Component 0: (no name) - http://www.spele.nl/images/bg.jpg

              --
              End of file - 7096 bytes

              Comment


              • #8
                Ik zie dat je Symantec als virusscanner hebt, die is prima, maar daarnaast heb je ook nog AVG Anti Spyware en Teatimer van Spybot actief draaien wat wel eens die traagheid kan veroorzaken. Schakel deze beide eens uit in de instellingen daarvan, op die manier kunnen we achterhalen waar de traagheid zit.

                Download ATF Cleaner (by Atribune)

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Herstart daarna je PC.
                Meldt daarna ook even hoe het met je problemen is.
                Groet,
                Pimmerd

                Comment


                • #9
                  webcry-spyware

                  Hallo pimmerd,

                  echt vrolijk word ik er nog niet van: 10 min om computer herop te starten, minstens vijf minuten om in te loggen, elke bewerking duurt en duurt....

                  Misschien staat er nog teveel op? Norton+ AVG (was terug actief trouwens na heropstarten) + spybot (teatimer verwijderd) + ad-aware 2007+ad-watch 2007 die na acties opgelegd door jullie achtergebleven zijn...

                  Ik ben nu een beetje kapot, ik kom morgen na mijn werk nog eens piepen of er nog iets kan gebeuren...

                  Geef ik te rap op?

                  Makke

                  Comment


                  • #10
                    Ik zie nogsteeds AVG anti Spyware, Teatimer en SpyNoMore in je logfile staan,
                    dat is denk ik de reden van je traagheid.

                    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                    File::
                    C:\Documents and Settings\marc\us0129.exe

                    Sla dit op op je Bureaublad als CFScript.txt

                    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                    Dit zal ComboFix doen herstarten.
                    Start opnieuw op als daarom gevraagd wordt,
                    en post de inhoud van de Combofix.txt in je volgende antwoord.
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      cryweb-spyware

                      Hallo Pimmerd, heb Spybot, AVG en AD-Aware
                      er af gegooid, en een en ander gaat al wat rapper. Blijft echter nog trager dan normaal en opent nog steeds met about blank.

                      Bedankt
                      Makke



                      ComboFix 08-02.03.1 - marc 2008-02-05 20:33:27.4 - NTFSx86
                      Gestart vanuit: C:\Documents and Settings\marc\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\marc\Bureaublad\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                      FILE
                      C:\Documents and Settings\marc\us0129.exe
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\Documents and Settings\marc\us0129.exe

                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))
                      .

                      2008-02-02 09:55 . 2008-02-02 09:55 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-02-01 22:47 . 2008-02-01 22:47 76 --ah----- C:\aaw7boot.cmd
                      2008-02-01 17:23 . 2008-02-05 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-02-01 13:13 . 2008-02-05 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-02-01 10:58 . 2008-02-01 10:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
                      2008-01-31 16:17 . 2008-01-31 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2008-01-31 15:40 . 2008-01-31 15:40 <DIR> d-------- C:\Program Files\Enigma Software Group
                      2008-01-31 11:35 . 2008-01-31 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
                      2008-01-31 11:23 . 2008-01-31 11:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
                      2008-01-30 11:02 . 2008-02-03 19:49 <DIR> d-------- C:\Program Files\Sotfone
                      2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
                      2008-01-23 20:02 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-02-05 19:09 --------- d-----w C:\Program Files\Lavasoft
                      2008-02-05 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                      2008-02-05 17:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                      2008-02-01 11:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-01-31 08:58 --------- d-----w C:\Program Files\Common Files\InstallShield
                      2008-01-31 08:42 --------- d-----w C:\Documents and Settings\lissa\Application Data\ROXIO
                      2008-01-31 08:34 --------- d-----w C:\Program Files\Java
                      2008-01-23 20:19 --------- d-----w C:\Program Files\Windows Live
                      2008-01-23 20:16 --------- d-----w C:\Program Files\MSN Messenger
                      2008-01-16 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
                      2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
                      2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
                      2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
                      2008-01-06 22:11 --------- d-----w C:\Documents and Settings\marc\Application Data\U3
                      2007-12-27 05:29 --------- d-----w C:\Program Files\Norton Internet Security
                      2007-12-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                      2007-12-05 16:43 --------- d-----w C:\Program Files\Symantec
                      2007-12-05 16:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                      2007-12-05 16:42 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                      2007-12-05 16:42 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                      2007-12-05 16:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                      2006-05-22 07:54 49,465 ----a-w C:\Program Files\moviepass Terms.html
                      2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
                      2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                      2008-01-31 08:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                      {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

                      [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
                      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
                      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

                      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                      "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

                      [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
                      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
                      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 10:44 188416]
                      "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648]
                      "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
                      "Cmaudio"="cmicnfg.cpl"
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-28 14:10 282624]
                      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
                      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
                      "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 13:35 152952]

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

                      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
                      R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
                      R2 PPPoEService;PPPoE Service;C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe [2000-07-11 10:48]
                      R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                      S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
                      S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2001-08-03 11:32]
                      S3 RAWESR;RAWESR;C:\PROGRA~1\Alcatel\ENTERN~1\app\RAWESR.SYS [2001-08-06 10:43]
                      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                      S3 TAPBIND;TAPBIND;C:\PROGRA~1\Alcatel\ENTERN~1\app\TAPBIND1.SYS [2001-08-07 12:07]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
                      \Shell\AutoRun\command - E:\LaunchU3.exe -a

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c22595-74bb-11dc-9835-000d8752061d}]
                      \Shell\AutoRun\command - E:\LaunchU3.exe -a

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97491b40-c9e5-11dc-9916-000d8752061d}]
                      \Shell\AutoRun\command - E:\AutoeuVOX.exe

                      *Newly Created Service* - COMHOST
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-05-12 16:33:51 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
                      - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
                      "2008-02-04 06:05:06 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - marc.job"
                      - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
                      "2008-02-05 17:00:09 C:\WINDOWS\Tasks\Pareto UNS.job"
                      - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-02-05 20:43:15
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-02-05 20:45:47
                      ComboFix-quarantined-files.txt 2008-02-05 19:45:28
                      ComboFix2.txt 2008-02-04 19:15:02
                      ComboFix3.txt 2008-02-04 18:54:19
                      ComboFix4.txt 2008-02-03 19:30:24
                      .
                      2007-12-14 05:53:12 --- E O F ---

                      Comment


                      • #12
                        Kan je eens een nieuw Hijackthis logje posten?
                        Groet,
                        Pimmerd

                        Comment


                        • #13
                          voilà, Pimmerd, toch al heel wat sneller.

                          kan je hieruit trouwens afleiden of mijn pc zwaar genoeg is voor wat er op staat?

                          ADM Duron Processor Kloksnelheid 1.30 GHz 192 MB

                          C: 38.2 GB waarvan beschikbaar 22.3 GB

                          groeten
                          makke


                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 21:35:48, on 5/02/2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16544)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                          C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
                          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\explorer.exe
                          C:\Program Files\Internet Explorer\iexplore.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                          O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
                          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                          O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
                          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
                          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                          O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
                          O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                          O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
                          O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{2324A9D4-5162-4901-8E64-0B00AD60C677}: NameServer = 208.67.222.222
                          O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                          O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
                          O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
                          O24 - Desktop Component 0: (no name) - http://www.spele.nl/images/bg.jpg

                          --
                          End of file - 6014 bytes

                          Comment


                          • #14
                            Hmm, 192 MB werkgeheugen en dan Symantec draaien, dat is waarschijnlijk de reden van je traagheid.
                            Ook is Windows XP voor zo'n computer best een belasting. Met een reepje werkgeheugen erbij
                            moet dat veel sneller kunnen.

                            Je logje ziet er i.i.g. goed uit, doe het volgende nog even:

                            Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

                            Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

                            Nog problemen?
                            Groet,
                            Pimmerd

                            Comment


                            • #15
                              Heropent op verzoek.

                              Kan je een nieuw Hijackthis logfile plaatsen?
                              Groet,
                              Pimmerd

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X