Vraag & Antwoord

Beveiliging & privacy

Pc weer erg traag

Anoniem
pimvandenderen
10 antwoorden
 • me pc doet weer raar
  heb msconfig ook gebruikt
  opent internet paginas laat
  [gebruik atf cleaner+ ccleaner]
  en verwijder internet bestanden af en toe
  na het opstarten weer 5 min wachten totdat ie bij is

  k heb een logje gemaakt
  k hoop dat het daaraan ligt wat jullie vinden
  alvast erg bedankt  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:10:58, on 3-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Eset
  od32kui.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
  D:\Steam\Steam.exe
  C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  C:\Program Files\Eset
  od32krn.exe
  C:\Program Files\NVIDIA Corporation
  Tune
  TuneService.exe
  C:\WINDOWS\System32
  vsvc32.exe
  C:\WINDOWS\system32\PnkBstrB.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
  od32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
  Tune
  TuneCmd.exe" clear
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
  O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYNL
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
  od32krn.exe
  O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
  Tune
  TuneService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
  vsvc32.exe
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


  End of file - 7292 bytes

  heb al 1tje gezien denk ik:
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) • Ga naar Start -> Configuratiescherm -> Software en verwijder daar, indien aanwezig
  [b:e75846e32e]
  My Web Search
  My Web Speedbar
  WebSearch Tools
  Search Assistant - My Way
  [/b:e75846e32e]

  Herstart vervolgens je PC.

  Download [b:e75846e32e]Combofix[/b:e75846e32e] naar je [b:e75846e32e]bureaublad[/b:e75846e32e]

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:e75846e32e]download Combofix opnieuw[/b:e75846e32e]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  Dubbelklik op [u:e75846e32e]combofix.exe[/u:e75846e32e]
  Kies voor "Continue" door [b:e75846e32e]1[/b:e75846e32e] te typen gevolgd door [b:e75846e32e]ENTER[/b:e75846e32e].
  Tijdens het runnen van de fix, [b:e75846e32e]NIET[/b:e75846e32e] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:e75846e32e]combofix.txt[/b:e75846e32e] openen.
  [i:e75846e32e]Plaats in je volgende antwoord het logje van combofix (combofix.txt[/i:e75846e32e]) tesamen met een vers Hijackthis log.

  Succes!

  Pim
 • combofix:  ComboFix 07-12-02.6 - Sadik 2007-12-03 20:18:28.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.736 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\Program Files\FunWebProducts
  C:\Program Files\FunWebProducts\Shared\[u:4b7dcd3adb]0[/u:4b7dcd3adb]0448A24.dat
  C:\Program Files\internet explorer\msimg32.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))
  .

  2007-12-03 20:13 . 2007-12-01 02:22 381,012 –a—— C:\Program Files\Uninstall Fun Web Products.dll
  2007-12-03 17:10 . 2007-12-03 17:10 <DIR> d——– C:\Program Files\Trend Micro
  2007-12-03 17:10 . 2007-12-03 17:10 <DIR> dr-h—– C:\Documents and Settings\Sadik\Onlangs geopend
  2007-12-02 20:27 . 2007-12-02 20:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SimCity Societies
  2007-12-02 18:12 . 2007-12-02 18:12 <DIR> d——– C:\WINDOWS\Sun
  2007-12-02 15:49 . 2007-12-02 15:49 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
  2007-12-02 15:49 . 2007-12-02 15:49 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
  2007-12-02 14:54 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
  2007-12-02 14:48 . 2007-12-02 14:48 <DIR> d——– C:\WINDOWS\system32\Futuremark
  2007-12-02 14:48 . 2004-10-25 20:02 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
  2007-12-02 14:48 . 1999-11-02 10:01 6,173 –a—— C:\WINDOWS\system32\drivers\Entech.vxd
  2007-12-02 14:48 . 2004-06-22 15:44 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
  2007-12-02 14:48 . 2001-11-19 19:05 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
  2007-12-02 02:20 . 2007-12-03 09:46 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2007-12-02 02:20 . 2007-12-02 02:20 1,409 –a—— C:\WINDOWS\QTFont.for
  2007-11-29 20:39 . 2007-12-02 19:08 <DIR> d——– C:\Program Files\GameSpy Arcade
  2007-11-29 17:09 . 2007-12-02 01:31 69 –a—— C:\WINDOWS\NeroDigital.ini
  2007-11-28 22:20 . 2007-11-28 22:20 395 –a—— C:\WINDOWS\ODBC.INI
  2007-11-28 22:15 . 2007-11-28 22:19 <DIR> d——– C:\WINDOWS\ShellNew
  2007-11-28 21:39 . 2007-11-28 21:39 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\InstallShield
  2007-11-27 23:25 . 2007-12-02 22:55 <DIR> d——– C:\Program Files\DivX
  2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d——– C:\Program Files\SAGEM
  2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Common Files\Ahead
  2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Ahead
  2007-11-27 19:12 . 2001-07-09 10:50 155,648 –a—— C:\WINDOWS\system32\NeroCheck.exe
  2007-11-27 19:12 . 2000-06-26 10:45 106,496 –a—— C:\WINDOWS\system32\TwnLib20.dll
  2007-11-27 18:50 . 2007-11-27 18:53 <DIR> d——– C:\Program Files\SopCast
  2007-11-27 18:49 . 2007-11-27 18:49 <DIR> d——– C:\Program Files\Live_TV
  2007-11-27 18:22 . 2007-11-27 18:22 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Nero
  2007-11-27 18:19 . 2007-11-27 18:21 <DIR> d——– C:\Program Files\Common Files\Nero
  2007-11-27 18:19 . 2007-11-27 18:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nero
  2007-11-26 17:54 . 2007-11-26 17:54 <DIR> d–hs—- C:\WINDOWS\ftpcache
  2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Program Files\QuickTime
  2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
  2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Program Files\Apple Software Update
  2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple
  2007-11-25 10:14 . 2007-12-01 02:15 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
  2007-11-25 10:14 . 2007-11-29 22:00 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
  2007-11-25 10:14 . 2007-12-01 02:15 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
  2007-11-25 10:13 . 2007-11-25 10:13 <DIR> dr-h—– C:\Documents and Settings\Sadik\Application Data\SecuROM
  2007-11-25 10:13 . 2007-11-25 10:13 107,888 –a—— C:\WINDOWS\system32\CmdLineExt.dll
  2007-11-25 09:51 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
  2007-11-25 09:51 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
  2007-11-25 09:51 . 2007-06-20 20:46 266,088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
  2007-11-25 09:51 . 2007-06-20 20:45 18,280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
  2007-11-25 09:50 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-11-25 09:50 . 2007-03-12 16:42 3,495,784 –a—— C:\WINDOWS\system32\d3dx9_33.dll
  2007-11-25 09:50 . 2007-03-12 16:42 1,123,696 –a—— C:\WINDOWS\system32\D3DCompiler_33.dll
  2007-11-25 09:50 . 2007-03-15 16:57 443,752 –a—— C:\WINDOWS\system32\d3dx10_33.dll
  2007-11-25 09:50 . 2007-04-04 18:55 261,480 –a—— C:\WINDOWS\system32\xactengine2_7.dll
  2007-11-25 09:50 . 2007-01-24 15:27 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
  2007-11-25 09:50 . 2007-04-04 18:53 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
  2007-11-25 09:50 . 2007-03-05 12:42 15,128 –a—— C:\WINDOWS\system32\x3daudio1_1.dll
  2007-11-24 15:26 . 2007-11-24 15:25 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
  2007-11-24 15:26 . 2007-11-24 15:25 15,424 –a—— C:\WINDOWS\system32\drivers
  od32drv.sys
  2007-11-24 15:21 . 2007-07-30 19:19 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
  2007-11-24 15:21 . 2007-07-30 19:18 30,072 –a—— C:\WINDOWS\system32\mucltui.dll.mui
  2007-11-24 15:19 . 2007-11-24 15:21 10 –a—— C:\WINDOWS\system32\amonl.ini
  2007-11-24 15:18 . 2002-06-17 01:23 49,152 –a—— C:\WINDOWS\system32
  od32ccl.exe
  2007-11-24 15:18 . 2002-06-17 01:25 12 –a—— C:\WINDOWS\system32
  od32ccl.ini
  2007-11-24 15:18 . 2007-11-24 15:22 10 –a—— C:\WINDOWS\system32\NOD32l.ini
  2007-11-24 15:16 . 2007-11-24 15:25 298,104 –a—— C:\WINDOWS\system32\imon.dll
  2007-11-24 15:13 . 2007-11-24 15:13 <DIR> d——– C:\Program Files\Windows Journal Viewer
  2007-11-24 14:45 . 2007-11-24 14:45 306 –a—— C:\WINDOWS\system32\F8173910295B45b6A356920934C845A3.ini
  2007-11-24 14:44 . 2007-11-24 14:44 25,714,688 –a—— C:\WINDOWS\system32\Helikopterden_istanbul.scr
  2007-11-24 12:35 . 2007-11-24 12:35 253,952 ——— C:\WINDOWS\Setup1.exe
  2007-11-24 12:35 . 2007-11-24 12:35 74,752 –a—— C:\WINDOWS\ST6UNST.EXE
  2007-11-24 12:16 . 2007-11-24 12:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SRS Labs
  2007-11-24 12:15 . 2007-11-24 12:15 <DIR> d——– C:\Program Files\SRS Labs
  2007-11-24 12:15 . 2007-05-03 10:27 47,360 -ra—— C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
  2007-11-24 12:15 . 2007-05-03 10:27 46,592 -ra—— C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
  2007-11-24 12:15 . 2007-05-03 10:28 39,552 -ra—— C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
  2007-11-24 12:15 . 2007-05-03 10:27 37,248 -ra—— C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
  2007-11-24 12:15 . 2007-05-03 10:27 32,000 -ra—— C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
  2007-11-24 11:54 . 2007-11-24 11:54 3,861,830 –a—— C:\WINDOWS\system32\Kagaya.edm
  2007-11-24 11:54 . 2007-11-24 11:54 1,232,166 –a—— C:\WINDOWS\system32\jackasslayer.wav
  2007-11-24 11:54 . 2007-11-24 11:54 361,984 –a—— C:\WINDOWS\system32\Kagaya.scr
  2007-11-24 11:46 . 2007-12-02 18:29 <DIR> d——– C:\Program Files\SpeedFan
  2007-11-24 11:46 . 2007-11-24 11:46 45 –a—— C:\WINDOWS\system32\initdebug.nfo
  2007-11-24 11:39 . 2007-11-24 11:39 <DIR> d——– C:\Program Files\uTorrent
  2007-11-24 11:39 . 2007-12-02 20:17 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\uTorrent
  2007-11-24 11:35 . 2007-11-24 11:35 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
  2007-11-24 11:33 . 2007-12-01 02:25 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
  2007-11-24 02:13 . 2004-08-04 09:03 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
  2007-11-24 02:09 . 2006-08-21 10:14 128,896 —–c— C:\WINDOWS\system32\dllcache\fltmgr.sys
  2007-11-24 02:09 . 2006-08-21 10:14 23,040 —–c— C:\WINDOWS\system32\dllcache\fltmc.exe
  2007-11-24 02:09 . 2006-08-21 13:28 16,896 —–c— C:\WINDOWS\system32\dllcache\fltlib.dll
  2007-11-24 02:07 . 2007-11-24 02:07 <DIR> d——– C:\Program Files\MSXML 4.0
  2007-11-24 02:03 . 2007-11-24 02:03 <DIR> d——– C:\WINDOWS\system32
  l-nl
  2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Lavasoft
  2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
  2007-11-24 01:58 . 2007-08-20 11:02 6,058,496 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
  2007-11-24 01:58 . 2007-04-17 10:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
  2007-11-24 01:58 . 2007-03-08 06:11 1,032,192 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
  2007-11-24 01:58 . 2007-08-20 11:02 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
  2007-11-24 01:58 . 2007-08-20 11:02 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
  2007-11-24 01:58 . 2007-08-20 11:02 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
  2007-11-24 01:58 . 2007-08-20 11:02 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
  2007-11-24 01:58 . 2007-08-20 11:02 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-02 14:47 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-12-01 11:16 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
  2007-11-25 18:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
  2007-11-24 01:01 9,344 —-a-w C:\WINDOWS\system32\drivers\NSDriver.sys
  2007-11-24 01:01 8,320 —-a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
  2007-11-23 18:20 ——— d—–w C:\Program Files\MP3 Player Utilities 3.13
  2007-11-23 18:17 ——— d—–w C:\Program Files\NVIDIA Corporation
  2007-11-23 18:13 ——— d—–w C:\Documents and Settings\Sadik\Application Data\Teleca
  2007-11-23 18:11 ——— d—–w C:\Program Files\Disc2Phone
  2007-11-23 18:01 ——— d—–w C:\Program Files\Sony Ericsson
  2007-11-23 18:01 ——— d—–w C:\Program Files\Common Files\Teleca Shared
  2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
  2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
  2007-11-23 18:00 6,176 —-a-w C:\WINDOWS\system32\drivers\w810cm.sys
  2007-11-23 18:00 5,808 —-a-w C:\WINDOWS\system32\drivers\w810wh.sys
  2007-11-23 17:57 ——— d—–w C:\Program Files\LRC Editor 4
  2007-11-23 17:51 ——— d—–w C:\Program Files\Common Files\InstallShield
  2007-11-23 17:51 ——— d—–w C:\Program Files\ASUS
  2007-11-23 17:48 ——— d—–w C:\Program Files\Marvell
  2007-11-23 17:45 ——— d—–w C:\Program Files\Realtek
  2007-11-23 17:43 ——— d—–w C:\Program Files\Intel
  2007-11-23 17:38 ——— d—–w C:\Program Files\microsoft frontpage
  2007-10-23 13:20 972,072 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
  2007-10-22 07:51 972,072 —-a-w C:\WINDOWS\UNRecode.exe
  2007-10-20 00:56 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
  2007-10-20 00:56 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
  2007-10-20 00:56 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-10-04 16:14 6,854,464 —-a-w C:\WINDOWS\system32\drivers
  v4_mini.sys
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
  "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation
  Tune
  TuneCmd.exe" [2007-07-03 12:32]
  "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
  "Steam"="D:\Steam\Steam.exe" [2007-11-30 14:33]
  "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-24 12:16]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 C:\WINDOWS\RTHDCPL.exe]
  "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
  "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
  "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32
  wiz.exe]
  "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
  "nod32kui"="C:\Program Files\Eset
  od32kui.exe" [2007-11-24 15:25]
  "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:03]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
  backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  C:\Program Files\QuickTime\qttask.exe -atboottime

