Mededeling

Collapse
No announcement yet.

spoolsv.exe - toepassingsfout

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spoolsv.exe - toepassingsfout

    Ik krijg steeds de bovenstaande melding en daarna werkt mijn computer niet meer fatsoenlijk.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:51:34, on 29-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\SYSTEM32\DWRCST.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isa02:8080/array.dll?Get.Routing.Script
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa02:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 213.126.138.86 www.delichtenvoorde2.nl
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173439053140
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177070193696
    O16 - DPF: {B52860F2-55CB-4D29-A2C4-95BF0968D105} (iSync.ctlUserInfo) - http://db01/TM/ActiveX/iSync.CAB
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delichtenvoorde.local
    O17 - HKLM\Software\..\Telephony: DomainName = delichtenvoorde.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2B09AD-8AFD-4723-8EB5-6D0F5B21AB88}: NameServer = 172.16.130.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delichtenvoorde.local
    O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    --
    End of file - 8688 bytes

    Alvast bedankt

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

      • Dubbelklik op Combofix.exe
        Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.


      Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      ComboFix Log

      ComboFix 08-03-03.6 - victorf 2008-03-03 12:07:27.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1359 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\victorf\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      D:\Autorun.inf
      D:\RECYCLER\Desktop.ini
      D:\RECYCLER\Folder.htt
      D:\RECYCLER\Protect.ed
      D:\RECYCLER\Warning.bmp

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))
      .

      2008-02-29 15:06 . 2008-02-29 15:06 <DIR> d-------- C:\Documents and Settings\victorf\Mijn documenten
      2008-02-29 14:06 . 2008-02-29 15:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-29 14:06 . 2008-02-29 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      2008-02-22 11:00 . 2008-02-29 13:47 <DIR> d-------- C:\Program Files\Microsoft Works
      2008-02-19 08:52 . 2008-02-19 08:52 323 --a------ C:\WINDOWS\SWWATER.INI
      2008-02-04 13:45 . 2008-02-04 13:45 <DIR> d-------- C:\Documents and Settings\victorf\Application Data\Extensis
      2008-02-04 13:45 . 2008-02-04 13:45 <DIR> d-------- C:\DOCUME~1\victorf\APPLIC~1\Extensis
      2008-02-04 13:45 . 2008-02-04 13:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Extensis

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-29 14:25 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-29 11:39 --------- d-----w C:\Program Files\Trend Micro
      2008-01-28 12:06 --------- d-----w C:\Program Files\Java
      2008-01-28 11:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-28 11:55 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-01-28 11:05 --------- d-----w C:\Program Files\Google
      2008-01-23 13:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
      2008-01-23 13:32 --------- d-----w C:\Program Files\Common Files\Control Panels
      2008-01-23 13:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
      2008-01-23 13:26 --------- d-----w C:\Program Files\QuickTime
      2008-01-23 12:57 --------- d-----w C:\Program Files\Bonjour
      2008-01-23 12:54 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
      2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
      2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2007-12-06 11:04 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
      2007-07-26 14:33 24,558 ----a-w C:\Documents and Settings\victorf\Application Data\mdb.bin
      2007-07-26 14:33 24,558 ----a-w C:\DOCUME~1\victorf\APPLIC~1\mdb.bin
      2007-03-12 08:58 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 02:00 15360]
      "DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-11-29 10:55 53248]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 21:08 16050688 C:\WINDOWS\RTHDCPL.exe]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
      "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-07-14 08:43 279576]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 13:19 7626752]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 06:42 3117056]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 13:19 86016]
      "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2006-03-02 02:00 144384]
      "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2005-10-28 11:54 800504]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-22 09:54 282624]
      "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 02:00 15360]

      C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
      Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-02-29 15:32:00 295606]
      Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
      Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 18:04:10 117568]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoViewOnDrive"= 0 (0x0)

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
      backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
      C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2006-07-12 13:19 1519616 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2007-06-16 00:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-05-22 09:54 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
      --a------ 2006-05-12 12:50 1138688 C:\WINDOWS\Sminst\Recguard.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
      --a------ 2006-03-31 14:44 761856 C:\WINDOWS\Creator\Remind_XP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
      --a------ 2006-07-10 11:53 872448 C:\WINDOWS\SMINST\Scheduler.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\SMINST\\Scheduler.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 19:00]
      R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2004-11-22 11:07]
      R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2005-10-28 11:54]
      R2 FwcAgent;Firewall Client Agent;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-12-09 18:04]
      R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2006-07-14 08:43]
      R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 19:00]
      R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2005-10-28 11:54]
      S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-09 09:55]
      S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\VirtDisk.sys [2006-05-05 16:34]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5c79908-2f7a-11dc-b997-001a4b3aa0f9}]
      \Shell\AutoRun\command - F:\loader.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-03 12:11:25
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-03-03 12:11:43
      ComboFix-quarantined-files.txt 2008-03-03 11:11:42
      .
      2008-02-29 15:34:43 --- E O F ---





      Hijackthis Log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:12, on 2008-03-03
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\SYSTEM32\DWRCS.EXE
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\PDF Complete\pdfsvc.exe
      C:\Program Files\PDF Complete\pdfsty.exe
      C:\WINDOWS\SYSTEM32\DWRCST.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\DrvMon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Portrait Displays\Pivot Software\floater.exe
      C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
      C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isa02:8080/array.dll?Get.Routing.Script
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa02:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O1 - Hosts: 213.126.138.86 www.delichtenvoorde2.nl
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
      O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173439053140
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177070193696
      O16 - DPF: {B52860F2-55CB-4D29-A2C4-95BF0968D105} (iSync.ctlUserInfo) - http://db01/TM/ActiveX/iSync.CAB
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delichtenvoorde.local
      O17 - HKLM\Software\..\Telephony: DomainName = delichtenvoorde.local
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2B09AD-8AFD-4723-8EB5-6D0F5B21AB88}: NameServer = 172.16.130.1
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delichtenvoorde.local
      O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

      --
      End of file - 10501 bytes

      Comment


      • #4
        Je logjes zien er goed uit
        Nog problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          Het lijkt erop dat het probleem verholpen is! Kan het niet makkelijk controleren want het komt zo af en toe ineens te voorschijn en het is de PC van een collega. Ik hoor het dan wel weer van hem als het probleem nog aanhoudt en post het dan wel weer in deze topic!

          Bedankt Pimmerd!

          Comment


          • #6
            Goed om te horen

            Deinstalleer Combofix:
            Ga naar start --> uitvoeren en typ daar: combofix /u
            Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

            De Java software op je computer is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
            Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
            Download Java Runtime Environment (JRE) 6u4.
            • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
            • Klik op de "Download" knop aan de rechterkant.
            • In het uitklapmenu rechts naast Platform, selecteer Windows
            • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
            • De pagina zal herladen.
            • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
            Groet,
            Pimmerd

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X