Mededeling

Collapse
No announcement yet.

pc heel traag

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc heel traag

    laatste maand is mijn pc heel erg traag. ik heb al een aantal spywear zoek programma's laten lopen maar er is geen verbetering

    misschien kunnen jullie me helpen? al vast bedankt

    hierbij mijn hijjack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:43:57, on 21-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Electronic Arts\EA Downloader\Core.exe
    E:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\RunOnce: [Shockwave 10] "C:\WINDOWS\system32\Macromed\Shockwave 10\swinit.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Desktop Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE
    O23 - Service: NISUM - Symantec Corporation - C:\Program Files\Symantec_Desktop_Firewall\NISUM.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WMDM PMSP Service - Logitech Inc. - (no file)

    --
    End of file - 7300 bytes

    als ik nog iets moet toevoegen of doen meld het maar.

    al vast bedankt

    erwin

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      Hierbij de logs

      hartelijk bedankt voor de snelle reactie

      hierbij de logs.


      ComboFix 08-03-21.2 - Eva 2008-03-22 12:27:07.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.935 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eva\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt


      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\OnSpcLCK.exe

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))
      .

      2008-03-21 14:39 . 2008-03-21 14:39 <DIR> d-------- C:\Program Files\Trend Micro
      2008-03-21 14:28 . 2008-03-21 14:28 <DIR> d-------- C:\RVAXO
      2008-03-21 14:26 . 2008-03-20 21:55 747,874 --a------ C:\WINDOWS\SYSTEM32\RVAXO.bat
      2008-03-21 14:26 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\SYSTEM32\remove.exe
      2008-03-21 13:54 . 2008-03-21 15:55 <DIR> d-------- C:\Program Files\ErrorSmart
      2008-03-21 13:54 . 2008-03-21 13:58 <DIR> d-------- C:\Documents and Settings\Eva\Application Data\ErrorSmart

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-22 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-03-20 13:16 --------- d-----w C:\Program Files\eMule
      2008-03-15 17:18 --------- d-----w C:\Documents and Settings\Eva\Application Data\AdobeUM
      2008-03-05 16:15 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-02-25 14:16 --------- d-----w C:\Program Files\Cool2000
      2008-02-25 14:00 --------- d-----w C:\Program Files\AudioConvert
      2008-02-25 13:59 3,126 ----a-w C:\WINDOWS\SYSTEM32\tempimg.tmp
      2008-02-21 09:15 --------- d-----w C:\Documents and Settings\Eva\Application Data\Skype
      2008-02-16 13:09 --------- d-----w C:\Documents and Settings\Eva\Application Data\teamspeak2
      2008-02-07 18:16 --------- d-----w C:\Documents and Settings\Eva\Application Data\AVG7
      2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
      2008-01-09 07:29 15,044 ----a-w C:\WINDOWS\SYSTEM32\ealregsnapshot1.reg
      2007-10-31 15:16 43,008 ----a-w C:\Documents and Settings\Eva\Application Data\GDIPFONTCACHEV1.DAT
      2007-05-10 14:14 43 ----a-w C:\Documents and Settings\Eva\RUNME.bat
      2005-07-13 23:22 37,904 ----a-w C:\Documents and Settings\Erwin\Application Data\GDIPFONTCACHEV1.DAT
      2001-05-24 03:00 263,708 ----a-w C:\Documents and Settings\Eva\Windows_XP_Activation_Crack.zip
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
      "EA Core"="C:\Program Files\Electronic Arts\EA Downloader\Core.exe" [2006-06-09 01:35 1851392]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
      "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 23:18 222784]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 08:01 579072]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
      "RegistryMechanic"=""
      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 07:01 219136]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Exif Launcher.lnk - E:\Program Files\FinePixViewer\QuickDCF.exe [2006-06-04 23:24:55 282624]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
      backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
      --a------ 2005-10-08 21:08 212992 C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
      --a------ 2007-01-10 06:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iamapp]
      --a------ 2001-06-01 13:20 135168 C:\Program Files\Symantec_Desktop_Firewall\IAMAPP.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\BitLord\\BitLord.exe"=
      "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "F:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
      "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
      "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 15:15]
      R1 kid_sys;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\drivers\KID_SYS.sys [2001-09-26 13:59]
      R2 FileDeleter;ZeroSpyware FileDeleter;C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe [2006-03-24 14:26]
      R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-10-05 15:50]
      R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-10-05 15:50]
      R2 NISDRV;NISDRV;C:\WINDOWS\system32\Drivers\NISDRV.SYS [2001-05-31 17:42]
      R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-10-05 15:56]
      S3 DNSFILT;DNSFILT;C:\WINDOWS\system32\Drivers\DNSFILT.SYS [2001-05-31 17:44]
      S3 FWFILT;FWFILT;C:\WINDOWS\system32\Drivers\FWFILT.SYS [2001-05-31 17:44]
      S3 HTTPFILT;HTTPFILT;C:\WINDOWS\system32\Drivers\HTTPFILT.SYS [2001-05-31 17:44]
      S3 NDISFILT;NDISFILT;C:\WINDOWS\system32\Drivers\NDISFILT.SYS [2001-05-31 17:44]
      S3 NISSERV;Symantec Desktop Firewall Service;"C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE" [2001-05-31 17:16]
      S3 SYMFILT;SYMFILT;C:\WINDOWS\system32\Drivers\SYMFILT.SYS [2001-05-31 17:44]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
      \Shell\AutoRun\command - setup.exe
      \Shell\directx\command - DirectX\dxsetup.exe
      \Shell\setup\command - setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
      \Shell\AutoRun\command - setup.exe
      \Shell\directx\command - DirectX\dxsetup.exe
      \Shell\setup\command - setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8e718e-9592-11db-b6cb-0007e9489557}]
      \Shell\AutoRun\command - G:\OnSpcLCK.exe

      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-03-21 13:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-03-22 10:41:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2008-03-22 02:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
      - C:\Program Files\ErrorSmart\ErrorSmart.ex
      - C:\Program Files\ErrorSmart
      "2006-01-25 13:23:58 C:\WINDOWS\Tasks\XoftSpy.job"
      - C:\Program Files\XoftSpy\XoftSpy.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-22 12:32:40
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-03-22 12:33:46
      ComboFix-quarantined-files.txt 2008-03-22 11:33:17
      ComboFix2.txt 2007-05-25 09:58:50
      .
      2008-03-22 02:01:06 --- E O F ---


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:35:32, on 22-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\ewido\security suite\ewidoctrl.exe
      C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Electronic Arts\EA Downloader\Core.exe
      E:\Program Files\FinePixViewer\QuickDCF.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Exif Launcher.lnk = ?
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: Symantec Desktop Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Desktop_Firewall\NISSERV.EXE
      O23 - Service: NISUM - Symantec Corporation - C:\Program Files\Symantec_Desktop_Firewall\NISUM.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: WMDM PMSP Service - Logitech Inc. - (no file)

      --
      End of file - 7038 bytes

      Comment


      • #4
        * Clean de Cache and Cookies in IE:

        * Sluit Internet Explorer.
        * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
        * Klik de Cookies verwijderen knop
        * Klik op de Bestanden verwijderen knop ernaast
        * Vink aan: Ook alle off line items verwijderen, klik OK

        * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

        * Go to Extra > Opties.
        * Klik Privacy in het menu.
        * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
        * Klik OK om het venster opnieuw te sluiten.

        * Clean andere Temporary files + Prullenbak

        * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
        * Laat het je systeem scannen op bestanden die moeten verwijderd worden
        * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
        * Klik daarna op OK.


        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.


        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        "C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
        ) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        >>log.txt (
        ECHO.
        ECHO Deleting folders)
        FOR %%I in (
        "C:\Program Files\ErrorSmart"
        "C:\Documents and Settings\Eva\Application Data\ErrorSmart"
        ) DO (
        IF EXIST %%I (
        RD /S /Q %%I
        IF EXIST %%I (
        ECHO %%I not deleted>>log.txt
        ) ELSE (
        ECHO %%I deleted>>log.txt)
        ) ELSE (
        ECHO %%I not found>>log.txt))
        START NOTEPAD.EXE log.txt


        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.
        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Hoe is het met je problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          stuk beter

          Het gaat een stuk beter denk ik. words gaat nu echt gewoon open. is nogal een verbetering.

          moet ik nog meer doen?

          Comment


          • #6
            Indien je geen problemen meer hebt kunnen we afsluiten.

            Deinstalleer Combofix:
            Ga naar start --> uitvoeren en typ daar: combofix /u
            Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.
            Groet,
            Pimmerd

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X