Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Pc weer erg traag

pimvandenderen
10 antwoorden
  • me pc doet weer raar
    heb msconfig ook gebruikt
    opent internet paginas laat
    [gebruik atf cleaner+ ccleaner]
    en verwijder internet bestanden af en toe
    na het opstarten weer 5 min wachten totdat ie bij is

    k heb een logje gemaakt
    k hoop dat het daaraan ligt wat jullie vinden
    alvast erg bedankt



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:10:58, on 3-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Steam\Steam.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYNL
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 7292 bytes

    heb al 1tje gezien denk ik:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)











  • Ga naar Start -> Configuratiescherm -> Software en verwijder daar, indien aanwezig
    [b:e75846e32e]
    My Web Search
    My Web Speedbar
    WebSearch Tools
    Search Assistant - My Way
    [/b:e75846e32e]

    Herstart vervolgens je PC.

    Download [b:e75846e32e]Combofix[/b:e75846e32e] naar je [b:e75846e32e]bureaublad[/b:e75846e32e]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:e75846e32e]download Combofix opnieuw[/b:e75846e32e]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:e75846e32e]combofix.exe[/u:e75846e32e]
    Kies voor "Continue" door [b:e75846e32e]1[/b:e75846e32e] te typen gevolgd door [b:e75846e32e]ENTER[/b:e75846e32e].
    Tijdens het runnen van de fix, [b:e75846e32e]NIET[/b:e75846e32e] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:e75846e32e]combofix.txt[/b:e75846e32e] openen.
    [i:e75846e32e]Plaats in je volgende antwoord het logje van combofix (combofix.txt[/i:e75846e32e]) tesamen met een vers Hijackthis log.

    Succes!

    Pim
  • combofix:



    ComboFix 07-12-02.6 - Sadik 2007-12-03 20:18:28.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.736 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\[u:4b7dcd3adb]0[/u:4b7dcd3adb]0448A24.dat
    C:\Program Files\internet explorer\msimg32.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))
    .

