Weergegeven resultaten: 1 t/m 5 van 5
  1. #1
    Up-to-date  
    Geregistreerd
    1 March 2006
    Berichten
    26
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts

    laptop start zeeeeeeeer traag op

    kan iemand dit eens bekijken.



    hijaLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:49, on 25/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ASWLSVC.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
    C:\WINDOWS\system32\ASWL2K.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ISP Monitor\isp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en /x86/client/wuweb_site.cab?1187725725687
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en /x86/client/muweb_site.cab?1187725714375
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUplo ader3.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swfla sh.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll
    O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
    O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 7032 bytes
    ck logfile

    Alvast bedankt

  2. #2
    Gevorderd   NiekR's schermafbeelding
    Geregistreerd
    22 April 2007
    Locatie
    Gelderland
    Berichten
    415
    Bedankjes
    48
    Bedankt
    53 keer in 51 posts
    Hallo jaenke,

    Ik ga even voor je kijken...

    - Niek

  3. #3
    Gevorderd   NiekR's schermafbeelding
    Geregistreerd
    22 April 2007
    Locatie
    Gelderland
    Berichten
    415
    Bedankjes
    48
    Bedankt
    53 keer in 51 posts
    Hallo jaenke,

    Je bent geïnfecteerd met een Vundo infectie. - Laten we eens kijken...



    1. Download VundoFix.exe naar je bureaublad.
    • Dubbelklik VundoFix.exe om het te starten.
    • Klik op de Scan for Vundo knop.
    • Eenmaal gedaan met scannen, klik op de Remove Vundo knop.
    • Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
    • Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.
    • Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
    • Start je pc terug opnieuw op.
    • Post de inhoud van C:\vundofix.txt en een nieuwe HijackThis log in je volgende post.
    Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.
    In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf:
    Klik op Scan for Vundo.



    Fijne feestdagen!
    - Niek

  4. #4
    Up-to-date  
    Geregistreerd
    1 March 2006
    Berichten
    26
    Bedankjes
    0
    Bedankt
    0 keer in 0 posts

    hier het combefix logje

    Alvast bedankt.vundofix geeft aan dat hij niets gevonden heeft


    ComboFix 07-12-21.4 - frank 2007-12-26 11:32:33.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.940 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\frank\Bureaublad\downloads\Nieuwe map\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Program Files\powercodec
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
    .
    2007-12-26 11:28 . 2007-12-26 11:28 <DIR> d-------- C:\WINDOWS\LastGood
    2007-12-25 16:03 . 2007-12-25 16:03 <DIR> d-------- C:\VundoFix Backups
    2007-12-25 12:06 . 2007-12-25 12:06 <DIR> d-------- C:\Program Files\Trend Micro
    2007-12-25 11:43 . 2007-12-25 11:43 <DIR> d-------- C:\Documents and Settings\frank\DoctorWeb
    2007-12-25 09:41 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2007-12-25 09:41 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2007-12-25 09:41 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-12-25 09:41 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-12-25 09:41 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-12-25 09:41 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2007-12-25 08:08 . 2007-12-25 08:08 <DIR> d-------- C:\FF
    2007-12-25 08:04 . 2007-12-25 08:05 <DIR> d-------- C:\Program Files\USB Vibration Joystick
    2007-12-22 14:17 . 2007-12-22 14:17 <DIR> d-------- C:\WINDOWS\system32\QuickTime
    2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Program Files\QuickTime
    2007-12-21 08:02 . 2007-12-21 09:59 261 --a------ C:\WINDOWS\LEXSTAT.INI
    2007-12-20 20:59 . 2007-12-20 20:59 1,005 --a------ C:\WINDOWS\system32\Layo1 Electro.cfg
    2007-12-20 20:58 . 2007-12-20 20:58 <DIR> d-------- C:\Program Files\Baas Electronics
    2007-12-20 20:22 . 2007-12-20 20:22 512 --a------ C:\WINDOWS\randseed.rnd
    2007-12-20 20:22 . 2007-12-20 20:22 134 --a------ C:\WINDOWS\PGP_sdk.prf
    2007-12-15 20:03 . 2007-12-15 20:03 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
    2007-12-14 21:14 . 2007-12-14 21:14 <DIR> d-------- C:\download
    2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-12-14 20:23 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-12-13 20:34 . 2007-12-13 20:34 <DIR> d-------- C:\Program Files\IrfanView
    2007-12-12 20:43 . 2007-12-12 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
    2007-12-11 21:14 . 2007-12-11 21:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2007-12-11 21:14 . 2007-12-11 21:14 <DIR> d-------- C:\Program Files\A9Tech
    2007-12-11 20:57 . 2007-12-11 20:57 <DIR> d-------- C:\Documents and Settings\frank\Application Data\FreeCAD
    2007-12-11 20:26 . 1998-12-08 18:53 31,744 --a------ C:\WINDOWS\system32\hlp95en.dll
    2007-12-11 18:24 . 2007-12-11 18:24 <DIR> d-------- C:\Documents and Settings\frank\System
    2007-12-11 18:24 . 2007-12-11 18:24 <DIR> d-------- C:\Documents and Settings\frank\Application Data\SmartDraw
    2007-12-10 21:14 . 2007-09-09 22:17 4,856,344 --------- C:\WINDOWS\dwgview.CAB
    2007-12-10 21:14 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2007-12-10 21:14 . 2007-12-10 21:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2007-12-10 21:14 . 2007-12-10 21:14 819 --a------ C:\WINDOWS\ST6UNST.000
    2007-12-10 20:58 . 2007-12-10 20:58 <DIR> d-------- C:\Program Files\Google
    2007-12-10 20:46 . 2007-12-10 20:46 <DIR> d-------- C:\Program Files\Apperson
    2007-12-10 18:04 . 2006-07-20 15:45 139,264 --a------ C:\WINDOWS\MGSConf.dll
    2007-12-10 18:04 . 2005-07-07 10:05 5,193 --a------ C:\WINDOWS\MGSConf.fra
    2007-12-10 18:04 . 2005-07-07 10:07 5,191 --a------ C:\WINDOWS\MGSConf.esp
    2007-12-10 18:04 . 2005-07-07 10:02 5,189 --a------ C:\WINDOWS\MGSConf.eng
    2007-12-10 18:04 . 2005-07-07 10:04 5,189 --a------ C:\WINDOWS\MGSConf.deu
    2007-12-10 18:04 . 2005-07-07 09:58 5,179 --a------ C:\WINDOWS\MGSConf.ita
    2007-12-10 17:54 . 2007-12-10 17:54 <DIR> d-------- C:\COMPEN
    2007-12-08 21:31 . 2007-12-08 21:31 <DIR> d-------- C:\CNCWINT
    2007-12-08 20:22 . 2002-10-03 18:19 284,672 --a------ C:\WINDOWS\INSTMG.EXE
    2007-12-08 20:19 . 2007-12-09 15:13 84 --a------ C:\WINDOWS\LDTTool.ini
    2007-12-08 20:08 . 2007-12-26 11:23 8,405,015 --a------ C:\WINDOWS\TempFile
    2007-12-08 20:08 . 2005-04-06 15:49 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
    2007-12-08 20:08 . 2007-12-08 20:08 304,640 --a------ C:\WINDOWS\system32\hlvdd.dll
    2007-12-08 20:07 . 1999-05-21 10:53 686,176 --a------ C:\WINDOWS\system32\PVDTB60.OCX
    2007-12-08 20:07 . 2002-09-28 15:56 410,832 --a------ C:\WINDOWS\system32\vsprint8.ocx
    2007-12-08 20:07 . 2001-09-04 10:53 362,128 --a------ C:\WINDOWS\system32\VSPRINT7.ocx
    2007-12-08 20:07 . 2002-01-10 10:31 173,776 --a------ C:\WINDOWS\system32\vsPDF.ocx
    2007-12-07 20:38 . 2007-12-07 20:38 <DIR> d-------- C:\Ced_Comet
    2007-12-07 19:33 . 2007-12-07 19:33 <DIR> d-------- C:\COMET
    2007-12-07 19:27 . 2007-12-07 19:27 <DIR> d-------- C:\JOB
    2007-12-07 19:26 . 2007-12-07 19:26 <DIR> d-------- C:\CAMplus
    2007-12-07 16:42 . 2007-12-07 16:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
    2007-12-07 16:34 . 2007-12-07 16:34 <DIR> d-------- C:\Documents and Settings\frank\Application Data\U3
    2007-12-06 18:44 . 2007-12-10 17:55 485,152 --a------ C:\WINDOWS\OWL250.DLL
    2007-12-06 18:44 . 2007-12-10 17:55 220,672 --a------ C:\WINDOWS\BC450RTL.DLL
    2007-12-06 18:44 . 2007-12-10 17:55 60,758 --a------ C:\WINDOWS\BIDS45.DLL
    2007-12-05 20:41 . 2007-12-10 18:09 505 --a------ C:\WINDOWS\MGSConf.xml
    2007-12-05 20:32 . 2007-12-10 18:05 452 --a------ C:\WINDOWS\EMMEGISOFT.INI
    2007-12-05 19:48 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
    2007-12-05 18:34 . 2007-12-05 18:34 221 --a------ C:\WINDOWS\SOFTEK.INI
    2007-12-05 18:33 . 2007-12-25 18:32 118 --a------ C:\WINDOWS\Job.INI
    2007-12-05 18:32 . 2005-06-16 12:34 3,174,400 --a------ C:\WINDOWS\system32\hinstd.dll
    2007-12-05 18:32 . 2005-06-07 10:39 1,867,183 --a------ C:\WINDOWS\system32\haspds_windows.dll
    2007-12-05 18:32 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
    2007-12-05 18:32 . 2005-06-21 12:17 28,672 --a------ C:\WINDOWS\system32\hlduinst.exe
    2007-12-05 18:31 . 2005-07-07 10:02 5,189 --a------ C:\WINDOWS\MGSCONF.MSG
    2007-12-05 18:26 . 2007-12-10 17:54 36,864 --a------ C:\ANTIWOW.EXE
    2007-12-05 18:26 . 1993-08-16 15:22 21,648 --a------ C:\WINDOWS\CTL3DV2.DLL
    2007-12-02 11:09 . 2005-04-20 04:52 18,628 --------- C:\WINDOWS\system32\drivers\AVIDUMSS.sys
    2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-12-25 10:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-12-25 08:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-05 17:30 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-12-05 17:30 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-05 17:30 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-05 17:30 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-23 18:19 5,139,757 ----a-w C:\WINDOWS\Faredo.exe
    2007-11-23 18:19 402,720 ----a-w C:\WINDOWS\Faredo.scr
    2007-11-23 18:19 30,208 ----a-w C:\WINDOWS\mickey32.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-11 14:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-11-08 19:52 --------- d-----w C:\Documents and Settings\frank\Application Data\ISP Monitor
    2007-11-04 16:43 30,464 ----a-w C:\WINDOWS\macromix.dll
    2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
    2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
    2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
    2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
    2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\quartz.dll
    2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:54 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-09-09 19:20 284 ----a-w C:\Documents and Settings\frank\Application Data\ViewerApp.dat
    2007-01-05 19:06 5 --sha-w C:\WINDOWS\system32\bcfcfada_g.dll
    2007-04-03 17:45 5 --sha-w C:\WINDOWS\system32\fddaee9_s.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
    "ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2007-11-04 23:42]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ASUS ChkMail.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
    backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Cnc Status Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Cnc Status Monitor.lnk
    backup=C:\WINDOWS\pss\Cnc Status Monitor.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
    2003-09-19 12:54 172032 --a------ C:\Program Files\ASUS\ASUS Live Update\ALU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-05-31 21:05 344064 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2007-01-09 22:59 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
    2005-09-13 21:55 1668096 --a------ C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 14:00 15360 --------- C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 00:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
    2005-07-28 09:29 102400 --a------ C:\WINDOWS\ATK0100\HControl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2001-11-07 17:54 196608 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
    2005-07-27 17:07 765952 --a------ C:\Program Files\ASUS\NB Probe\NBProbe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
    2005-08-31 15:47 1101824 --a------ C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    2006-09-05 19:22 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 10:11 1388544 --------- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    C:\Program Files\Spyware Doctor\swdoctor.exe /Q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "W32Time"=2 (0x2)
    "SharedAccess"=2 (0x2)
    R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 20:27]
    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
    S2 fpu2001;Field Processing Unit;C:\WINDOWS\system32\DRIVERS\fpu2001.sys []
    S3 canenum;CANOpen Bus Enumerator;C:\WINDOWS\system32\DRIVERS\canenum.sys []
    S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswui o.sys [2005-06-08 15:55]
    S3 SER120;DCU-11 Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{afe04ea6-a4d9-11dc-a4b4-0015f2ccfc77}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-08-26 15:53:30 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    "2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - frank.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2007-12-25 09:00:04 C:\WINDOWS\Tasks\At1.job"
    - C:\AutoBack\backup1.bat
    "2007-12-25 09:00:04 C:\WINDOWS\Tasks\At2.job"
    - C:\AutoBack\backup1.bat
    .
    ************************************************** ************************
    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 11:34:05
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scannen van verborgen processen ...
    scannen van verborgen autostart items ...
    scannen van verborgen bestanden ...
    Scan succesvol afgerond
    verborgen bestanden: 0
    ************************************************** ************************
    .
    Voltooingstijd: 2007-12-26 11:34:36
    C:\ComboFix2.txt ... 2007-04-05 18:40
    C:\ComboFix-quarantined-files.txt ... 2007-04-05 18:40
    .
    2007-12-15 20:52:37 --- E O F ---
    Laatst gewijzigd door jaenke; 26 December 2007 om 12:52

  5. #5
    Gevorderd   NiekR's schermafbeelding
    Geregistreerd
    22 April 2007
    Locatie
    Gelderland
    Berichten
    415
    Bedankjes
    48
    Bedankt
    53 keer in 51 posts
    Hallo jaenke,

    Ziet er goed uit, nog even voor de zekerheid...

    • Download Dr.Web CureIt en sla het op je bureaublad op.
    • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
      Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
    • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
    • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
    • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
      • Adware: Verplaats
      • Dialers: Verplaats
      • Jokes: Rapportage
      • Riskware: Rapportage
      • Hacktools: Verplaats
      • Haal dan het vinkje weg bij 'Prompt bij actie'.
    • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
      Druk vervolgens op Toepassen gevolgd door OK.
    • Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
      Druk daarna op het groene pijltje (start knop) om de scan te starten.
    • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
    • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
      Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
    • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
    • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.


    Ondervind je nog problemen?

    - Niek

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Reacties: 6
    Laatste bericht: 6 November 2007, 20:37
  2. Pc start traag op
    Door Hellgamer in forum HijackThis
    Reacties: 8
    Laatste bericht: 31 August 2007, 17:02
  3. laptop start heel traag op
    Door Spike in forum HijackThis
    Reacties: 6
    Laatste bericht: 28 June 2007, 14:05
  4. Laptop start extreem traag op !!!!
    Door Stijn1991 in forum HijackThis
    Reacties: 7
    Laatste bericht: 14 May 2007, 17:29
  5. pc start traag op
    Door kingtommyboy in forum Windows
    Reacties: 1
    Laatste bericht: 21 September 2006, 17:19

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •