Vraag & Antwoord

Beveiliging & privacy

Pc weer erg traag

10 antwoorden
  • me pc doet weer raar heb msconfig ook gebruikt opent internet paginas laat [gebruik atf cleaner+ ccleaner] en verwijder internet bestanden af en toe na het opstarten weer 5 min wachten totdat ie bij is k heb een logje gemaakt k hoop dat het daaraan ligt wat jullie vinden alvast erg bedankt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:10:58, on 3-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Steam\Steam.exe C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYNL O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7292 bytes heb al 1tje gezien denk ik: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • Ga naar Start -> Configuratiescherm -> Software en verwijder daar, indien aanwezig [b:e75846e32e] My Web Search My Web Speedbar WebSearch Tools Search Assistant - My Way [/b:e75846e32e] Herstart vervolgens je PC. Download [b:e75846e32e][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:e75846e32e] naar je [b:e75846e32e]bureaublad[/b:e75846e32e] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:e75846e32e]download Combofix opnieuw[/b:e75846e32e]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:e75846e32e]combofix.exe[/u:e75846e32e] Kies voor "Continue" door [b:e75846e32e]1[/b:e75846e32e] te typen gevolgd door [b:e75846e32e]ENTER[/b:e75846e32e]. Tijdens het runnen van de fix, [b:e75846e32e]NIET[/b:e75846e32e] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:e75846e32e]combofix.txt[/b:e75846e32e] openen. [i:e75846e32e]Plaats in je volgende antwoord het logje van combofix ([i]combofix.txt[/i:e75846e32e]) tesamen met een vers Hijackthis log. [/i] Succes! Pim
  • combofix: ComboFix 07-12-02.6 - Sadik 2007-12-03 20:18:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.736 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\Shared\[u:4b7dcd3adb]0[/u:4b7dcd3adb]0448A24.dat C:\Program Files\internet explorer\msimg32.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))) . 2007-12-03 20:13 . 2007-12-01 02:22 381,012 --a------ C:\Program Files\Uninstall Fun Web Products.dll 2007-12-03 17:10 . 2007-12-03 17:10 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 17:10 . 2007-12-03 17:10 <DIR> dr-h----- C:\Documents and Settings\Sadik\Onlangs geopend 2007-12-02 20:27 . 2007-12-02 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies 2007-12-02 18:12 . 2007-12-02 18:12 <DIR> d-------- C:\WINDOWS\Sun 2007-12-02 15:49 . 2007-12-02 15:49 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-12-02 15:49 . 2007-12-02 15:49 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-12-02 14:54 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-02 14:48 . 2007-12-02 14:48 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-12-02 14:48 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-12-02 14:48 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2007-12-02 14:48 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-12-02 14:48 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-12-02 02:20 . 2007-12-03 09:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-02 02:20 . 2007-12-02 02:20 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-29 20:39 . 2007-12-02 19:08 <DIR> d-------- C:\Program Files\GameSpy Arcade 2007-11-29 17:09 . 2007-12-02 01:31 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-28 22:20 . 2007-11-28 22:20 395 --a------ C:\WINDOWS\ODBC.INI 2007-11-28 22:15 . 2007-11-28 22:19 <DIR> d-------- C:\WINDOWS\ShellNew 2007-11-28 21:39 . 2007-11-28 21:39 <DIR> d-------- C:\Documents and Settings\Sadik\Application Data\InstallShield 2007-11-27 23:25 . 2007-12-02 22:55 <DIR> d-------- C:\Program Files\DivX 2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d-------- C:\Program Files\SAGEM 2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d-------- C:\Program Files\Ahead 2007-11-27 19:12 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-27 19:12 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-11-27 18:50 . 2007-11-27 18:53 <DIR> d-------- C:\Program Files\SopCast 2007-11-27 18:49 . 2007-11-27 18:49 <DIR> d-------- C:\Program Files\Live_TV 2007-11-27 18:22 . 2007-11-27 18:22 <DIR> d-------- C:\Documents and Settings\Sadik\Application Data\Nero 2007-11-27 18:19 . 2007-11-27 18:21 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-11-27 18:19 . 