    2007-12-03 20:13 . 2007-12-01 02:22 381,012 –a—— C:\Program Files\Uninstall Fun Web Products.dll
    2007-12-03 17:10 . 2007-12-03 17:10 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-03 17:10 . 2007-12-03 17:10 <DIR> dr-h—– C:\Documents and Settings\Sadik\Onlangs geopend
    2007-12-02 20:27 . 2007-12-02 20:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SimCity Societies
    2007-12-02 18:12 . 2007-12-02 18:12 <DIR> d——– C:\WINDOWS\Sun
    2007-12-02 15:49 . 2007-12-02 15:49 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
    2007-12-02 15:49 . 2007-12-02 15:49 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
    2007-12-02 14:54 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-12-02 14:48 . 2007-12-02 14:48 <DIR> d——– C:\WINDOWS\system32\Futuremark
    2007-12-02 14:48 . 2004-10-25 20:02 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
    2007-12-02 14:48 . 1999-11-02 10:01 6,173 –a—— C:\WINDOWS\system32\drivers\Entech.vxd
    2007-12-02 14:48 . 2004-06-22 15:44 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
    2007-12-02 14:48 . 2001-11-19 19:05 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
    2007-12-02 02:20 . 2007-12-03 09:46 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2007-12-02 02:20 . 2007-12-02 02:20 1,409 –a—— C:\WINDOWS\QTFont.for
    2007-11-29 20:39 . 2007-12-02 19:08 <DIR> d——– C:\Program Files\GameSpy Arcade
    2007-11-29 17:09 . 2007-12-02 01:31 69 –a—— C:\WINDOWS\NeroDigital.ini
    2007-11-28 22:20 . 2007-11-28 22:20 395 –a—— C:\WINDOWS\ODBC.INI
    2007-11-28 22:15 . 2007-11-28 22:19 <DIR> d——– C:\WINDOWS\ShellNew
    2007-11-28 21:39 . 2007-11-28 21:39 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\InstallShield
    2007-11-27 23:25 . 2007-12-02 22:55 <DIR> d——– C:\Program Files\DivX
    2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d——– C:\Program Files\SAGEM
    2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Ahead
    2007-11-27 19:12 . 2001-07-09 10:50 155,648 –a—— C:\WINDOWS\system32\NeroCheck.exe
    2007-11-27 19:12 . 2000-06-26 10:45 106,496 –a—— C:\WINDOWS\system32\TwnLib20.dll
    2007-11-27 18:50 . 2007-11-27 18:53 <DIR> d——– C:\Program Files\SopCast
    2007-11-27 18:49 . 2007-11-27 18:49 <DIR> d——– C:\Program Files\Live_TV
    2007-11-27 18:22 . 2007-11-27 18:22 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Nero
    2007-11-27 18:19 . 2007-11-27 18:21 <DIR> d——– C:\Program Files\Common Files\Nero
    2007-11-27 18:19 . 2007-11-27 18:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-26 17:54 . 2007-11-26 17:54 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Program Files\QuickTime
    2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
    2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Program Files\Apple Software Update
    2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-25 10:14 . 2007-12-01 02:15 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-25 10:14 . 2007-11-29 22:00 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-25 10:14 . 2007-12-01 02:15 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-25 10:13 . 2007-11-25 10:13 <DIR> dr-h—– C:\Documents and Settings\Sadik\Application Data\SecuROM
    2007-11-25 10:13 . 2007-11-25 10:13 107,888 –a—— C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-25 09:51 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-11-25 09:51 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
    2007-11-25 09:51 . 2007-06-20 20:46 266,088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
    2007-11-25 09:51 . 2007-06-20 20:45 18,280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
    2007-11-25 09:50 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-11-25 09:50 . 2007-03-12 16:42 3,495,784 –a—— C:\WINDOWS\system32\d3dx9_33.dll
    2007-11-25 09:50 . 2007-03-12 16:42 1,123,696 –a—— C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-11-25 09:50 . 2007-03-15 16:57 443,752 –a—— C:\WINDOWS\system32\d3dx10_33.dll
    2007-11-25 09:50 . 2007-04-04 18:55 261,480 –a—— C:\WINDOWS\system32\xactengine2_7.dll
    2007-11-25 09:50 . 2007-01-24 15:27 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
    2007-11-25 09:50 . 2007-04-04 18:53 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-11-25 09:50 . 2007-03-05 12:42 15,128 –a—— C:\WINDOWS\system32\x3daudio1_1.dll
    2007-11-24 15:26 . 2007-11-24 15:25 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-11-24 15:26 . 2007-11-24 15:25 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-11-24 15:21 . 2007-07-30 19:19 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-11-24 15:21 . 2007-07-30 19:18 30,072 –a—— C:\WINDOWS\system32\mucltui.dll.mui
    2007-11-24 15:19 . 2007-11-24 15:21 10 –a—— C:\WINDOWS\system32\amonl.ini
    2007-11-24 15:18 . 2002-06-17 01:23 49,152 –a—— C:\WINDOWS\system32
    od32ccl.exe
    2007-11-24 15:18 . 2002-06-17 01:25 12 –a—— C:\WINDOWS\system32
    od32ccl.ini
    2007-11-24 15:18 . 2007-11-24 15:22 10 –a—— C:\WINDOWS\system32\NOD32l.ini
    2007-11-24 15:16 . 2007-11-24 15:25 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-11-24 15:13 . 2007-11-24 15:13 <DIR> d——– C:\Program Files\Windows Journal Viewer
    2007-11-24 14:45 . 2007-11-24 14:45 306 –a—— C:\WINDOWS\system32\F8173910295B45b6A356920934C845A3.ini
    2007-11-24 14:44 . 2007-11-24 14:44 25,714,688 –a—— C:\WINDOWS\system32\Helikopterden_istanbul.scr
    2007-11-24 12:35 . 2007-11-24 12:35 253,952 ——— C:\WINDOWS\Setup1.exe
    2007-11-24 12:35 . 2007-11-24 12:35 74,752 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-11-24 12:16 . 2007-11-24 12:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SRS Labs
    2007-11-24 12:15 . 2007-11-24 12:15 <DIR> d——– C:\Program Files\SRS Labs
    2007-11-24 12:15 . 2007-05-03 10:27 47,360 -ra—— C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 46,592 -ra—— C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:28 39,552 -ra—— C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 37,248 -ra—— C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 32,000 -ra—— C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
    2007-11-24 11:54 . 2007-11-24 11:54 3,861,830 –a—— C:\WINDOWS\system32\Kagaya.edm
    2007-11-24 11:54 . 2007-11-24 11:54 1,232,166 –a—— C:\WINDOWS\system32\jackasslayer.wav
    2007-11-24 11:54 . 2007-11-24 11:54 361,984 –a—— C:\WINDOWS\system32\Kagaya.scr
    2007-11-24 11:46 . 2007-12-02 18:29 <DIR> d——– C:\Program Files\SpeedFan
    2007-11-24 11:46 . 2007-11-24 11:46 45 –a—— C:\WINDOWS\system32\initdebug.nfo
    2007-11-24 11:39 . 2007-11-24 11:39 <DIR> d——– C:\Program Files\uTorrent
    2007-11-24 11:39 . 2007-12-02 20:17 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\uTorrent
    2007-11-24 11:35 . 2007-11-24 11:35 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
    2007-11-24 11:33 . 2007-12-01 02:25 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
    2007-11-24 02:13 . 2004-08-04 09:03 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2007-11-24 02:09 . 2006-08-21 10:14 128,896 —–c— C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-11-24 02:09 . 2006-08-21 10:14 23,040 —–c— C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-11-24 02:09 . 2006-08-21 13:28 16,896 —–c— C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-11-24 02:07 . 2007-11-24 02:07 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-11-24 02:03 . 2007-11-24 02:03 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Lavasoft
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-24 01:58 . 2007-08-20 11:02 6,058,496 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-11-24 01:58 . 2007-04-17 10:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-11-24 01:58 . 2007-03-08 06:11 1,032,192 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-11-24 01:58 . 2007-08-20 11:02 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-11-24 01:58 . 2007-08-20 11:02 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-11-24 01:58 . 2007-08-20 11:02 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-11-24 01:58 . 2007-08-20 11:02 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
    2007-11-24 01:58 . 2007-08-20 11:02 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-02 14:47 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-12-01 11:16 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-25 18:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-24 01:01 9,344 —-a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-11-24 01:01 8,320 —-a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-11-23 18:20 ——— d—–w C:\Program Files\MP3 Player Utilities 3.13
    2007-11-23 18:17 ——— d—–w C:\Program Files\NVIDIA Corporation
    2007-11-23 18:13 ——— d—–w C:\Documents and Settings\Sadik\Application Data\Teleca
    2007-11-23 18:11 ——— d—–w C:\Program Files\Disc2Phone
    2007-11-23 18:01 ——— d—–w C:\Program Files\Sony Ericsson
    2007-11-23 18:01 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
    2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-11-23 18:00 6,176 —-a-w C:\WINDOWS\system32\drivers\w810cm.sys
    2007-11-23 18:00 5,808 —-a-w C:\WINDOWS\system32\drivers\w810wh.sys
    2007-11-23 17:57 ——— d—–w C:\Program Files\LRC Editor 4
    2007-11-23 17:51 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-11-23 17:51 ——— d—–w C:\Program Files\ASUS
    2007-11-23 17:48 ——— d—–w C:\Program Files\Marvell
    2007-11-23 17:45 ——— d—–w C:\Program Files\Realtek
    2007-11-23 17:43 ——— d—–w C:\Program Files\Intel
    2007-11-23 17:38 ——— d—–w C:\Program Files\microsoft frontpage
    2007-10-23 13:20 972,072 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-10-22 07:51 972,072 —-a-w C:\WINDOWS\UNRecode.exe
    2007-10-20 00:56 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-10-20 00:56 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-10-20 00:56 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-10-04 16:14 6,854,464 —-a-w C:\WINDOWS\system32\drivers
    v4_mini.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" [2007-07-03 12:32]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "Steam"="D:\Steam\Steam.exe" [2007-11-30 14:33]
    "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-24 12:16]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-11-24 15:25]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:03]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-25 18:47:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-03 20:21:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-03 20:23:35 - machine was rebooted
    .
    — E O F —


    hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:30:28, on 3-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset
    od32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Steam\Steam.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6190 bytes




















  • Start Hijackthis, kies voor [i:505b727419]'Do a system scan only'[/i:505b727419] en vink onderstaande regels aan:
    [b:505b727419]
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:505b727419]

    Sluit nu [u:505b727419]alle[/u:505b727419] openstaande vensters, behalve Hijackthis en klik op [b:505b727419]Fix Checked[/b:505b727419].


    Verwijder onderstaand bestand:
    C:\Program Files\[b:505b727419]Uninstall Fun Web Products.dll[/b:505b727419]

    En onderstaande map, indien nog aanwezig:
    C:\Program Files\[b:505b727419]MyWebSearch[/b:505b727419]

    Hoe is het met je problemen?

    Pim
  • zie al verbeteringen komen
    hij vliegt weer
    erg bedankt he :wink:

    prettige dag verder…



    Respectl \/
    l <||||
    l |||
    l |||
  • kan nu weer normaal internette :D :D
  • Graag gedaan :)

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:fb26764640]combofix /u[/b:fb26764640]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim
  • oww bedankt voor die tip

    maar uh
    heb dat getypt
    hij kan het pad niet vinden
    had hem vewijderd vanaf me bureaublad
    erg??
  • Controleer even ofdat je het het goed hebt overgetypt.
    Het is niet erg als je hem hebt verwijderd, maar verwijder onderstaande map ook nog even:
    C:\[b:a6f72d83d8]qoobox[/b:a6f72d83d8]

    Pim
  • alles verwijderd die ook ernaast waren
    logjes enzz.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.