Ga naar inhoud

[OPGELOST] trage pc


Aanbevolen berichten

mijn pc gaat heel traag

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57:23, on 26/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\System32\khooker.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Telenet EasyCare\bin\mpbtn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.dexia.be

O16 - DPF: Dexia netbanking - Net Banking - R.I.P.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://linn47.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shanakeuh3.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://www.new2.foto.com/ImageUploader5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://fotobook.foto.com/activex/SpeedUploader.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8066 bytes

Link naar reactie
Delen op andere sites

Wat Dikken meldde, klopt als een bus. Of dit de enige oorzaak is, is een andere vraag. Het goede nieuws is, dat je logje zo clean is als maar zijn kan.

Draai - om zeker te zijn - en eventuele verrassingen te kunnen elimineren even dit :

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht.

Link naar reactie
Delen op andere sites

Malwarebytes' Anti-Malware 1.11

Database versie: 709

Scan type: Snelle Scan

Objecten gescand: 42643

Verstreken tijd: 24 minute(s), 17 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 20

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 4

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Prima, doe dan nog even dit :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix aan je volgende bericht.

En laat eens horen of na deze behandeling je PC nog altijd even traag is ?

Link naar reactie
Delen op andere sites

  • 2 weken later...

ComboFix 08-05-01.3 - Patrick Vlaeminck 2008-05-03 17:37:39.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.91 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Patrick Vlaeminck\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Patrick Vlaeminck\real.txt

C:\WINDOWS\system32\real.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))

.

2008-05-02 20:51 . 2008-05-03 16:13 <DIR> dr-h----- C:\Documents and Settings\Patrick Vlaeminck\Onlangs geopend

2008-05-02 17:23 . 2008-05-02 17:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-02 17:23 . 2008-05-02 17:23 <DIR> d-------- C:\Documents and Settings\Patrick Vlaeminck\Application Data\Malwarebytes

2008-05-02 17:23 . 2008-05-02 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-04-26 18:41 . 2008-04-26 18:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-26 18:35 . 2008-04-26 18:36 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-04-12 15:00 . 2008-04-12 15:00 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-04-05 20:01 . 2008-04-05 20:01 0 --ah----- C:\Documents and Settings\Patrick Vlaeminck\ntuser.dat_TU_29227.LOG

2008-04-05 20:01 . 2008-04-05 20:01 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_96628.LOG

2008-04-05 20:01 . 2008-04-05 20:01 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_62136.LOG

2008-04-03 19:23 . 2008-04-03 19:23 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-04-03 19:23 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-04-03 19:22 . 2008-04-03 19:22 <DIR> d-------- C:\Documents and Settings\Patrick Vlaeminck\Application Data\TuneUp Software

2008-04-03 19:22 . 2008-04-03 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-03 19:21 . 2008-04-12 15:24 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 16:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-03 07:44 --------- d-----w C:\Documents and Settings\Patrick Vlaeminck\Application Data\AVG7

2008-05-02 18:50 --------- d-----w C:\Program Files\Spyware Doctor

2008-05-02 16:28 --------- d-----w C:\Program Files\Yahoo!

2008-05-02 16:28 --------- d-----w C:\Program Files\Google

2008-05-02 16:28 --------- d-----w C:\Program Files\DIKO

2008-05-02 16:28 --------- d-----w C:\Program Files\C-Media

2008-05-02 16:28 --------- d-----w C:\Program Files\BitComet

2008-04-27 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-05 16:59 --------- d-----w C:\Program Files\Ability Office 2002

2008-04-05 16:59 --------- d-----w C:\Documents and Settings\Patrick Vlaeminck\Application Data\ArcSoft

2008-04-05 16:56 --------- d-----w C:\Program Files\USBToolbox

2008-04-03 17:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-30 20:25 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-30 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-03-30 20:22 --------- d-----w C:\Program Files\Ulead Systems

2008-03-30 20:22 --------- d-----w C:\Program Files\Common Files\Ulead Systems

2008-03-30 09:50 --------- d-----w C:\Program Files\CodeStuff

2008-03-30 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2008-03-29 18:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-29 18:32 --------- d-----w C:\Documents and Settings\Patrick Vlaeminck\Application Data\PC Tools

2008-03-29 13:10 --------- d-----w C:\Program Files\Common Files\PC Tools

2008-03-28 12:49 --------- d-----w C:\Program Files\PowerQuest

2008-03-28 12:25 --------- d-----w C:\Program Files\Trend Micro

2008-03-24 20:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SurfRight

2008-03-24 18:18 --------- d-----w C:\Documents and Settings\Patrick Vlaeminck\Application Data\ESET

2008-03-24 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET

2008-03-24 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-21 15:48 --------- d-----w C:\Program Files\Hitman Pro

2008-03-21 15:37 --------- d-----w C:\Documents and Settings\Patrick Vlaeminck\Application Data\Lavasoft

2008-03-21 15:06 --------- d-----w C:\Program Files\BearShare

2008-03-19 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx

2008-03-19 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\SurfRight

2007-09-16 15:11 81,920 ----a-w C:\Documents and Settings\Patrick Vlaeminck\Application Data\ezpinst.exe

2007-09-16 15:11 47,360 ----a-w C:\Documents and Settings\Patrick Vlaeminck\Application Data\pcouffin.sys

2007-09-15 17:29 9 ----a-w C:\Documents and Settings\Patrick Vlaeminck\Application Data\mdb.bin

2006-09-26 13:18 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2006-06-14 12:12 73,472 ----a-w C:\Documents and Settings\Patrick Vlaeminck\Application Data\GDIPFONTCACHEV1.DAT

2001-09-07 12:00 94,784 --sh--w C:\WINDOWS\twain.dll

2004-08-04 00:03 50,688 --sh--w C:\WINDOWS\twain_32.dll

2004-08-04 00:03 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll

2004-08-04 00:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll

2004-08-04 00:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll

2007-12-04 18:42 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll

2004-08-04 00:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll

2004-08-04 00:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2001-12-13 09:27 290816]

"Cmaudio"="cmicnfg.cpl" [2001-12-07 09:59 425984 C:\WINDOWS\CMICNFG.CPL]

"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 11:34 655360]

"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-12-14 19:19 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752]

"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 21:40 69632]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 16:52 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-29 20:40 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

C:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanInicio]

C:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"C:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"<NO NAME>"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21244:TCP"= 21244:TCP:BitComet 21244 TCP

"21244:UDP"= 21244:UDP:BitComet 21244 UDP

"5425:TCP"= 5425:TCP:vietcong

"5425:UDP"= 5425:UDP:vc

"15425:TCP"= 15425:TCP:vc1

"15425:UDP"= 15425:UDP:vc2

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:03]

S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2002-09-09 20:53]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-03 19:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-03 16:00:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2007-07-28 10:55:32 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1184353174.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-04-28 07:12:00 C:\WINDOWS\Tasks\WebReg 20070714091257.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070714091257 /N

"2008-05-03 11:56:00 C:\WINDOWS\Tasks\WebReg 20070719135648.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070719135648 /N

"2008-05-03 08:09:00 C:\WINDOWS\Tasks\WebReg 20070808100955.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe

"2008-05-03 10:00:00 C:\WINDOWS\Tasks\WebReg 20070816120050.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe

"2008-05-03 08:13:00 C:\WINDOWS\Tasks\WebReg 20070820101333.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070820101333 /N

"2008-05-03 08:42:00 C:\WINDOWS\Tasks\WebReg 20070821104200.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070821104200 /N

"2008-05-03 16:50:04 C:\WINDOWS\Tasks\WebReg 20070821185058.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070821185058 /N

"2008-05-02 07:29:00 C:\WINDOWS\Tasks\WebReg 20070823092950.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070823092950 /N

"2008-05-02 18:58:00 C:\WINDOWS\Tasks\WebReg 20070827205845.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070827205845 /N

"2008-05-02 07:26:00 C:\WINDOWS\Tasks\WebReg 20070828092642.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070828092642 /N

"2008-05-02 07:28:00 C:\WINDOWS\Tasks\WebReg 20070829092835.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070829092835 /N

"2008-05-03 08:20:00 C:\WINDOWS\Tasks\WebReg 20070830102015.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070830102015 /N

"2008-05-03 15:25:00 C:\WINDOWS\Tasks\WebReg 20070906172545.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070906172545 /N

"2008-05-03 10:22:00 C:\WINDOWS\Tasks\WebReg 20070909122222.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070909122222 /N

"2008-05-02 17:22:00 C:\WINDOWS\Tasks\WebReg 20070910192222.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070910192222 /N

"2008-05-03 15:33:00 C:\WINDOWS\Tasks\WebReg 20070911173359.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070911173359 /N

"2008-05-03 10:47:00 C:\WINDOWS\Tasks\WebReg 20070912124759.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070912124759 /N

"2008-05-02 17:22:00 C:\WINDOWS\Tasks\WebReg 20070917192219.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070917192219 /N

"2008-05-03 11:12:00 C:\WINDOWS\Tasks\WebReg 20070919131217.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070919131217 /N

"2008-05-03 14:57:00 C:\WINDOWS\Tasks\WebReg 20070925165740.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070925165740 /N

"2008-05-03 12:14:00 C:\WINDOWS\Tasks\WebReg 20070929141421.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070929141421 /N

"2008-05-03 14:13:00 C:\WINDOWS\Tasks\WebReg 20071001161309.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071001161309 /N

"2008-05-02 17:27:00 C:\WINDOWS\Tasks\WebReg 20071015192747.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071015192747 /N

"2008-05-03 14:56:00 C:\WINDOWS\Tasks\WebReg 20071016165647.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071016165647 /N

"2008-05-03 16:22:00 C:\WINDOWS\Tasks\WebReg 20071022182224.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071022182224 /N

"2008-05-03 16:43:00 C:\WINDOWS\Tasks\WebReg 20071024184309.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071024184309 /N

"2008-05-03 11:49:00 C:\WINDOWS\Tasks\WebReg 20071030134921.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071030134921 /N

"2008-05-03 15:38:00 C:\WINDOWS\Tasks\WebReg 20071108173823.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071108173823 /N

"2008-05-03 16:17:00 C:\WINDOWS\Tasks\WebReg 20071123181759.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071123181759 /N

"2008-04-30 19:40:00 C:\WINDOWS\Tasks\WebReg 20071130214041.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071130214041 /N

"2008-05-03 12:27:00 C:\WINDOWS\Tasks\WebReg 20071205142709.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071205142709 /N

"2008-05-03 15:19:00 C:\WINDOWS\Tasks\WebReg 20080110171939.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080110171939 /N

"2008-05-02 17:25:00 C:\WINDOWS\Tasks\WebReg 20080121192529.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080121192529 /N

"2008-05-03 11:13:00 C:\WINDOWS\Tasks\WebReg 20080123131352.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080123131352 /N

"2008-05-03 08:23:00 C:\WINDOWS\Tasks\WebReg 20080208102308.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080208102308 /N

"2008-05-03 13:19:00 C:\WINDOWS\Tasks\WebReg 20080213151913.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080213151913 /N

"2008-05-03 11:15:00 C:\WINDOWS\Tasks\WebReg 20080220131502.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080220131502 /N

"2008-05-03 15:53:00 C:\WINDOWS\Tasks\WebReg 20080228175313.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20080228175313 /N

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-03 18:49:19

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 67

**************************************************************************

.

Voltooingstijd: 2008-05-03 18:59:44

ComboFix-quarantined-files.txt 2008-05-03 16:59:34

Pre-Run: 11,546,537,984 bytes beschikbaar

Post-Run: 11,579,535,360 bytes beschikbaar

239 --- E O F --- 2008-04-09 20:22:12

vooral het internet werkt traag.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.