Mededeling

Collapse
No announcement yet.

pc is langzaam

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc is langzaam

    zitten hier wat rare dingen tussen of moet ik pc opschonen??????
    ik weet het niet meer??????

    hier mijn logje




    Scan saved at 20:05:59, on 23-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=nl&product=SymNRT&version=2008.0.1.19&build=Symantec&a= 00000082.00000046.000000b5&b=00000082.00000049.000000b9&c=00000082.00000096.000001da
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194791813842
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: MS Session Manager Subsystem (System Session Manager Subsystem) - Unknown owner - c:\windows\system32\drivers\etc\smss.exe (file missing)
    O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)

  • #2
    Verwijder de restjes van Norton op deze manier:


    Ga naar start --> uitvoeren en typ daar: sc delete "System Session Manager Subsystem"
    Bevestig met ok.

    Herstart je Pc en plaats een nieuw gemaakt Hijackthis logfile.
    Groet,
    Pimmerd

    Comment


    • #3
      Alles gedaan zoals gezegd.
      hier nieuwe log:

      Logfile of HijackThis v1.99.1
      Scan saved at 21:30:01, on 26-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\Program Files\SiteAdvisor\6253\SAService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      G:\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=nl&product=SymNRT&version=2008.0.2.17&build=Symantec&a= 00000082.00000046.000000b5&b=00000082.00000049.000000b9&c=00000082.00000096.000001da
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194791813842
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
      O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)

      Comment


      • #4
        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
        O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
        O4 - HKCU\..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00096.000001da
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
        O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        Volg deze instructies om ComboFix te downloaden:
        • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
          Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

          OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
          schakel dan deze scanner uit en download Combofix opnieuw.
          Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

          • Dubbelklik op Combofix.exe
            Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.


          Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
          Plaats deze log in je volgende post, samen met een vers HijackThis logje.
        Groet,
        Pimmerd

        Comment


        • #5
          dit is wat ik kreeg?????



          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.232 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Antoine Emmers\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\setup.exe

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))
          .

          2008-02-16 18:43 . 2008-02-16 18:45 <DIR> d-------- C:\Program Files\SopCast
          2008-02-12 20:14 . 2008-02-12 20:14 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Store Purchased
          2008-02-12 20:14 . 2008-02-12 20:14 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Shared
          2008-02-12 20:14 . 2008-02-23 18:36 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Saved
          2008-02-12 20:14 . 2008-02-23 18:39 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Incomplete
          2008-02-12 20:13 . 2008-02-23 18:36 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Application Data\LimeWirePlus
          2008-02-12 20:12 . 2008-02-12 20:13 <DIR> d-------- C:\Program Files\LimeWire Plus
          2008-02-04 23:01 . 2008-02-04 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-01 15:01 . 2008-02-01 15:35 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-02-01 15:01 . 2008-02-01 15:01 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Application Data\PC Tools
          2008-02-01 15:01 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-02-01 15:01 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-02-01 15:01 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-02-01 15:01 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-26 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-26 20:01 --------- d-----w C:\Program Files\McAfee
          2008-02-23 17:21 --------- d-----w C:\Program Files\eMule
          2008-02-23 16:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-02-13 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2008-02-01 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
          2008-01-24 16:32 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\McAfee
          2008-01-24 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
          2008-01-23 21:13 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\NewsLeecher
          2008-01-15 18:37 --------- d-----w C:\Program Files\Hitman Pro
          2008-01-15 18:36 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\Lavasoft
          2008-01-15 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-15 17:23 164 ----a-w C:\install.dat
          2008-01-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
          2008-01-15 16:31 7,219 ----a-w C:\WINDOWS\system32\drivers\services.xml
          2008-01-06 09:28 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\AdobeUM
          2008-01-06 09:27 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-03 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-03 18:49 --------- d-----w C:\Program Files\Mio DigiWalker
          2008-01-03 18:38 --------- d-----w C:\Program Files\Mio Technology
          2007-12-28 14:18 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\InterVideo
          2007-12-28 14:16 --------- d-----w C:\Program Files\Common Files\InterVideo
          2007-12-28 14:09 --------- d-----w C:\Program Files\InterActual
          2007-12-28 14:08 --------- d-----w C:\Program Files\MSXML 4.0
          2007-12-28 14:05 --------- d-----w C:\Program Files\InterVideo
          2007-12-28 14:04 --------- d-----w C:\Program Files\Creative
          2007-12-28 14:04 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-12-23 12:35 2,721,077 ----a-w C:\WINDOWS\system32\exec1.exe
          2007-12-22 12:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
          2007-12-22 12:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
          2007-12-22 12:50 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
          2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
          2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640]
          "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-28 15:06:02 278528]