2007-11-27 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-11-26 17:54 . 2007-11-26 17:54 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d-------- C:\Program Files\QuickTime 2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d-------- C:\Documents and Settings\Sadik\Application Data\Apple Computer 2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-11-25 10:14 . 2007-12-01 02:15 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-25 10:14 . 2007-11-29 22:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-25 10:14 . 2007-12-01 02:15 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-25 10:13 . 2007-11-25 10:13 <DIR> dr-h----- C:\Documents and Settings\Sadik\Application Data\SecuROM 2007-11-25 10:13 . 2007-11-25 10:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-25 09:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-25 09:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-25 09:51 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-11-25 09:51 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-11-25 09:50 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-25 09:50 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-25 09:50 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-25 09:50 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-25 09:50 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-11-25 09:50 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-11-25 09:50 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-25 09:50 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-11-24 15:26 . 2007-11-24 15:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-24 15:26 . 2007-11-24 15:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-24 15:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-24 15:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-11-24 15:19 . 2007-11-24 15:21 10 --a------ C:\WINDOWS\system32\amonl.ini 2007-11-24 15:18 . 2002-06-17 01:23 49,152 --a------ C:\WINDOWS\system32\nod32ccl.exe 2007-11-24 15:18 . 2002-06-17 01:25 12 --a------ C:\WINDOWS\system32\nod32ccl.ini 2007-11-24 15:18 . 2007-11-24 15:22 10 --a------ C:\WINDOWS\system32\NOD32l.ini 2007-11-24 15:16 . 2007-11-24 15:25 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-24 15:13 . 2007-11-24 15:13 <DIR> d-------- C:\Program Files\Windows Journal Viewer 2007-11-24 14:45 . 2007-11-24 14:45 306 --a------ C:\WINDOWS\system32\F8173910295B45b6A356920934C845A3.ini 2007-11-24 14:44 . 2007-11-24 14:44 25,714,688 --a------ C:\WINDOWS\system32\Helikopterden_istanbul.scr 2007-11-24 12:35 . 2007-11-24 12:35 253,952 --------- C:\WINDOWS\Setup1.exe 2007-11-24 12:35 . 2007-11-24 12:35 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-24 12:16 . 2007-11-24 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs 2007-11-24 12:15 . 2007-11-24 12:15 <DIR> d-------- C:\Program Files\SRS Labs 2007-11-24 12:15 . 2007-05-03 10:27 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys 2007-11-24 12:15 . 2007-05-03 10:27 46,592 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys 2007-11-24 12:15 . 2007-05-03 10:28 39,552 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys 2007-11-24 12:15 . 2007-05-03 10:27 37,248 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys 2007-11-24 12:15 . 2007-05-03 10:27 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys 2007-11-24 11:54 . 2007-11-24 11:54 3,861,830 --a------ C:\WINDOWS\system32\Kagaya.edm 2007-11-24 11:54 . 2007-11-24 11:54 1,232,166 --a------ C:\WINDOWS\system32\jackasslayer.wav 2007-11-24 11:54 . 2007-11-24 11:54 361,984 --a------ C:\WINDOWS\system32\Kagaya.scr 2007-11-24 11:46 . 2007-12-02 18:29 <DIR> d-------- C:\Program Files\SpeedFan 2007-11-24 11:46 . 2007-11-24 11:46 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2007-11-24 11:39 . 2007-11-24 11:39 <DIR> d-------- C:\Program Files\uTorrent 2007-11-24 11:39 . 2007-12-02 20:17 <DIR> d-------- C:\Documents and Settings\Sadik\Application Data\uTorrent 2007-11-24 11:35 . 2007-11-24 11:35 <DIR> d-------- C:\Documents and Settings\Sadik\Incomplete 2007-11-24 11:33 . 2007-12-01 02:25 <DIR> d-------- C:\Documents and Settings\Sadik\Application Data\LimeWire 2007-11-24 02:13 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-24 02:09 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-11-24 02:09 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-11-24 02:09 . 