Ga naar inhoud

[OPGELOST] hijackthis log


Aanbevolen berichten

bedankt voor alle hulp! maar mijn computer werkt nog altijd trager dan tevoren. programma's starten minder snel op, ook als ik muziek afspeel komen er schokken in voor. ik merk het zelfs wanneer ik mijn muis-icoon over het scherm beweeg.. enig idee wat ik nog zou kunnen doen?

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Oeps, dat klinkt helemaal niet als opgelost natuurlijk.

Zet een snelkoppeling naar op je bureaublad.

Dubbelklik op de snelkoppeling van Panda ActiveScan en doe een Full Systemscan. Je kan de (eventueel) besmette bestanden niet verwijderen. Daarvoor moet je het programma aankopen. Maar het gaat ons hier enkel om het log dat Panda Scan oplevert.

Link naar reactie
Delen op andere sites

;***********************************************************************************************************************************************************************************

ANALYSIS: 2008-05-17 16:12:26

PROTECTIONS: 1

MALWARE: 7

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

ESET NOD32 antivirus system 2.70 2.70 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.com.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.bs.serving-sys.com/]

00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@metriweb[1].txt

02377451 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\All Users\Documenten\bsplayer224.954_clip.exe[AdVantageSetup.exe]

02934058 Trj/Sinowal.DW Virus/Trojan No 1 Yes No H:\Music Programs\Adobe Audition\CRACK\KEYGEN.EXE

;===================================================================================================================================================================================

SUSPECTS

Sent Location l

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description l

;===================================================================================================================================================================================

184380 MEDIUM MS08-002 l

184379 MEDIUM MS08-001 l

182048 HIGH MS07-069 l

182046 HIGH MS07-067 l

182043 HIGH MS07-064 l

179553 HIGH MS07-061 l

176382 HIGH MS07-057 l

176383 HIGH MS07-058 l

;===================================================================================================================================================================================

Link naar reactie
Delen op andere sites

Dit is niet echt wat ik je gevraagd had - een log met Panda Active Scan - maar wel een verslag van je eigen virusscanner, zo blijkt.

Op basis daarvan mag je volgende vetgedrukte bestanden verwijderen (dat is absolute rommel) :

H:\Music Programs\Adobe Audition\CRACK\KEYGEN.EXE

C:\Documents and Settings\All Users\Documenten\bsplayer224.954_clip.exe

Daarna even dit :

Leeg de Cache and Cookies in IE:

  • