Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Laptop mega traag en crashes zijn regelmaat

None
21 antwoorden
  • Hallo,

    Zou iemand voor mij wat logjes na willen kijken op ellende die er niet in thuis hoort?
    Mijn laptop is (naar mijn idee sinds een update van Firefox) geleidelijk aan steeds wat trager aan het worden.
    Photoshop crasht na 2 minuten, regelmatig sluit firefox zichzelf af en uitschakelen en opstarten duurt eindeloos.
    Nadat windows is opgestart duurt het zeker nog een minuut of twee voordat ik de taakbalk kan gebruiken.
    In mijn cpu heb ik rond de 39 actieve programma's wat naar mijn idee behoorlijk veel is.

    Wat heb ik reeds geprobeerd:

    Uiteraard een schijfopruiming met daaropvolgend gedefragmenteerd.
    Met PcTool Registry clean heb ik de boel proberen op te schonen.
    Een online scan van http://nl.trendmicro-europe.com/consumer/housecall/housecall_launch.php
    maar ook die liep vast.

    Onderstaand is mijn Hijack log.

    Hopende dat er iets uitkomt.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:14:40, on 12-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
    etfxupdate.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Vincent\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.0.1/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\jkkklkj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
    O2 - BHO: (no name) - {B06300D5-3C34-46F8-9B13-9DCEB221B0DD} - C:\WINDOWS\system32\ljhed.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
    O20 - Winlogon Notify: ljhed - C:\WINDOWS\system32\ljhed.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    End of file - 6218 bytes


    Mijn dank is groot.

    Mvg. Vincent
  • Hoi Vincent,

    Download Combofix naar je [b:9a8f04f9b1]bureaublad[/b:9a8f04f9b1]

    Dubbelklik op [u:9a8f04f9b1]combofix.exe[/u:9a8f04f9b1]
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, [b:9a8f04f9b1]NIET[/b:9a8f04f9b1] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:9a8f04f9b1]combofix.txt[/b:9a8f04f9b1] openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Succes!

    Pim
  • Er vanuitgaande dat je de log wilt zien.

    "Vincent" - 2007-07-12 21:42:25 - ComboFix 07-07-12.3 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dehjl.ini
    C:\WINDOWS\system32\dehjl.ini2
    C:\WINDOWS\system32\dehjl.tmp
    C:\WINDOWS\system32\ljhed.dll
    C:\WINDOWS\system32\jkkklkj.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


    2007-07-12 21:38 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-07-12 11:59 76,560 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-07-12 11:58 <DIR> d——– C:\DOCUME~1\Vincent\.housecall6.6
    2007-07-01 22:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-07-01 22:21 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2007-06-30 13:27 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\Canon
    2007-06-29 20:56 <DIR> d–h—– C:\CWDS2Temp
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Common Files\Canon
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Canon
    2007-06-25 22:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
    2007-06-20 14:13 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-17 22:17 69,632 –a—— C:\WINDOWS\AutoUpdateWin31.dll
    2007-06-17 22:17 32,768 –a—— C:\WINDOWS\AutoUpdateWin33.exe
    2007-06-14 21:16 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-06-13 09:40 <DIR> d——– C:\WINDOWS\system32\NtmsData
    2007-06-13 09:08 5,505,024 –a—— C:\DOCUME~1\Vincent
    tuser.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-12 12:34:17 ——– d—–w C:\Program Files\Texture
    2007-07-10 15:12:25 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-07-08 18:44:40 ——– d—–w C:\Program Files\FinePixViewer
    2007-07-08 18:44:00 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\FUJIFILM
    2007-07-04 18:35:41 ——– d—–w C:\Program Files\ICQ
    2007-06-25 20:07:38 ——– d—–w C:\Program Files\GlobalSCAPE
    2007-06-14 19:34:52 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\gtk-2.0
    2007-06-13 19:18:30 1,292 -c–a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat
    2007-06-07 07:33:44 ——– d—–w C:\Program Files
    etpbm_gallery-1.4-pl2-win32
    2007-05-20 20:25:41 ——– d–h–w C:\Program Files\Zero G Registry
    2007-05-20 11:44:50 ——– d—–w C:\Program Files\apwab6
    2007-05-19 20:33:41 72,926 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-19 20:33:41 447,938 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-19 19:52:36 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\GlobalSCAPE
    2007-05-17 21:04:28 ——– d—–w C:\Program Files\Ipswitch
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2005-08-22 16:08:50 457 -c–a-w C:\Program Files\INSTALL.LOG


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 –a—— C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 –a—— C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-11-12 12:28 C:\WINDOWS\system32\VTTimer.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 10:15 C:\WINDOWS\AGRSMMSG.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 14:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 10:03]
    "RegistryMechanic"="" []
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 08:40]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "CuteFTP TE"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe" [2007-05-31 12:03]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 15:57]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Exif Launcher.lnk
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vincent^Menu Start^Programma's^Opstarten^Hulp op afstand.lnk]
    backup=C:\WINDOWS\pss\Hulp op afstand.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "p2psvc"=3 (0x3)
    "p2pimsvc"=3 (0x3)
    "p2pgasvc"=3 (0x3)
    "ImapiService"=3 (0x3)
    "Fax"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e066b7-be99-11da-810b-000171047878}]
    AutoRun\command- E:\setupSNK.exe


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-12 21:54:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    **************************************************************************

    Completion time: 2007-07-12 21:56:51 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-07-12 21:56
    C:\ComboFix2.txt … 2006-12-08 22:27

    — E O F —



    Overigens bedankt voor de snelle reactie hoor! Top!
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:5d17912cc1]
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryMechanic"=""
    [/b:5d17912cc1]

    Sla dit op op je Bureaublad als [b:5d17912cc1][u:5d17912cc1]ComboFix-Do.txt[/b:5d17912cc1][/u:5d17912cc1].

    Sleep ComboFix-Do.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
    [img:5d17912cc1]http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif[/img:5d17912cc1]

    Dit zal [b:5d17912cc1]ComboFix[/b:5d17912cc1] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:5d17912cc1]Combofix.txt[/b:5d17912cc1] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes!

    Pim
  • ok, er werd niet gevraagd opnieuw op te starten dus dat heb ik ook niet gedaan.
    Enkel ter kennisgeving.

    nieuwe combo fix log

    "Vincent" - 2007-07-12 22:26:07 - ComboFix 07-07-12.3 - Service Pack 2
    Command switches used :: C:\Documents and Settings\Vincent\Bureaublad\ComboFix-Do.txt


    ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


    2007-07-12 21:38 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-07-12 11:59 76,560 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-07-12 11:58 <DIR> d——– C:\DOCUME~1\Vincent\.housecall6.6
    2007-07-01 22:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-07-01 22:21 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2007-06-30 13:27 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\Canon
    2007-06-29 20:56 <DIR> d–h—– C:\CWDS2Temp
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Common Files\Canon
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Canon
    2007-06-25 22:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
    2007-06-20 14:13 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-17 22:17 69,632 –a—— C:\WINDOWS\AutoUpdateWin31.dll
    2007-06-17 22:17 32,768 –a—— C:\WINDOWS\AutoUpdateWin33.exe
    2007-06-14 21:16 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-06-13 09:40 <DIR> d——– C:\WINDOWS\system32\NtmsData
    2007-06-13 09:08 5,505,024 –a—— C:\DOCUME~1\Vincent
    tuser.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-12 12:34:17 ——– d—–w C:\Program Files\Texture
    2007-07-10 15:12:25 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-07-08 18:44:40 ——– d—–w C:\Program Files\FinePixViewer
    2007-07-08 18:44:00 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\FUJIFILM
    2007-07-04 18:35:41 ——– d—–w C:\Program Files\ICQ
    2007-06-25 20:07:38 ——– d—–w C:\Program Files\GlobalSCAPE
    2007-06-14 19:34:52 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\gtk-2.0
    2007-06-13 19:18:30 1,292 -c–a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat
    2007-06-07 07:33:44 ——– d—–w C:\Program Files
    etpbm_gallery-1.4-pl2-win32
    2007-05-20 20:25:41 ——– d–h–w C:\Program Files\Zero G Registry
    2007-05-20 11:44:50 ——– d—–w C:\Program Files\apwab6
    2007-05-19 20:33:41 72,926 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-19 20:33:41 447,938 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-19 19:52:36 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\GlobalSCAPE
    2007-05-17 21:04:28 ——– d—–w C:\Program Files\Ipswitch
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2005-08-22 16:08:50 457 -c–a-w C:\Program Files\INSTALL.LOG


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 –a—— C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 –a—— C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-11-12 12:28 C:\WINDOWS\system32\VTTimer.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 10:15 C:\WINDOWS\AGRSMMSG.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 14:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 10:03]
    "RegistryMechanic"="" []
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 08:40]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "CuteFTP TE"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe" [2007-05-31 12:03]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 15:57]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Exif Launcher.lnk
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vincent^Menu Start^Programma's^Opstarten^Hulp op afstand.lnk]
    backup=C:\WINDOWS\pss\Hulp op afstand.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "p2psvc"=3 (0x3)
    "p2pimsvc"=3 (0x3)
    "p2pgasvc"=3 (0x3)
    "ImapiService"=3 (0x3)
    "Fax"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e066b7-be99-11da-810b-000171047878}]
    AutoRun\command- E:\setupSNK.exe

    *Newly Created Service* - CATCHME

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-12 22:28:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-12 22:29:49
    C:\ComboFix-quarantined-files.txt … 2007-07-12 22:29
    C:\ComboFix2.txt … 2007-07-12 21:56
    C:\ComboFix3.txt … 2006-12-08 22:27

    — E O F —



    En nieuwe Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:37:00, on 12-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
    etfxupdate.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Vincent\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.0.1/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    End of file - 5846 bytes


    Valt het uit te leggen wat ik nu gedaan heb?

    Gr. Vincent
  • Hoi Vincent,

    Omdat ik net beginnend ben moet ik even in overleg met de experts hier.
    Nu niet in paniek raken, het is niet erg, maar er werkt iets niet wat het wel zou moeten doen.

    Je hoort z.s.m. van me!

    Pim
  • Hoi Vincent, ben ik weer.

    Ik had de verkeerde instructies gegeven, probeer het volgende even:

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:e634d90732]
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
    [/b:e634d90732]
    Sla dit op op je Bureaublad als [b:e634d90732]CFScript.txt[/b:e634d90732]

    Sleep [b:e634d90732]CFScript.txt[/b:e634d90732] in [b:e634d90732]ComboFix.exe[/b:e634d90732] zoals getoond in onderstaand voorbeeld :

    [img:e634d90732]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:e634d90732]

    Dit zal [b:e634d90732]ComboFix[/b:e634d90732] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:e634d90732]Combofix.txt[/b:e634d90732] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes!

    Pim
  • Hindert niet, al doende leert men.

    Mijn nieuwe log van zowel Combofix en Hijack this.

    Het kan neem ik aan geen kwaad wat ik hiervóór heb ingevoer bij combofix?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:20:08, on 13-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
    etfxupdate.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Documents and Settings\Vincent\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.0.1/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CuteFTP TE] "C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
    pjpi160_01.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    End of file - 5745 bytes

    En van COmbofix:

    "Vincent" - 2007-07-13 17:14:48 - ComboFix 07-07-12.3 - Service Pack 2
    Command switches used :: C:\Documents and Settings\Vincent\Bureaublad\CFScript.txt


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-12 21:38 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-07-12 11:59 76,560 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-07-12 11:58 <DIR> d——– C:\DOCUME~1\Vincent\.housecall6.6
    2007-07-01 22:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-07-01 22:21 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2007-06-30 13:27 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\Canon
    2007-06-29 20:56 <DIR> d–h—– C:\CWDS2Temp
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Common Files\Canon
    2007-06-29 20:16 <DIR> d——– C:\Program Files\Canon
    2007-06-25 22:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
    2007-06-20 14:13 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-17 22:17 69,632 –a—— C:\WINDOWS\AutoUpdateWin31.dll
    2007-06-17 22:17 32,768 –a—— C:\WINDOWS\AutoUpdateWin33.exe
    2007-06-14 21:16 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-06-13 09:40 <DIR> d——– C:\WINDOWS\system32\NtmsData
    2007-06-13 09:08 5,505,024 –a—— C:\DOCUME~1\Vincent
    tuser.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-12 12:34:17 ——– d—–w C:\Program Files\Texture
    2007-07-10 15:12:25 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-07-08 18:44:40 ——– d—–w C:\Program Files\FinePixViewer
    2007-07-08 18:44:00 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\FUJIFILM
    2007-07-04 18:35:41 ——– d—–w C:\Program Files\ICQ
    2007-06-25 20:07:38 ——– d—–w C:\Program Files\GlobalSCAPE
    2007-06-14 19:34:52 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\gtk-2.0
    2007-06-13 19:18:30 1,292 -c–a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat
    2007-06-07 07:33:44 ——– d—–w C:\Program Files
    etpbm_gallery-1.4-pl2-win32
    2007-05-20 20:25:41 ——– d–h–w C:\Program Files\Zero G Registry
    2007-05-20 11:44:50 ——– d—–w C:\Program Files\apwab6
    2007-05-19 20:33:41 72,926 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-19 20:33:41 447,938 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-19 19:52:36 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\GlobalSCAPE
    2007-05-17 21:04:28 ——– d—–w C:\Program Files\Ipswitch
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2005-08-22 16:08:50 457 -c–a-w C:\Program Files\INSTALL.LOG


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 –a—— C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 –a—— C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-11-12 12:28 C:\WINDOWS\system32\VTTimer.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 10:15 C:\WINDOWS\AGRSMMSG.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 14:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 10:03]
    "RegistryMechanic"="" []
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 08:40]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "CuteFTP TE"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe" [2007-05-31 12:03]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 15:57]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Exif Launcher.lnk
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vincent^Menu Start^Programma's^Opstarten^Hulp op afstand.lnk]
    backup=C:\WINDOWS\pss\Hulp op afstand.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "p2psvc"=3 (0x3)
    "p2pimsvc"=3 (0x3)
    "p2pgasvc"=3 (0x3)
    "ImapiService"=3 (0x3)
    "Fax"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e066b7-be99-11da-810b-000171047878}]
    AutoRun\command- E:\setupSNK.exe


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 17:18:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    **************************************************************************

    Completion time: 2007-07-13 17:19:45
    C:\ComboFix-quarantined-files.txt … 2007-07-13 17:19
    C:\ComboFix2.txt … 2007-07-12 22:29
    C:\ComboFix3.txt … 2007-07-12 21:56

    — E O F —


    Ik hoor het wel.

    Mvg. Vincent
  • Ik moet overigens wel vermelden dat de vorige tekst die je mij liet invoeren al wel zijn vruchten heeft afgeworpen.
    Het systeem is al een stuk meer de oude.

    Daarvoor is mijn dank al groot.

    Gr. Vincent
  • Start Hijackthis, Kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:2f78076b44]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    [/b:2f78076b44]

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Hoe is het met je problemen??
  • SUPER!

    Afsluiten gebeurt weer binnen 10 seconden.
    Opstarten gaat een heel stuk sneller en ik kan vrijwel meteen de taakbalk gebruiken.

    Photoshop crasht nog steeds maar ik heb meer het idee dat daar zelf iets mee is.

    Firefox is niet meer uitgevallen.

    Dank voor je hulp.
    Als jullie er toch niet zouden zijn…..
  • Nog 1 ding.

    Als ik mijn laptop in standby modus wil zetten dan krijg ik een scherm in beeld met het volgende.

    De Microsoft.NET Framewortk v1.1.4322 Updat-service verhindert dat deze computer naar standby modus kan overschakelen.
    Stop de service en probeer het daarna opnieuw.

    Wat is dit?
    Waar stop ik dit en waarom heb ik het opeens?

    Gr. Vincent
  • Hoi Vincent,

    Open Kladblok en plak onderstaande code in een leeg kladblok venster:

    [b:80d0a48610]net stop "Microsoft .NET Framework v1.1.4322 Update"[/b:80d0a48610]

    Sla dit op als 'fix.bat' (zonder aanhalingstekens) en als type 'Alle bestanden', op je [u:80d0a48610]bureaublad[/u:80d0a48610]. Dubbelklik op fix.bat om het script uit te voeren.



    [size=9:80d0a48610](bron[/size:80d0a48610])
  • En het werkt hoor.

    Dank je wel voor je hulp.

    Gr. Vincent
  • Graag gedaan :)
  • Verwijder zeker deze 2 bestanden nog van je computer.
    C:\WINDOWS\AutoUpdateWin31.dll
    C:\WINDOWS\AutoUpdateWin33.exe

    Beiden zijn malware gerelateerd.
  • Done!
  • [quote:154b31f5f7="pimvandenderen"]Hoi Vincent,

    Open Kladblok en plak onderstaande code in een leeg kladblok venster:

    [b:154b31f5f7]net stop "Microsoft .NET Framework v1.1.4322 Update"[/b:154b31f5f7]

    Sla dit op als 'fix.bat' (zonder aanhalingstekens) en als type 'Alle bestanden', op je [u:154b31f5f7]bureaublad[/u:154b31f5f7]. Dubbelklik op fix.bat om het script uit te voeren.



    [size=9:154b31f5f7](bron[/size:154b31f5f7])[/quote:154b31f5f7]

    Toch nog één dingetje.

    bovenstaand heb ik gedaan en werkt wel, maar alleen zolang ik de computer niet afsluit.
    Na opnieuw opstarten moet ik iedere keer opnieuw die fix aanklikken om in standby modus te kunnen.
    Is er definitieve oplossing voor???

    Gr. Vincent
  • Hoi Vincent,

    Ik was er even een weekje tussenuit, dus vandaar dat ik nu pas reageer.
    Probeer het volgende eens, weet niet zeker of het werkt:

    Ga naar start –> uitvoeren
    un en typ/plak het volgende: [b:f8bc65965a]services.msc[/b:f8bc65965a]. Klik daarna op ok.

    Zoek in de lijst met services naar 'Microsoft .NET Framework v1.1.4322 Update'. Dubbelklik hierop en kies voor stoppen. Kies vervolgens voor opstarttype 'uitgeschakeld'

    Probleem opgelost?

    Pim
  • Ik heb bewust even gewacht met antwoorden om te checken of ook NA het updaten van Windows etc, de pop-up wegblijft en het antwoord is

    JA! Die blijft weg en het systeem werkt weer naar behoren.

    Dank je wel voor de hulp.

    Mvg. Vincent

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.