2006-08-21 13:28 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-11-24 02:07 . 2007-11-24 02:07 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-24 02:03 . 2007-11-24 02:03 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-24 01:58 . 2007-08-20 11:02 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-24 01:58 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-24 01:58 . 2007-03-08 06:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-24 01:58 . 2007-08-20 11:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-24 01:58 . 2007-08-20 11:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-24 01:58 . 2007-08-20 11:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-24 01:58 . 2007-08-20 11:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-24 01:58 . 2007-08-20 11:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 11:16 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-25 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-24 01:01 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-11-24 01:01 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-11-23 18:20 --------- d-----w C:\Program Files\MP3 Player Utilities 3.13 2007-11-23 18:17 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-11-23 18:13 --------- d-----w C:\Documents and Settings\Sadik\Application Data\Teleca 2007-11-23 18:11 --------- d-----w C:\Program Files\Disc2Phone 2007-11-23 18:01 --------- d-----w C:\Program Files\Sony Ericsson 2007-11-23 18:01 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-11-23 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-11-23 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-11-23 18:00 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys 2007-11-23 18:00 5,808 ----a-w C:\WINDOWS\system32\drivers\w810wh.sys 2007-11-23 17:57 --------- d-----w C:\Program Files\LRC Editor 4 2007-11-23 17:51 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-23 17:51 --------- d-----w C:\Program Files\ASUS 2007-11-23 17:48 --------- d-----w C:\Program Files\Marvell 2007-11-23 17:45 --------- d-----w C:\Program Files\Realtek 2007-11-23 17:43 --------- d-----w C:\Program Files\Intel 2007-11-23 17:38 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-10-20 00:56 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-10-20 00:56 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "Steam"="D:\Steam\Steam.exe" [2007-11-30 14:33] "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-24 12:16] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-24 15:25] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:03] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys . Inhoud van de 'Gedeelde Taken' map "2007-11-25 18:47:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 20:21:31 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-03 20:23:35 - machine was rebooted . --- E O F --- hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:30:28, on 3-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Steam\Steam.exe C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 6190 bytes
  • Start Hijackthis, kies voor [i:505b727419]'Do a system scan only'[/i:505b727419] en vink onderstaande regels aan: [b:505b727419] R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:505b727419] Sluit nu [u:505b727419]alle[/u:505b727419] openstaande vensters, behalve Hijackthis en klik op [b:505b727419]Fix Checked[/b:505b727419]. Verwijder onderstaand bestand: C:\Program Files\[b:505b727419]Uninstall Fun Web Products.dll[/b:505b727419] En onderstaande map, indien nog aanwezig: C:\Program Files\[b:505b727419]MyWebSearch[/b:505b727419] Hoe is het met je problemen? Pim
  • zie al verbeteringen komen hij vliegt weer erg bedankt he :wink: prettige dag verder... Respectl \/ l <|||| l ||| l |||
  • kan nu weer normaal internette :D :D
  • Graag gedaan :) Deinstalleer Combofix: Ga naar start --> uitvoeren en typ daar: [b:fb26764640]combofix /u[/b:fb26764640] Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Pim
  • oww bedankt voor die tip maar uh heb dat getypt hij kan het pad niet vinden had hem vewijderd vanaf me bureaublad erg??
  • Controleer even ofdat je het het goed hebt overgetypt. Het is niet erg als je hem hebt verwijderd, maar verwijder onderstaande map ook nog even: C:\[b:a6f72d83d8]qoobox[/b:a6f72d83d8] Pim
  • alles verwijderd die ook ernaast waren logjes enzz.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.