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

          R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
          S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
          S4 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-16 10:57:18 C:\WINDOWS\Tasks\McDefragTask.job"
          - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
          "2008-01-01 00:04:08 C:\WINDOWS\Tasks\McQcTask.job"
          - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
          "2008-01-28 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Antoine Emmers.job"
          - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-26 22:10:46
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          **************************************************************************
          .
          Voltooingstijd: 2008-02-26 22:12:46
          ComboFix-quarantined-files.txt 2008-02-26 21:11:48
          .
          2008-02-13 21:23:31 --- E O F ---


          en nieuwe log:

          Scan saved at 22:17:20, on 26-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\McAfee.com\Agent\mcagent.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
          C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
          C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
          c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
          C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
          C:\Program Files\McAfee\MPF\MPFSrv.exe
          C:\Program Files\McAfee\MSK\MskSrver.exe
          C:\Program Files\SiteAdvisor\6253\SAService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\wuauclt.exe
          G:\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
          O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O11 - Options group: [INTERNATIONAL] International*
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194791813842
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
          O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
          O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\system32\drivers\services.xml
            ) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))

            ECHO Deleting Services >> log.txt
            FOR %%S in (
            "Windows Services Control"
            ) DO (
            >>Log.txt (
            ECHO %%S
            SC STOP %%S
            SC DELETE %%S))

            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.
            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            Groet,
            Pimmerd

            Comment


            • #7
              del.bat

              Deleting files
              C:\WINDOWS\system32\drivers\services.xml not found
              Deleting Services
              "Windows Services Control"
              [SC] OpenService FAILED 1060:

              De opgegeven service is geen geïnstalleerde service.


              [SC] OpenService FAILED 1060:

              De opgegeven service is geen geïnstalleerde service.

              Comment


              • #8
                Kan je ook eens een nieuw Combofix logje posten?
                Vermeldt daarbij hoe het met je problemen is.
                Groet,
                Pimmerd

                Comment


                • #9
                  log

                  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.195 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\Antoine Emmers\Bureaublad\ComboFix.exe
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
                  .

                  2008-02-28 18:25 . 2008-02-28 18:25 <DIR> d-------- C:\WINDOWS\LastGood
                  2008-02-16 18:43 . 2008-02-16 18:45 <DIR> d-------- C:\Program Files\SopCast
                  2008-02-12 20:14 . 2008-02-12 20:14 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Store Purchased
                  2008-02-12 20:14 . 2008-02-12 20:14 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Shared
                  2008-02-12 20:14 . 2008-02-23 18:36 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\LimeWire Saved
                  2008-02-12 20:14 . 2008-02-23 18:39 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Incomplete
                  2008-02-12 20:13 . 2008-02-23 18:36 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Application Data\LimeWirePlus
                  2008-02-12 20:12 . 2008-02-12 20:13 <DIR> d-------- C:\Program Files\LimeWire Plus
                  2008-02-04 23:01 . 2008-02-04 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2008-02-01 15:01 . 2008-02-01 15:35 <DIR> d-------- C:\Program Files\Spyware Doctor
                  2008-02-01 15:01 . 2008-02-01 15:01 <DIR> d-------- C:\Documents and Settings\Antoine Emmers\Application Data\PC Tools
                  2008-02-01 15:01 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                  2008-02-01 15:01 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                  2008-02-01 15:01 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                  2008-02-01 15:01 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-02-28 17:25 --------- d-----w C:\Program Files\McAfee
                  2008-02-26 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                  2008-02-23 17:21 --------- d-----w C:\Program Files\eMule
                  2008-02-23 16:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-02-13 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                  2008-02-01 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
                  2008-01-24 16:32 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\McAfee
                  2008-01-24 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
                  2008-01-23 21:13 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\NewsLeecher
                  2008-01-15 18:37 --------- d-----w C:\Program Files\Hitman Pro
                  2008-01-15 18:36 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\Lavasoft
                  2008-01-15 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-01-15 17:23 164 ----a-w C:\install.dat
                  2008-01-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
                  2008-01-06 09:28 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\AdobeUM
                  2008-01-06 09:27 --------- d-----w C:\Program Files\Common Files\Adobe
                  2008-01-03 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-01-03 18:49 --------- d-----w C:\Program Files\Mio DigiWalker
                  2008-01-03 18:38 --------- d-----w C:\Program Files\Mio Technology
                  2007-12-28 14:18 --------- d-----w C:\Documents and Settings\Antoine Emmers\Application Data\InterVideo
                  2007-12-28 14:16 --------- d-----w C:\Program Files\Common Files\InterVideo
                  2007-12-28 14:09 --------- d-----w C:\Program Files\InterActual
                  2007-12-28 14:08 --------- d-----w C:\Program Files\MSXML 4.0
                  2007-12-28 14:05 --------- d-----w C:\Program Files\InterVideo
                  2007-12-28 14:04 --------- d-----w C:\Program Files\Creative
                  2007-12-28 14:04 --------- d-----w C:\Program Files\Common Files\InstallShield
                  2007-12-23 12:35 2,721,077 ----a-w C:\WINDOWS\system32\exec1.exe
                  2007-12-22 12:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
                  2007-12-22 12:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
                  2007-12-22 12:50 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
                  2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                  2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57 36640]
                  "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
                  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-28 15:06:02 278528]

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                  "EnableFirewall"= 0 (0x0)

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                  "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

                  R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
                  S2 0197631204219640mcinstcleanup;McAfee Application Installer Cleanup (0197631204219640);C:\WINDOWS\TEMP\019763~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
                  S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2007-12-16 10:57:18 C:\WINDOWS\Tasks\McDefragTask.job"
                  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
                  "2008-01-01 00:04:08 C:\WINDOWS\Tasks\McQcTask.job"
                  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
                  "2008-01-28 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Antoine Emmers.job"
                  - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-02-28 18:29:58
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  **************************************************************************
                  .
                  Voltooingstijd: 2008-02-28 18:31:51
                  ComboFix-quarantined-files.txt 2008-02-28 17:30:53
                  ComboFix2.txt 2008-02-26 21:12:47
                  .
                  2008-02-13 21:23:31 --- E O F ---

                  Comment


                  • #10
                    Deinstalleer Combofix:
                    Ga naar start --> uitvoeren en typ daar: combofix /u
                    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                    De Java software op je computer is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
                    Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
                    Download Java Runtime Environment (JRE) 6u4.
                    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                    • Klik op de "Download" knop aan de rechterkant.
                    • In het uitklapmenu rechts naast Platform, selecteer Windows
                    • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                    • De pagina zal herladen.
                    • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Nog problemen?
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      oke

                      Pimmerd hij werkt weer als een trein.
                      ik wil je heel graag bedanken.

                      Comment


                      • #12
                        Graag gedaan hoor

                        Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
                        Jawwi.nl is een startpagina. Wij bieden een overzicht van alle handige links, en dat op 1 startpagina.


                        Ik zet de status van deze thread op 'opgelost '.
                        Groet,
                        Pimmerd

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X