Vraag & Antwoord

Beveiliging & privacy

Eveneens trage opstart

17 antwoorden
  • Ook mijn PC is eg traag met opstarten. Alles gecontroleerd met avast, spybot, ad-aware, malwarebytes, ATF en ccleaner. Door svchost wordt tot 6 minuten na opstarten 100 cpu gebruikt. Graag hulp. Ben Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:51, on 9-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Nieuwe map\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: hgGwTnOI - C:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8184 bytes
  • Hier mijn combofix log. Misschien dat iemand hierop kan reageren? Het heeft wat verwijderd. Wat moet ik verder doen. Hoe verwijder ik alle sporen van combofix. Ook nog een HJT log. ComboFix 09-03-06.02 - Fokje 2009-03-10 9:52:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.447.100 [GMT 1:00] Gestart vanuit: c:\documents and settings\Fokje\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090309-0] *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\doc.exe c:\documents and settings\Fokje\Favorieten\Videos.url c:\documents and settings\Fokje\Menu Start\Programma's\Videos.url c:\windows\Downloaded Program Files\Cache c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\IQqBIkkj.ini c:\windows\system32\lkUENqru.ini c:\windows\system32\mSBJQXyb.ini c:\windows\system32\OqqqBcfe.ini c:\windows\system32\RAKTvGgh.ini . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))) . 2009-03-10 09:50 . 2009-03-10 09:51 <DIR> d-------- C:\32788R22FWJFW 2009-03-10 00:22 . 2009-03-10 00:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-06 13:48 . 2009-03-10 09:24 <DIR> dr-h----- c:\documents and settings\Fokje\Onlangs geopend 2009-03-06 12:51 . 2009-03-06 12:51 <DIR> d-------- c:\program files\RegCure 2009-03-04 18:55 . 2009-03-04 19:02 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner 2009-03-04 17:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl 2009-03-04 08:31 . 2008-05-24 12:39 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-03-03 19:58 . 2009-03-09 23:14 <DIR> d-------- C:\Nieuwe map 2009-03-03 00:40 . 2009-03-03 00:40 268 --ah----- C:\sqmdata18.sqm 2009-03-03 00:40 . 2009-03-03 00:40 244 --ah----- C:\sqmnoopt18.sqm 2009-03-02 23:42 . 2009-03-02 23:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-02 21:23 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat 2009-03-02 18:15 . 2009-03-02 18:15 210 --a------ c:\windows\system32\spupdsvc.inf 2009-03-02 18:14 . 2009-03-02 18:15 <DIR> d-------- C:\e8faca6b33bb42d7ab 2009-03-02 18:13 . 2009-03-02 20:06 <DIR> d-------- c:\windows\SxsCaPendDel 2009-03-02 01:43 . 2009-03-04 13:59 1,480 --a------ c:\windows\wininit.ini 2009-02-20 21:22 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2009-02-20 21:22 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2009-02-20 21:22 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2009-02-20 21:22 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll 2009-02-20 21:22 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2009-02-20 21:22 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2009-02-20 21:22 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll 2009-02-20 21:22 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2009-02-20 21:22 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2009-02-20 21:22 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll 2009-02-20 21:20 . 2009-02-20 21:20 <DIR> d-------- c:\windows\Logs 2009-02-20 21:19 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll 2009-02-20 21:19 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll 2009-02-20 21:19 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll 2009-02-20 21:18 . 2009-02-20 21:18 <DIR> d-------- c:\windows\system32\xlive 2009-02-20 21:18 . 2009-02-20 21:18 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2009-02-17 20:42 . 