  R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-11-25 18:47:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  .
  **************************************************************************

  catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-03 20:21:31
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-03 20:23:35 - machine was rebooted
  .
  — E O F —


  hijackthis:


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:30:28, on 3-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Eset
  od32krn.exe
  C:\Program Files\NVIDIA Corporation
  Tune
  TuneService.exe
  C:\WINDOWS\System32
  vsvc32.exe
  C:\WINDOWS\system32\PnkBstrB.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Eset
  od32kui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
  D:\Steam\Steam.exe
  C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
  od32kui.exe" /WAITSERVICE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
  Tune
  TuneCmd.exe" clear
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
  O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
  od32krn.exe
  O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
  Tune
  TuneService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
  vsvc32.exe
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


  End of file - 6190 bytes
 • Start Hijackthis, kies voor [i:505b727419]'Do a system scan only'[/i:505b727419] en vink onderstaande regels aan:
  [b:505b727419]
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  [/b:505b727419]

  Sluit nu [u:505b727419]alle[/u:505b727419] openstaande vensters, behalve Hijackthis en klik op [b:505b727419]Fix Checked[/b:505b727419].


  Verwijder onderstaand bestand:
  C:\Program Files\[b:505b727419]Uninstall Fun Web Products.dll[/b:505b727419]

  En onderstaande map, indien nog aanwezig:
  C:\Program Files\[b:505b727419]MyWebSearch[/b:505b727419]

  Hoe is het met je problemen?

  Pim
 • zie al verbeteringen komen
  hij vliegt weer
  erg bedankt he :wink:

  prettige dag verder…  Respectl \/
  l <||||
  l |||
  l |||
 • kan nu weer normaal internette :D :D
 • Graag gedaan :)

  Deinstalleer Combofix:
  Ga naar start –> uitvoeren en typ daar: [b:fb26764640]combofix /u[/b:fb26764640]
  Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

  Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
  http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

  Pim
 • oww bedankt voor die tip

  maar uh
  heb dat getypt
  hij kan het pad niet vinden
  had hem vewijderd vanaf me bureaublad
  erg??
 • Controleer even ofdat je het het goed hebt overgetypt.
  Het is niet erg als je hem hebt verwijderd, maar verwijder onderstaande map ook nog even:
  C:\[b:a6f72d83d8]qoobox[/b:a6f72d83d8]

  Pim
 • alles verwijderd die ook ernaast waren
  logjes enzz.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord