Vraag & Antwoord

Beveiliging & privacy

Pc weer erg traag

Anoniem
pimvandenderen
10 antwoorden
  • me pc doet weer raar
    heb msconfig ook gebruikt
    opent internet paginas laat
    [gebruik atf cleaner+ ccleaner]
    en verwijder internet bestanden af en toe
    na het opstarten weer 5 min wachten totdat ie bij is

    k heb een logje gemaakt
    k hoop dat het daaraan ligt wat jullie vinden
    alvast erg bedankt



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:10:58, on 3-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Steam\Steam.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYNL
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 7292 bytes

    heb al 1tje gezien denk ik:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • Ga naar Start -> Configuratiescherm -> Software en verwijder daar, indien aanwezig
    [b:e75846e32e]
    My Web Search
    My Web Speedbar
    WebSearch Tools
    Search Assistant - My Way
    [/b:e75846e32e]

    Herstart vervolgens je PC.

    Download [b:e75846e32e]Combofix[/b:e75846e32e] naar je [b:e75846e32e]bureaublad[/b:e75846e32e]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:e75846e32e]download Combofix opnieuw[/b:e75846e32e]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:e75846e32e]combofix.exe[/u:e75846e32e]
    Kies voor "Continue" door [b:e75846e32e]1[/b:e75846e32e] te typen gevolgd door [b:e75846e32e]ENTER[/b:e75846e32e].
    Tijdens het runnen van de fix, [b:e75846e32e]NIET[/b:e75846e32e] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:e75846e32e]combofix.txt[/b:e75846e32e] openen.
    [i:e75846e32e]Plaats in je volgende antwoord het logje van combofix (combofix.txt[/i:e75846e32e]) tesamen met een vers Hijackthis log.

    Succes!

    Pim
  • combofix:



    ComboFix 07-12-02.6 - Sadik 2007-12-03 20:18:28.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.736 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\[u:4b7dcd3adb]0[/u:4b7dcd3adb]0448A24.dat
    C:\Program Files\internet explorer\msimg32.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))
    .

    2007-12-03 20:13 . 2007-12-01 02:22 381,012 –a—— C:\Program Files\Uninstall Fun Web Products.dll
    2007-12-03 17:10 . 2007-12-03 17:10 <DIR> d——– C:\Program Files\Trend Micro
    2007-12-03 17:10 . 2007-12-03 17:10 <DIR> dr-h—– C:\Documents and Settings\Sadik\Onlangs geopend
    2007-12-02 20:27 . 2007-12-02 20:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SimCity Societies
    2007-12-02 18:12 . 2007-12-02 18:12 <DIR> d——– C:\WINDOWS\Sun
    2007-12-02 15:49 . 2007-12-02 15:49 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
    2007-12-02 15:49 . 2007-12-02 15:49 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
    2007-12-02 14:54 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-12-02 14:48 . 2007-12-02 14:48 <DIR> d——– C:\WINDOWS\system32\Futuremark
    2007-12-02 14:48 . 2004-10-25 20:02 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
    2007-12-02 14:48 . 1999-11-02 10:01 6,173 –a—— C:\WINDOWS\system32\drivers\Entech.vxd
    2007-12-02 14:48 . 2004-06-22 15:44 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
    2007-12-02 14:48 . 2001-11-19 19:05 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
    2007-12-02 02:20 . 2007-12-03 09:46 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2007-12-02 02:20 . 2007-12-02 02:20 1,409 –a—— C:\WINDOWS\QTFont.for
    2007-11-29 20:39 . 2007-12-02 19:08 <DIR> d——– C:\Program Files\GameSpy Arcade
    2007-11-29 17:09 . 2007-12-02 01:31 69 –a—— C:\WINDOWS\NeroDigital.ini
    2007-11-28 22:20 . 2007-11-28 22:20 395 –a—— C:\WINDOWS\ODBC.INI
    2007-11-28 22:15 . 2007-11-28 22:19 <DIR> d——– C:\WINDOWS\ShellNew
    2007-11-28 21:39 . 2007-11-28 21:39 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\InstallShield
    2007-11-27 23:25 . 2007-12-02 22:55 <DIR> d——– C:\Program Files\DivX
    2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d——– C:\Program Files\SAGEM
    2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-11-27 19:12 . 2007-11-27 19:12 <DIR> d——– C:\Program Files\Ahead
    2007-11-27 19:12 . 2001-07-09 10:50 155,648 –a—— C:\WINDOWS\system32\NeroCheck.exe
    2007-11-27 19:12 . 2000-06-26 10:45 106,496 –a—— C:\WINDOWS\system32\TwnLib20.dll
    2007-11-27 18:50 . 2007-11-27 18:53 <DIR> d——– C:\Program Files\SopCast
    2007-11-27 18:49 . 2007-11-27 18:49 <DIR> d——– C:\Program Files\Live_TV
    2007-11-27 18:22 . 2007-11-27 18:22 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Nero
    2007-11-27 18:19 . 2007-11-27 18:21 <DIR> d——– C:\Program Files\Common Files\Nero
    2007-11-27 18:19 . 2007-11-27 18:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-26 17:54 . 2007-11-26 17:54 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Program Files\QuickTime
    2007-11-25 19:48 . 2007-11-25 19:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
    2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Program Files\Apple Software Update
    2007-11-25 19:47 . 2007-11-25 19:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-25 10:14 . 2007-12-01 02:15 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-25 10:14 . 2007-11-29 22:00 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-25 10:14 . 2007-12-01 02:15 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-25 10:13 . 2007-11-25 10:13 <DIR> dr-h—– C:\Documents and Settings\Sadik\Application Data\SecuROM
    2007-11-25 10:13 . 2007-11-25 10:13 107,888 –a—— C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-25 09:51 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-11-25 09:51 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
    2007-11-25 09:51 . 2007-06-20 20:46 266,088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
    2007-11-25 09:51 . 2007-06-20 20:45 18,280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
    2007-11-25 09:50 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-11-25 09:50 . 2007-03-12 16:42 3,495,784 –a—— C:\WINDOWS\system32\d3dx9_33.dll
    2007-11-25 09:50 . 2007-03-12 16:42 1,123,696 –a—— C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-11-25 09:50 . 2007-03-15 16:57 443,752 –a—— C:\WINDOWS\system32\d3dx10_33.dll
    2007-11-25 09:50 . 2007-04-04 18:55 261,480 –a—— C:\WINDOWS\system32\xactengine2_7.dll
    2007-11-25 09:50 . 2007-01-24 15:27 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
    2007-11-25 09:50 . 2007-04-04 18:53 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-11-25 09:50 . 2007-03-05 12:42 15,128 –a—— C:\WINDOWS\system32\x3daudio1_1.dll
    2007-11-24 15:26 . 2007-11-24 15:25 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-11-24 15:26 . 2007-11-24 15:25 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-11-24 15:21 . 2007-07-30 19:19 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-11-24 15:21 . 2007-07-30 19:18 30,072 –a—— C:\WINDOWS\system32\mucltui.dll.mui
    2007-11-24 15:19 . 2007-11-24 15:21 10 –a—— C:\WINDOWS\system32\amonl.ini
    2007-11-24 15:18 . 2002-06-17 01:23 49,152 –a—— C:\WINDOWS\system32\nod32ccl.exe
    2007-11-24 15:18 . 2002-06-17 01:25 12 –a—— C:\WINDOWS\system32\nod32ccl.ini
    2007-11-24 15:18 . 2007-11-24 15:22 10 –a—— C:\WINDOWS\system32\NOD32l.ini
    2007-11-24 15:16 . 2007-11-24 15:25 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-11-24 15:13 . 2007-11-24 15:13 <DIR> d——– C:\Program Files\Windows Journal Viewer
    2007-11-24 14:45 . 2007-11-24 14:45 306 –a—— C:\WINDOWS\system32\F8173910295B45b6A356920934C845A3.ini
    2007-11-24 14:44 . 2007-11-24 14:44 25,714,688 –a—— C:\WINDOWS\system32\Helikopterden_istanbul.scr
    2007-11-24 12:35 . 2007-11-24 12:35 253,952 ——— C:\WINDOWS\Setup1.exe
    2007-11-24 12:35 . 2007-11-24 12:35 74,752 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-11-24 12:16 . 2007-11-24 12:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SRS Labs
    2007-11-24 12:15 . 2007-11-24 12:15 <DIR> d——– C:\Program Files\SRS Labs
    2007-11-24 12:15 . 2007-05-03 10:27 47,360 -ra—— C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 46,592 -ra—— C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:28 39,552 -ra—— C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 37,248 -ra—— C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
    2007-11-24 12:15 . 2007-05-03 10:27 32,000 -ra—— C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
    2007-11-24 11:54 . 2007-11-24 11:54 3,861,830 –a—— C:\WINDOWS\system32\Kagaya.edm
    2007-11-24 11:54 . 2007-11-24 11:54 1,232,166 –a—— C:\WINDOWS\system32\jackasslayer.wav
    2007-11-24 11:54 . 2007-11-24 11:54 361,984 –a—— C:\WINDOWS\system32\Kagaya.scr
    2007-11-24 11:46 . 2007-12-02 18:29 <DIR> d——– C:\Program Files\SpeedFan
    2007-11-24 11:46 . 2007-11-24 11:46 45 –a—— C:\WINDOWS\system32\initdebug.nfo
    2007-11-24 11:39 . 2007-11-24 11:39 <DIR> d——– C:\Program Files\uTorrent
    2007-11-24 11:39 . 2007-12-02 20:17 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\uTorrent
    2007-11-24 11:35 . 2007-11-24 11:35 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
    2007-11-24 11:33 . 2007-12-01 02:25 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
    2007-11-24 02:13 . 2004-08-04 09:03 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2007-11-24 02:09 . 2006-08-21 10:14 128,896 —–c— C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-11-24 02:09 . 2006-08-21 10:14 23,040 —–c— C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-11-24 02:09 . 2006-08-21 13:28 16,896 —–c— C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-11-24 02:07 . 2007-11-24 02:07 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-11-24 02:03 . 2007-11-24 02:03 <DIR> d——– C:\WINDOWS\system32\nl-nl
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Lavasoft
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-24 02:00 . 2007-11-24 02:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-24 01:58 . 2007-08-20 11:02 6,058,496 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-11-24 01:58 . 2007-04-17 10:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-11-24 01:58 . 2007-03-08 06:11 1,032,192 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-11-24 01:58 . 2007-08-20 11:02 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-11-24 01:58 . 2007-08-20 11:02 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-11-24 01:58 . 2007-08-20 11:02 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-11-24 01:58 . 2007-08-20 11:02 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
    2007-11-24 01:58 . 2007-08-20 11:02 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-02 14:47 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-12-01 11:16 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-25 18:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-24 01:01 9,344 —-a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-11-24 01:01 8,320 —-a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-11-23 18:20 ——— d—–w C:\Program Files\MP3 Player Utilities 3.13
    2007-11-23 18:17 ——— d—–w C:\Program Files\NVIDIA Corporation
    2007-11-23 18:13 ——— d—–w C:\Documents and Settings\Sadik\Application Data\Teleca
    2007-11-23 18:11 ——— d—–w C:\Program Files\Disc2Phone
    2007-11-23 18:01 ——— d—–w C:\Program Files\Sony Ericsson
    2007-11-23 18:01 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
    2007-11-23 18:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-11-23 18:00 6,176 —-a-w C:\WINDOWS\system32\drivers\w810cm.sys
    2007-11-23 18:00 5,808 —-a-w C:\WINDOWS\system32\drivers\w810wh.sys
    2007-11-23 17:57 ——— d—–w C:\Program Files\LRC Editor 4
    2007-11-23 17:51 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-11-23 17:51 ——— d—–w C:\Program Files\ASUS
    2007-11-23 17:48 ——— d—–w C:\Program Files\Marvell
    2007-11-23 17:45 ——— d—–w C:\Program Files\Realtek
    2007-11-23 17:43 ——— d—–w C:\Program Files\Intel
    2007-11-23 17:38 ——— d—–w C:\Program Files\microsoft frontpage
    2007-10-23 13:20 972,072 —-a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-10-22 07:51 972,072 —-a-w C:\WINDOWS\UNRecode.exe
    2007-10-20 00:56 9,464 ——w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-10-20 00:56 9,336 ——w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-10-20 00:56 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-10-04 16:14 6,854,464 —-a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "Steam"="D:\Steam\Steam.exe" [2007-11-30 14:33]
    "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-24 12:16]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-24 15:25]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 09:03]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-25 18:47:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-03 20:21:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-03 20:23:35 - machine was rebooted
    .
    — E O F —


    hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:30:28, on 3-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Steam\Steam.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6190 bytes
  • Start Hijackthis, kies voor [i:505b727419]'Do a system scan only'[/i:505b727419] en vink onderstaande regels aan:
    [b:505b727419]
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:505b727419]

    Sluit nu [u:505b727419]alle[/u:505b727419] openstaande vensters, behalve Hijackthis en klik op [b:505b727419]Fix Checked[/b:505b727419].


    Verwijder onderstaand bestand:
    C:\Program Files\[b:505b727419]Uninstall Fun Web Products.dll[/b:505b727419]

    En onderstaande map, indien nog aanwezig:
    C:\Program Files\[b:505b727419]MyWebSearch[/b:505b727419]

    Hoe is het met je problemen?

    Pim
  • zie al verbeteringen komen
    hij vliegt weer
    erg bedankt he :wink:

    prettige dag verder…



    Respectl \/
    l <||||
    l |||
    l |||
  • kan nu weer normaal internette :D :D
  • Graag gedaan :)

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:fb26764640]combofix /u[/b:fb26764640]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim
  • oww bedankt voor die tip

    maar uh
    heb dat getypt
    hij kan het pad niet vinden
    had hem vewijderd vanaf me bureaublad
    erg??
  • Controleer even ofdat je het het goed hebt overgetypt.
    Het is niet erg als je hem hebt verwijderd, maar verwijder onderstaande map ook nog even:
    C:\[b:a6f72d83d8]qoobox[/b:a6f72d83d8]

    Pim
  • alles verwijderd die ook ernaast waren
    logjes enzz.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.