2009-02-21 19:35 <DIR> d-------- c:\documents and settings\Fokje\Application Data\Ubisoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-06 10:20 --------- d-----w c:\documents and settings\Fokje\Application Data\DNA 2009-03-06 09:56 --------- d-----w c:\program files\DNA 2009-03-05 23:40 --------- d-----w c:\documents and settings\Fokje\Application Data\BitTorrent 2009-03-04 15:35 --------- d-----w c:\program files\MagicISO 2009-03-04 15:13 --------- d-----w c:\program files\Lavasoft 2009-03-04 13:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-04 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-04 13:49 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 13:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-03 20:25 --------- d-----w c:\program files\Java 2009-03-03 19:56 --------- d-----w c:\documents and settings\Fokje\Application Data\AdobeUM 2009-03-03 08:57 --------- d-----w c:\program files\Windows Live Safety Center 2009-03-02 23:33 --------- d-----w c:\program files\MSN Messenger 2009-03-02 22:43 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-01 23:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-01 23:04 --------- d-----w c:\program files\CCleaner 2009-02-28 20:35 --------- d-----w c:\program files\Holdem Indicator2 2009-02-28 19:36 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-17 19:37 --------- d-----w c:\program files\Games 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-18 13:06 --------- d-----w c:\program files\EA SPORTS 2008-06-22 10:05 1,780,696 -c--a-w c:\documents and settings\Fokje\gunfight_1.1.0.exe 2008-03-05 13:18 0 -c--a-w c:\program files\temp01 2002-11-19 23:26 7,057,408 -c--a-w c:\program files\shadow.exe 2008-05-23 13:46 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008052320080524\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2006-11-25 888930] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm "VIDC.ZMBV"= zmbv.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\Holdem Indicator2\\HoldemIndicator.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);c:\windows\system32\drivers\pe3akt6c.sys [2007-07-24 64648] R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);c:\windows\system32\drivers\pf2akt6c.sys [2007-07-24 83592] R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);c:\windows\system32\drivers\ps6akt6c.sys [2007-07-24 68752] R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);c:\windows\system32\drivers\ps7akt6c.sys [2007-09-28 68752] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-23 114768] R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2007-02-22 99840] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-23 20560] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);c:\windows\system32\pr2akt6c.exe svc --> c:\windows\system32\pr2akt6c.exe svc [?] S3 cel90xbe;cel90xbe;\??\c:\docume~1\Fokje\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\Fokje\LOCALS~1\Temp\cel90xbe.sys [?] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-11-25 17149] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2006-11-25 346432] S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?] . Inhoud van de 'Gedeelde Taken' map 2009-03-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-03-10 c:\windows\Tasks\PC instellen.job - c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03] 2009-03-10 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 18:58] 2009-03-06 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 18:58] . - - - - ORPHANS VERWIJDERD - - - - Notify-hgGwTnOI - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Fokje\Application Data\Mozilla\Firefox\Profiles\jioi6pxd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=null&gct=&gc=1&q= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Peter\Application Data\Tenderfoot Games\Gunfighter\npTFGLaunchPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 10:00:10 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]2\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]00 [%\[u:50cbf09b66]0[/u:50cbf09b66]0«Ô‘|\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]03\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0\[u:50cbf09b66]0[/u:50cbf09b66]0+\[u:50cbf09b66]0[/u:50cbf09b66]3pè\13\[u:50cbf09b66]0[/u:50cbf09b66]0pè\13\[u:50cbf09b66]0[/u:50cbf09b66]0\18î" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7a,57,54,4c,c0,8c,1e,d9,17,13,fc,88,cf,83,7e,12,fc,35,14,4f,b0,72,06, 89,b9,58,43,53,da,6d,ed,fc,61,9f,d2,a9,9f,90,40,8b,ad,87,6b,a5,16,d3,8b,83,\ "??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5 [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\SecuROM\License information*] "datasecu"=hex:37,df,1c,d9,22,db,e1,ba,b6,ce,c1,94,95,51,2b,c8,ab,ca,1d,b5,54, fd,79,42,56,68,68,8e,4f,27,b1,0f,81,c9,7b,f4,79,a9,1a,97,56,7c,f6,79,4a,d6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Voltooingstijd: 2009-03-10 10:08:12 - machine werd herstart ComboFix-quarantined-files.txt 2009-03-10 09:08:04 Pre-Run: 40.716.759.040 bytes beschikbaar Post-Run: 40,596,000,768 bytes beschikbaar Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 228 --- E O F --- 2009-03-06 00:03:00 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:09:26, on 10-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Nieuwe map\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: hgGwTnOI - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8135 bytes
  • Download [url=http://www.besttechie.net/mbam/mbam-setup.exe][b:aeab0666e1][color=red:aeab0666e1]MalwareBytes' Anti-Malware[/color:aeab0666e1][/b:aeab0666e1][/url] en sla het op je bureaublad op. Dubbelklik op [b:aeab0666e1]mbam-setup.exe[/b:aeab0666e1] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:aeab0666e1] [*:aeab0666e1]Update MalwareBytes' Anti-Malware [*:aeab0666e1]Start MalwareBytes' Anti-Malware [/list:u:aeab0666e1]Klik daarna op "[b:aeab0666e1]Voltooien[/b:aeab0666e1]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:aeab0666e1] [*:aeab0666e1]Zodra het programma gestart is, ga dan naar het tabblad "[b:aeab0666e1]Instellingen[/b:aeab0666e1]". [*:aeab0666e1]Vink hier aan: "[b:aeab0666e1]Sluit Internet Explorer tijdens verwijdering van malware[/b:aeab0666e1]". [*:aeab0666e1]Ga daarna naar het tabblad "[b:aeab0666e1]Scanner[/b:aeab0666e1]", kies hier voor "[b:aeab0666e1]Snelle Scan[/b:aeab0666e1]". [*:aeab0666e1]Druk vervolgens op "[b:aeab0666e1]Scannen[/b:aeab0666e1]" om de scan te starten. [*:aeab0666e1]Het scannen kan een tijdje duren, dus wees geduldig. [*:aeab0666e1]Wanneer de scan voltooid is, klik op [b:aeab0666e1]OK[/b:aeab0666e1], daarna "[b:aeab0666e1]Bekijk Resultaten[/b:aeab0666e1]" om de resultaten te zien. [*:aeab0666e1]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:aeab0666e1]Verwijder geselecteerde[/b:aeab0666e1]". [*:aeab0666e1]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:aeab0666e1]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:aeab0666e1]Logs[/b:aeab0666e1]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis.
  • Bedankt voor de reactie. Hierbij de gevraagde logs Malwarebytes' Anti-Malware 1.34 Database versie: 1837 Windows 5.1.2600 Service Pack 3 11-3-2009 22:21:29 mbam-log-2009-03-11 (22-21-29).txt Scan type: Snelle Scan Objecten gescand: 70687 Verstreken tijd: 5 minute(s), 19 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:18, on 11-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Nieuwe map\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: hgGwTnOI - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8135 bytes
  • Bij het doorkijken van oude Mbam logs zie ik dat er toch sprake geweest is van een infectie. Kan die nu nog traagheid veroorzaken. Ben Hierbij de oude mbam log Malwarebytes' Anti-Malware 1.34 Database versie: 1813 Windows 5.1.2600 Service Pack 3 2-3-2009 0:16:36 mbam-log-2009-03-02 (00-16-36).txt Scan type: Snelle Scan Objecten gescand: 79708 Verstreken tijd: 6 minute(s), 1 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:c79aaafe12][b:c79aaafe12][color=blue:c79aaafe12] File:: c:\windows\wininit.ini Folder:: c:\program files\temp01 C:\32788R22FWJFW C:\e8faca6b33bb42d7ab Driver:: cel90xbe [/color:c79aaafe12][/b:c79aaafe12][/list:u:c79aaafe12]Sla dit op op je Bureaublad als [b:c79aaafe12]CFScript.txt[/b:c79aaafe12] Sleep [b:c79aaafe12]CFScript.txt[/b:c79aaafe12] in [b:c79aaafe12]ComboFix.exe[/b:c79aaafe12] zoals getoond in onderstaand voorbeeld : [img:c79aaafe12]http://home.hetnet.nl/~stefsmeenk/CFScript.gif[/img:c79aaafe12] Dit zal [b:c79aaafe12]ComboFix[/b:c79aaafe12] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:c79aaafe12]Combofix.txt[/b:c79aaafe12] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hierbij het logje. Combofix vroeg wel akkoord te gaan met een update, hetgeen ik gedaan heb. ComboFix 09-03-10.03 - Fokje 2009-03-12 8:51:28.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.447.78 [GMT 1:00] Gestart vanuit: c:\documents and settings\Fokje\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Fokje\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\wininit.ini . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\e8faca6b33bb42d7ab c:\e8faca6b33bb42d7ab\amd64\filterpipelineprintproc.dll c:\e8faca6b33bb42d7ab\amd64\msxpsdrv.cat c:\e8faca6b33bb42d7ab\amd64\msxpsdrv.inf c:\e8faca6b33bb42d7ab\amd64\msxpsinc.gpd c:\e8faca6b33bb42d7ab\amd64\msxpsinc.ppd c:\e8faca6b33bb42d7ab\amd64\mxdwdrv.dll c:\e8faca6b33bb42d7ab\amd64\xpssvcs.dll c:\e8faca6b33bb42d7ab\i386\filterpipelineprintproc.dll c:\e8faca6b33bb42d7ab\i386\msxpsdrv.cat c:\e8faca6b33bb42d7ab\i386\msxpsdrv.inf c:\e8faca6b33bb42d7ab\i386\msxpsinc.gpd c:\e8faca6b33bb42d7ab\i386\msxpsinc.ppd c:\e8faca6b33bb42d7ab\i386\mxdwdrv.dll c:\e8faca6b33bb42d7ab\i386\xpssvcs.dll c:\program files\temp01\ c:\windows\wininit.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CEL90XBE -------\Service_cel90xbe (((((((((((((((((((( Bestanden Gemaakt van 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))) . 2009-03-11 22:42 . 2009-03-12 08:47 <DIR> dr-h----- c:\documents and settings\Fokje\Onlangs geopend 2009-03-11 11:02 . 2009-03-11 11:04 <DIR> d-------- c:\windows\system32\NtmsData 2009-03-10 16:44 . 2009-03-10 16:44 <DIR> d-------- c:\program files\Alwil Software 2009-03-10 15:42 . 2009-03-10 15:42 <DIR> d-------- c:\program files\Seagate 2009-03-10 13:28 . 2009-03-10 13:13 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-10 13:14 . 2009-03-10 13:13 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-10 13:10 . 2009-03-10 13:10 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-10 00:22 . 2009-03-10 00:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-06 12:51 . 2009-03-06 12:51 <DIR> d-------- c:\program files\RegCure 2009-03-04 18:55 . 2009-03-04 19:02 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner 2009-03-04 17:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl 2009-03-04 08:31 . 2008-05-24 12:39 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-03-03 19:58 . 2009-03-11 22:25 <DIR> d-------- C:\Nieuwe map 2009-03-03 00:40 . 2009-03-03 00:40 268 --ah----- C:\sqmdata18.sqm 2009-03-03 00:40 . 2009-03-03 00:40 244 --ah----- C:\sqmnoopt18.sqm 2009-03-02 23:42 . 2009-03-02 23:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-02 21:23 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\dllcache\ntprint.cat 2009-03-02 18:13 . 2009-03-02 20:06 <DIR> d-------- c:\windows\SxsCaPendDel 2009-02-20 21:22 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2009-02-20 21:22 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2009-02-20 21:22 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2009-02-20 21:22 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll 2009-02-20 21:22 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2009-02-20 21:22 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2009-02-20 21:22 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll 2009-02-20 21:22 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2009-02-20 21:22 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2009-02-20 21:22 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll 2009-02-20 21:20 . 2009-02-20 21:20 <DIR> d-------- c:\windows\Logs 2009-02-20 21:19 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll 2009-02-20 21:19 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll 2009-02-20 21:19 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll 2009-02-20 21:18 . 2009-02-20 21:18 <DIR> d-------- c:\windows\system32\xlive 2009-02-20 21:18 . 2009-02-20 21:18 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2009-02-17 20:42 . 2009-02-21 19:35 <DIR> d-------- c:\documents and settings\Fokje\Application Data\Ubisoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-11 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-10 12:10 --------- d-----w c:\program files\Lavasoft 2009-03-10 12:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-10 10:39 --------- d-----w c:\documents and settings\Fokje\Application Data\BitTorrent 2009-03-06 10:20 --------- d-----w c:\documents and settings\Fokje\Application Data\DNA 2009-03-06 09:56 --------- d-----w c:\program files\DNA 2009-03-04 15:35 --------- d-----w c:\program files\MagicISO 2009-03-04 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-04 13:49 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-03 20:25 --------- d-----w c:\program files\Java 2009-03-03 19:56 --------- d-----w c:\documents and settings\Fokje\Application Data\AdobeUM 2009-03-03 08:57 --------- d-----w c:\program files\Windows Live Safety Center 2009-03-02 23:33 --------- d-----w c:\program files\MSN Messenger 2009-03-02 22:43 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-01 23:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-01 23:04 --------- d-----w c:\program files\CCleaner 2009-02-28 20:35 --------- d-----w c:\program files\Holdem Indicator2 2009-02-28 19:36 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-17 19:37 --------- d-----w c:\program files\Games 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-18 13:06 --------- d-----w c:\program files\EA SPORTS 2008-06-22 10:05 1,780,696 -c--a-w c:\documents and settings\Fokje\gunfight_1.1.0.exe 2008-03-05 13:18 0 -c--a-w c:\program files\temp01 2002-11-19 23:26 7,057,408 -c--a-w c:\program files\shadow.exe 2008-05-23 13:46 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008052320080524\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-10 515416] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2006-11-25 888930] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwTnOI] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm "VIDC.ZMBV"= zmbv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "RTHDCPL"=RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\Holdem Indicator2\\HoldemIndicator.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-10 64160] R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);c:\windows\system32\drivers\pe3akt6c.sys [2007-07-24 64648] R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);c:\windows\system32\drivers\pf2akt6c.sys [2007-07-24 83592] R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);c:\windows\system32\drivers\ps6akt6c.sys [2007-07-24 68752] R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);c:\windows\system32\drivers\ps7akt6c.sys [2007-09-28 68752] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-10 114768] R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2007-02-22 99840] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-10 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-11-25 17149] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2006-11-25 346432] S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - PolicyAgent *Deregistered* - pr2akt6c *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UleadBurningHelper *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WudfSvc . Inhoud van de 'Gedeelde Taken' map 2009-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-10 13:12] 2009-03-12 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-03-12 c:\windows\Tasks\PC instellen.job - c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03] 2009-03-12 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 18:58] 2009-03-06 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 18:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.dufpy.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Fokje\Application Data\Mozilla\Firefox\Profiles\jioi6pxd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=null&gct=&gc=1&q= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 08:59:55 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]2\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]00 [%\[u:beb767bc8a]0[/u:beb767bc8a]0«Ô‘|\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]03\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0\[u:beb767bc8a]0[/u:beb767bc8a]0+\[u:beb767bc8a]0[/u:beb767bc8a]3pè\13\[u:beb767bc8a]0[/u:beb767bc8a]0pè\13\[u:beb767bc8a]0[/u:beb767bc8a]0\18î" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7a,57,54,4c,c0,8c,1e,d9,17,13,fc,88,cf,83,7e,12,fc,35,14,4f,b0,72,06, 89,b9,58,43,53,da,6d,ed,fc,61,9f,d2,a9,9f,90,40,8b,ad,87,6b,a5,16,d3,8b,83,\ "??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5 [HKEY_USERS\S-1-5-21-3935045815-3983984709-2466839632-1006\Software\SecuROM\License information*] "datasecu"=hex:37,df,1c,d9,22,db,e1,ba,b6,ce,c1,94,95,51,2b,c8,ab,ca,1d,b5,54, fd,79,42,56,68,68,8e,4f,27,b1,0f,81,c9,7b,f4,79,a9,1a,97,56,7c,f6,79,4a,d6,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Windows Defender\MsMpEng.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Voltooingstijd: 2009-03-12 9:09:21 - machine werd herstart ComboFix-quarantined-files.txt 2009-03-12 08:09:14 ComboFix2.txt 2009-03-10 09:08:14 Pre-Run: 40.306.384.896 bytes beschikbaar Post-Run: 40,280,268,800 bytes beschikbaar Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 274 --- E O F --- 2009-03-11 21:03:22
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:25, on 12-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Nieuwe map\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: hgGwTnOI - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8134 bytes
  • Download [url= http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe]OTMoveIt3[/url] (by OldTimer) naar je Bureaublad. * Dubbelklik op OTMoveIt3.exe om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst : [code:1:3d4785cd64] :Processes :Services :Reg :Files c:\program files\temp01 :Commands [purity] [emptytemp] [start explorer] [Reboot] [/code:1:3d4785cd64] * Plak de gekopiëerde tekst (druk Ctrl-V) in het [b:3d4785cd64]"Paste List of Files/Folders to be moved"[/b:3d4785cd64] venster * Klik op de rode [b:3d4785cd64][color=red:3d4785cd64]MoveIt![/b:3d4785cd64][/color:3d4785cd64] knop * [b:3d4785cd64]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,[/b:3d4785cd64] (of het logje dat je terugvindt als [b:3d4785cd64]C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).[/b:3d4785cd64] * Sluit [b:3d4785cd64]OTMoveIt3[/b:3d4785cd64] Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:3d4785cd64]Ja/Yes.[/b:3d4785cd64] Post daarna een nieuw logje van HijackThis.
  • ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\program files\temp01 moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_570.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_Gfg29dGvmz0Qxik scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03122009_102842 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_570.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat not found! File C:\WINDOWS\temp\sqlite_Gfg29dGvmz0Qxik not found! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:15, on 12-3-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Nieuwe map\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: hgGwTnOI - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8192 bytes
  • Beter Nu>?
  • Veel sneller ( 1.05 min) komt nu het bureaublad met iconen en div icontjes rechtsonderin (systeembalk?). Maar dan laat het internet-icon en ad-aware icon lang op zich wachten om uiteindelijk na 4.30 min te verschijnen. Tussentijds verswchiojnt er gedurende enkele seconden ook een beveiligings-icon-melding dat de firewall niet is ingeschakeld.
  • Na 8 min gebruikt svhost 100% cpu gedurende 15 sec. Pas na 10 minuten is het cpu verbruik 0% na lang tussen de 30% tot 100% te zitten. AAWservice gebruikt daarbij ook regelmatig CPU. Moet ik van de gebruikte programma's nog wat verwijderen?
  • aawservice.exe is a Ad-Aware 2007 Service\r from Lavasoft AB\r belonging to Ad-Aware 2007 Service\r verwijder ad-aware een helemaal en kijk dan eens hoe het gaat.
  • Het internet icontje komt nu na 2.35 min. Best goed toch. Overigens was het ad-aware free Anniversary Edition, de nieuwste versie! Heb nu spybot resident beveiliging weer aangezet. Moet ik nog iets verwijderen van de gebruikte programma's of nog iets uitproberen? Zoniet, dan heel veel dank voor de uitstekende hulp.
  • als alles nu goed gaat kan je alle gebruikte tools enzo verwijderen.
  • Tja, alles goed.. Volgens mij ging het voorheen sneller, maar heb nooit zo de tijd erbij gehouden. Maar als ik bijv. nu met rechts op de startknop druk om naar verkenner te gaan, duurt het de eerste keer rond 10 sec voordat het menu openspringt. Dat hoort toch niet. Ook wanneer ik firefox start duurt het 20 sec voordat de browser is geopend. Allemaal wat traag. Dus als u nog ideeen heeft, graag.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.