BlueMedicine Security Forum
»
HijackThis Forum
»
Opgeloste/Inactieve HijackThislogs
computer start zeer traag op
computer start zeer traag op
|
computer start zeer traag op
|
|
28-01-2010, 18:39
Bericht: #1
|
|||
|
|||
|
computer start zeer traag op
LS,
Sinds kort start mijn computer zeer traag op. Ik heb ongeveer 20 Gb vrij op C en D schijf, oude programma's verwijderd, schijfopruiming gedaan, CC-Cleamer en Malwarebytes gedraaid, maar het duurt nog steeds ruim 5 minuted voordat ik in staat ben Internet Explorer op te starten. Ook nadat alles is opgestart, blijft het traag werken. Wat ook opvalt is dat er voor het invoeren van het Windows wachtwoord een melding over zo'n 2000 ongelezen mails te zien is, maar ik heb geen idee waar die zich bevinden. In elk geval niet in onze hotmail-accounts. Hieronder mijn HijackThis-log. Ik hoop dat u mij kunt helpen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:31:15, on 2010-01-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7_TerraTec_Edition\TrayServer.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q306&bd=pavilion&pf=laptop O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msg...b56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/dow...ysinfo.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerG...109791.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UN...E_UNO1.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ction2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static...0.27.0.cab O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.cbi.com/InternalSite/WhlCompMgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/749...loader.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mymail.cbi.com/whalecom2bd7345b7.../dwa7W.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://joincbi.webex.com/client/T26L10N...eatgpc.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/pho...NPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Au...oader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Min...b56986.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARIN%26~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg -- End of file - 13739 bytes |
|||
|
|
28-01-2010, 20:32
Bericht: #2
|
|||
|
|||
|
RE: computer start zeer traag op
Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARIN%26~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg Klik daarna op "Fix checked" en sluit HijackThis af. Download MBAM (Malwarebytes' Anti-Malware) hier of hier.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
29-01-2010, 21:39
Bericht: #3
|
|||
|
|||
RE: computer start zeer traag op
(28-01-2010 20:32)Marckie schreef: Sluit alle open vensters. |
|||
|
|
|
29-01-2010, 21:46
Bericht: #4
|
|||
|
|||
RE: computer start zeer traag op
(29-01-2010 21:39)pkschoem schreef:(28-01-2010 20:32)Marckie schreef: Sluit alle open vensters. Marckie, MBAM heeft geen geinfecteerde besatbde gevonden. Toch duurt het nog 1,5 minuut voordat het Windows-inlogscherm verschijnt, en dan nog eens 7 minuten voordat ik een internetverbinding kan openen. Dat duurde ongeveer een maand geleden nooit zo lang. Min virusscanner is Symantec. Voordat die helemaal geladen is, krijg ik al een Windows melding dat mijn systeem onbeschermd is. Wellicht zit her probeelm daarin ? Hierbij de MBAM-log en de HijackThislog: Malwarebytes' Anti-Malware 1.44 Database versie: 3658 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-01-29 20:21:27 mbam-log-2010-01-29 (20-21-27).txt Scan type: Snelle Scan Objecten gescand: 117283 Verstreken tijd: 13 minute(s), 47 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:54, on 2010-01-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7_TerraTec_Edition\TrayServer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q306&bd=pavilion&pf=laptop O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msg...b56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/dow...ysinfo.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerG...109791.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UN...E_UNO1.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ction2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static...0.27.0.cab O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.cbi.com/InternalSite/WhlCompMgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/749...loader.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mymail.cbi.com/whalecom2bd7345b7.../dwa7W.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://joincbi.webex.com/client/T26L10N...eatgpc.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/pho...NPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Au...oader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Min...b56986.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 13978 bytes |
|||
|
|
|
30-01-2010, 10:13
Bericht: #5
|
|||
|
|||
|
RE: computer start zeer traag op
Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix...-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe. Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen. Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised". Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Krijg je deze melding dan meld je dit. Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
31-01-2010, 21:09
Bericht: #6
|
|||
|
|||
RE: computer start zeer traag op
(30-01-2010 10:13)Marckie schreef: Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix...-te-worden . Marckie, Hierbij de combofixog en de hijackthislog; ComboFix 10-01-30.07 - karin&paul 2010-01-31 19:05:36.7.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.562 [GMT 1:00] Gestart vanuit: c:\documents and settings\karin&paul\Bureaublad\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . (((((((((((((((((((( Bestanden Gemaakt van 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))) . 2010-01-24 18:45 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\dllcache\bthport.sys 2010-01-24 18:43 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-24 18:41 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-24 18:41 . 2009-10-15 16:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-01-24 18:41 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-24 18:41 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll 2010-01-24 18:41 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe 2010-01-24 18:41 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2010-01-24 18:41 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2010-01-24 18:41 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll 2010-01-24 18:41 . 2009-06-25 08:27 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll 2010-01-24 18:41 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-24 18:41 . 2009-02-09 10:56 735744 ------w- c:\windows\system32\dllcache\ntdll.dll 2010-01-24 18:39 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-01-24 18:39 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-24 18:39 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-24 18:39 . 2009-07-10 13:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-24 18:39 . 2008-04-11 19:06 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-24 18:36 . 2009-08-04 17:29 2149888 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-01-24 18:36 . 2009-08-04 17:29 2028544 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-01-24 18:36 . 2009-08-04 17:29 2070400 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-01-24 18:35 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-24 18:29 . 2010-01-24 18:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-24 15:54 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll 2010-01-24 15:54 . 2008-04-14 21:09 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll 2010-01-24 15:52 . 2010-01-24 15:52 -------- d-----w- c:\windows\l2schemas 2010-01-24 15:52 . 2010-01-24 15:52 -------- d-----w- c:\windows\system32\nl 2010-01-24 15:52 . 2010-01-24 15:52 -------- d-----w- c:\windows\system32\bits 2010-01-24 15:20 . 2010-01-24 15:20 -------- d-----w- c:\windows\EHome 2010-01-24 14:27 . 2010-01-24 14:29 -------- dc----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-01-24 14:27 . 2010-01-24 14:31 -------- d-----w- c:\program files\PCPitstop 2010-01-21 20:40 . 2010-01-21 20:40 -------- d-----w- c:\documents and settings\karin&paul\Application Data\Malwarebytes 2010-01-21 20:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-21 20:40 . 2010-01-21 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-21 20:40 . 2010-01-29 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-21 20:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-21 20:25 . 2010-01-31 17:43 -------- d--h--r- c:\documents and settings\karin&paul\Onlangs geopend 2010-01-21 19:56 . 2010-01-21 19:56 -------- d-----w- c:\program files\CCleaner 2010-01-18 18:48 . 2010-01-18 18:48 -------- d-----w- c:\program files\plugins 2010-01-18 18:48 . 2010-01-18 18:48 -------- d-----w- c:\program files\aviproxy 2010-01-18 18:23 . 2010-01-18 18:23 -------- d-----w- c:\program files\Real Alternative 2010-01-18 18:23 . 2010-01-18 18:23 -------- d-----w- c:\documents and settings\karin&paul\Local Settings\Application Data\Real 2010-01-18 18:23 . 2007-06-03 13:31 10752 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-18 18:23 . 2007-04-24 16:30 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2010-01-18 18:22 . 2010-01-18 18:22 -------- d-----w- c:\program files\AviSynth 2.5 2010-01-18 18:21 . 2010-01-18 19:01 -------- d-----w- c:\program files\The FilmMachine 2010-01-18 18:19 . 2009-05-02 13:40 26609189 ----a-w- c:\program files\The FilmMachine 1.6.1.exe 2010-01-11 20:53 . 2010-01-11 20:53 -------- d-----w- c:\program files\Belastingdienst 2010-01-02 20:30 . 2010-01-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2010-01-02 20:26 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-01-02 20:26 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2010-01-02 20:24 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-01-02 17:05 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll 2010-01-02 17:05 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll 2010-01-02 17:05 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll 2010-01-02 17:03 . 2010-01-02 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP 2010-01-02 17:02 . 2009-02-10 20:03 966656 ----a-r- c:\windows\system32\hpost_p02d.dll 2010-01-02 17:02 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_p02d.dll 2010-01-02 17:02 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll 2010-01-02 17:02 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2010-01-02 17:02 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll 2010-01-02 17:02 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2010-01-02 17:02 . 2001-09-06 19:47 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys 2010-01-02 16:54 . 2010-01-02 17:00 -------- d-----w- c:\documents and settings\karin&paul\Application Data\HPAppData 2010-01-02 16:51 . 2010-01-02 16:51 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-01-02 16:42 . 2010-01-02 16:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-01-02 16:35 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-01-02 16:28 . 2010-01-03 00:01 200767 ----a-w- c:\windows\hpoins40.dat 2010-01-02 16:28 . 2009-05-22 10:04 992 ------w- c:\windows\hpomdl40.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-31 17:56 . 2007-12-15 16:47 -------- d-----w- c:\documents and settings\karin&paul\Application Data\DNA 2010-01-31 16:40 . 2008-07-01 19:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-31 16:40 . 2007-12-15 16:47 -------- d-----w- c:\program files\DNA 2010-01-26 16:03 . 2006-09-26 17:49 96680 ----a-w- c:\documents and settings\karin&paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-24 20:24 . 2006-03-27 08:46 92210 ----a-w- c:\windows\system32\perfc013.dat 2010-01-24 20:24 . 2006-03-27 08:46 512698 ----a-w- c:\windows\system32\perfh013.dat 2010-01-24 15:58 . 2006-03-27 08:54 83679 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-20 13:39 . 2009-12-29 09:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-18 20:34 . 2008-10-28 20:59 -------- d-----w- c:\program files\LimeWire Plus 2010-01-18 18:13 . 2007-12-15 16:48 -------- d-----w- c:\documents and settings\karin&paul\Application Data\BitTorrent 2010-01-11 20:56 . 2009-03-22 12:17 -------- d-----w- c:\documents and settings\karin&paul\Application Data\Belastingdienst 2010-01-03 15:13 . 2009-01-13 21:40 -------- d-----w- c:\program files\NCH Swift Sound 2010-01-03 15:11 . 2006-09-27 02:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-02 20:32 . 2006-09-27 14:35 -------- d-----w- c:\documents and settings\karin&paul\Application Data\HP 2010-01-02 20:28 . 2006-09-27 02:23 -------- dc----w- c:\documents and settings\All Users\Application Data\HP 2010-01-02 17:14 . 2009-12-20 12:09 -------- d-----w- c:\documents and settings\karin&paul\Application Data\HpUpdate 2010-01-02 16:53 . 2006-09-27 02:23 -------- d-----w- c:\program files\Hp 2009-12-30 11:09 . 2009-12-30 11:03 -------- d-----w- c:\program files\Common Files\MAGIX Shared 2009-12-30 11:04 . 2009-12-30 11:02 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX 2009-12-30 11:04 . 2009-12-30 11:01 -------- d-----w- c:\program files\MAGIX 2009-12-30 10:12 . 2009-08-07 07:35 -------- d-----w- c:\documents and settings\karin&paul\Application Data\LimeWirePlus 2009-12-24 18:59 . 2009-12-24 18:59 246765 ----a-w- c:\program files\VirtualDub.chm 2009-12-24 18:57 . 2009-12-24 18:57 219335 ----a-w- c:\program files\VirtualDub.vdi 2009-12-24 18:57 . 2009-12-24 18:57 2664960 ----a-w- c:\program files\VirtualDub.exe 2009-12-24 18:57 . 2009-12-24 18:57 69632 ----a-w- c:\program files\auxsetup.exe 2009-12-24 18:57 . 2009-12-24 18:57 8704 ----a-w- c:\program files\vdub.exe 2009-12-24 18:57 . 2009-12-24 18:57 73728 ----a-w- c:\program files\vdremote.dll 2009-12-24 18:57 . 2009-12-24 18:57 69632 ----a-w- c:\program files\vdicmdrv.dll 2009-12-24 18:56 . 2009-12-24 18:56 65536 ----a-w- c:\program files\vdsvrlnk.dll 2009-12-24 15:47 . 2008-07-03 15:03 39 ----a-w- c:\documents and settings\karin&paul\jagex_runescape_preferences.dat 2009-12-24 15:46 . 2009-12-24 15:39 69 ----a-w- c:\documents and settings\karin&paul\jagex_runescape_preferences2.dat 2009-12-22 16:49 . 2008-07-10 18:01 -------- d-----w- c:\program files\CamStudio 2009-12-22 16:33 . 2009-01-13 21:40 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-12-22 16:32 . 2009-12-22 16:32 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Software 2009-12-22 16:31 . 2009-01-13 21:40 -------- d-----w- c:\program files\NCH Software 2009-12-21 19:10 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-19 12:45 . 2006-09-27 02:23 -------- d-----w- c:\program files\Java 2009-12-19 12:40 . 2009-12-18 11:49 152576 ----a-w- c:\documents and settings\karin&paul\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-19 12:39 . 2009-12-18 11:48 79488 ----a-w- c:\documents and settings\karin&paul\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-16 04:25 . 2009-12-18 11:50 267552 ----a-w- c:\documents and settings\karin&paul\Application Data\Sun\Java\JRERunOnce.exe 2009-12-14 19:19 . 2006-10-26 09:11 -------- d-----w- c:\documents and settings\karin&paul\Application Data\idocsmgr 2009-12-13 17:12 . 2009-12-13 17:12 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-13 17:12 . 2009-12-13 17:12 138056 ----a-w- c:\documents and settings\karin&paul\Application Data\PnkBstrK.sys 2009-12-13 17:12 . 2009-12-13 17:12 138056 ----a-w- c:\documents and settings\karin&paul\Application Data\PnkBstrK.sys 2009-12-13 17:12 . 2009-12-13 17:12 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-13 17:12 . 2009-12-13 17:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-13 17:12 . 2009-12-13 17:12 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe 2009-12-09 17:46 . 2009-12-09 17:46 -------- d-----w- c:\program files\EA Games 2009-12-07 21:32 . 2009-12-06 20:25 -------- d-----w- c:\documents and settings\karin&paul\Application Data\Roxio 2009-12-06 20:25 . 2009-12-06 20:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio 2009-12-06 19:48 . 2006-09-27 02:23 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-12-06 19:47 . 2006-09-27 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-12-06 19:47 . 2009-12-06 19:43 -------- d-----w- c:\program files\Roxio 2009-12-06 19:47 . 2009-12-06 19:43 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-12-06 19:43 . 2006-12-25 15:12 -------- d-----w- c:\program files\DivX 2009-11-21 16:03 . 2004-08-04 21:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-09-13 21:13 . 2009-09-13 21:13 18321 ----a-w- c:\program files\copying . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-08 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "nwiz"="nwiz.exe" [2006-04-15 1519616] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "TrayServer"="c:\program files\MAGIX\Film_op_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-01-30 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-07-14 13:09 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-09-18 14:50 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-02-13 11:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2006-03-07 11:38 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-07-01 19:59 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2008-05-06 08:42 202088 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R1 AEP_TDI_DRV;AEP NSP Port Forwarder TDI Driver;c:\windows\system32\drivers\aeptdipfwd.sys [2009-02-26 36659] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-18 54752] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-11-04 639224] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-02 133104] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-12-30 1527900] S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-01-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-01 15:02] 2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-02 12:38] 2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-02 12:38] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 19:24 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="a" . Voltooingstijd: 2010-01-31 19:35:05 ComboFix-quarantined-files.txt 2010-01-31 18:34 ComboFix2.txt 2010-01-16 16:47 ComboFix3.txt 2010-01-06 19:59 ComboFix4.txt 2008-08-25 19:58 ComboFix5.txt 2010-01-31 18:01 Pre-Run: 22.478.049.280 bytes beschikbaar Post-Run: 22.682.263.552 bytes beschikbaar - - End Of File - - 12F0778F52A0C50B98399087A2A643B8 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:24, on 2010-01-31 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7_TerraTec_Edition\TrayServer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q306&bd=pavilion&pf=laptop O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msg...b56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/dow...ysinfo.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerG...109791.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UN...E_UNO1.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ction2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static...0.27.0.cab O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.cbi.com/InternalSite/WhlCompMgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/749...loader.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mymail.cbi.com/whalecom2bd7345b7.../dwa7W.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://joincbi.webex.com/client/T26L10N...eatgpc.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/pho...NPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Au...oader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Min...b56986.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 13398 bytes |
|||
|
|
|
31-01-2010, 23:06
Bericht: #7
|
|||
|
|||
|
RE: computer start zeer traag op
Ik zie geen sporen van malware in de logjes.
Doe dit even: Deïnstalleer ComboFix. Ga naar Start - Uitvoeren, tik in: Combofix /Uninstall (Let op de spatie tussen Combofix en /Uninstall) Druk daarna op Enter. Dit zal Combofix verwijderen en alle gerelateerde mappen en bestanden, het herstelt de klokinstellingen, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en het reset Systeemherstel. Herstart de computer en vertel even hoe alles nu werkt. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
01-02-2010, 22:16
Bericht: #8
|
|||
|
|||
RE: computer start zeer traag op
(31-01-2010 23:06)Marckie schreef: Ik zie geen sporen van malware in de logjes. Marckie, Er is weinig tot geen verbetering. Alles doet het wel, maar het opstarten duurt nog steeds 5 tot 7 minuten vanaf aanzetten. Voordat Windows geladen is duurt 2 minuten, dan buroblad laden bijna 2 minuten, Symantec duurt dan zeker nog 4 minuten voordat het helemaal aktief is, waardoor ik tussendoor nog steeds de windows melding krijg dat het systeem gevaar loopt doordat het onbeschermd is. Alle toepassingen duren langer dan normaal; bijna 1 minuut voordat internet explorer, of word of excel opgestart is. Ik heb intussen ook de C gedefragmenteerd, Windows XP Service pack 3 geinstalleeerd en een aantal programma's niet meer automatisch op laten starten in msconfig. Tot ongeveer een maand geleden was het aanzetten en binnen 1 minuut aan de slag. Heeft u misschien nog andere oplossingen ? Alvast hartelijk bedankt ! |
|||
|
|
|
01-02-2010, 23:18
Bericht: #9
|
|||
|
|||
|
RE: computer start zeer traag op
Neen niet echt.
Ik zou nog even een extra controle willen uitvoeren op aanwezigheid van rootkits. Download Gmer Rootkitscanner: http://www2.gmer.net/download.php Plaats het op je bureaublad. Het bestand dat je downloadt bestaat uit een willkeurig gekozen combinatie van cijfers en letters. (vb jqb1jln3.exe of ubmp5cd5.exe steeds een combinatie van 8 cijfers en letters) Dubbelklik op dit bestand om Gmer te starten. Krijg je een melding dat er rootkits actief zijn en er wordt gevraagd om een scan uit te voeren, dan sta je dit niet toe. Pas eerst de instellingen aan zoals hieronder beschreven. Aan de rechterkant heb je een aantal opties die je kan uit- of aanvinken. Standaard staat alles aangevinkt. Vink volgende items uit: - Sections - IAT/EAT Files moet aangevinkt zijn, maar zorg dat hier enkel de systeempartitie aangevinkt is. ( De systeempartitie is die partitie waarop je windows geïnstalleerd is. ) Haal het vinkje weg bij "show all" ( dit mag niet aangevinkt zijn! ) Klik nu op de "Scan" knop om de rootkitscan met Gmer te starten. Als de scan klaar is klik je op de knop "Save" en sla je het logje op op je bureaublad. ( Klik je op knop "Copy", dan wordt de volledige rapportje van de log naar het klembord gekopieerd en kan je via CTRL+V in je volgende post plakken. ) Om Gmer te sluiten, klik je op de knop "Cancel". Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
02-02-2010, 22:53
Bericht: #10
|
|||
|
|||
RE: computer start zeer traag op
(01-02-2010 23:18)Marckie schreef: Neen niet echt. Marckie, Hierbij de log van Gmer: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-02 21:50:35 Windows 5.1.2600 Service Pack 3 Running: 3jsdtf9b.exe; Driver: C:\DOCUME~1\KARIN&~1\LOCALS~1\Temp\kwkyikog.sys ---- System - GMER 1.0.15 ---- SSDT 8662FF48 ZwAlertResumeThread SSDT 860313F8 ZwAlertThread SSDT 8668A198 ZwAllocateVirtualMemory SSDT 871736A8 ZwConnectPort SSDT 867343F0 ZwCreateMutant SSDT 867547C0 ZwCreateThread SSDT 86793AA8 ZwFreeVirtualMemory SSDT 867FB5B0 ZwImpersonateAnonymousToken SSDT 86684608 ZwImpersonateThread SSDT 866DB500 ZwMapViewOfSection SSDT 8602A910 ZwOpenEvent SSDT 865F3180 ZwOpenProcessToken SSDT 867D2188 ZwOpenThreadToken SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xB2ED0280] SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xF72CB7B0] SSDT 865B7260 ZwResumeThread SSDT 865AF2D8 ZwSetContextThread SSDT 867EE188 ZwSetInformationProcess SSDT 866FF430 ZwSetInformationThread SSDT 866EC588 ZwSuspendProcess SSDT 867807C0 ZwSuspendThread SSDT 865D7AA8 ZwTerminateProcess SSDT 8673DE78 ZwTerminateThread SSDT 8675E150 ZwUnmapViewOfSection SSDT 866D97B0 ZwWriteVirtualMemory ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aeptdipfwd.sys (TDI Filter Driver for AEP Port-Forwarder/AEP Networks Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp aeptdipfwd.sys (TDI Filter Driver for AEP Port-Forwarder/AEP Networks Inc.) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp aeptdipfwd.sys (TDI Filter Driver for AEP Port-Forwarder/AEP Networks Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp aeptdipfwd.sys (TDI Filter Driver for AEP Port-Forwarder/AEP Networks Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0x42 0xC4 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0x42 0xC4 0x9B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0x42 0xC4 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart Plus B209a-m@ChangeID 946062 ---- EOF - GMER 1.0.15 ---- |
|||
|
|
|
02-02-2010, 23:22
(Dit bericht is het laatst bewerkt op 02-02-2010 om 23:24 door Marckie.)
Bericht: #11
|
|||
|
|||
|
RE: computer start zeer traag op
Ook dit logje ziet er goed uit.
Ik vind geen sporen van malware. Heb je onlangs nieuwe software geïnstalleerd, waarna de problemen ontstaan zijn? Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
04-02-2010, 12:48
Bericht: #12
|
|||
|
|||
RE: computer start zeer traag op
(02-02-2010 23:22)Marckie schreef: Ook dit logje ziet er goed uit. Ja, Ik heb een nieuwe draadloze HP-printer met bijgeleverde software, en ook nog een analoge videokaart (Grabby) met daarbij MAGIX Film op DVD TerraTec Edition, beide officieel meegeleverd op CD. kan dat de oorzaak zijn ? |
|||
|
|
|
04-02-2010, 14:08
Bericht: #13
|
|||
|
|||
|
RE: computer start zeer traag op
Zijn de problemen ontstaan onmiddellijk na installatie van deze software?
Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
04-02-2010, 20:04
Bericht: #14
|
|||
|
|||
| RE: computer start zeer traag op | |||
|
|
|
04-02-2010, 23:24
Bericht: #15
|
|||
|
|||
|
RE: computer start zeer traag op
In principe zou het niet mogen dat dit de computer vertraagd.
Maak een nieuwe log met Combofix en post deze. Vraagt combofix om te updaten en een nieuwe versie te downloaden dan doe je dit. Post de log. Schakel antivirusprogramma uit tijdens de scan. Maak een nieuwe log met Gmer en post deze ook. (scannen met virusscan uitgeschakeld) Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
13-02-2010, 12:17
Bericht: #16
|
|||
|
|||
|
Inactief
Jammer dat je geen reactie meer hebt gegeven op deze thread..., daarom wordt deze thread verplaatst naar het "Opgeloste/Inactieve HijackThislogs" forum, waar je niet meer kan posten, enkel lezen.
Indien je terug problemen ondervindt in de eerstvolgende dagen, gelieve een PM te sturen naar één van de Moderators of Administrators om deze thread terug te zetten zodat je verder kan geholpen worden. Bij problemen die opduiken na enkele weken is het beter om een nieuwe thread te starten met een nieuwe log. Indien er problemen zijn die niks met malware te maken hebben, gelieve een nieuwe thread te starten in het juist forumonderdeel. Microsoft MVP - Consumer Security
Sometimes you can't make it on your own Spyware, malware - Hoe kom ik er vanaf? |
|||
|
|
|
|
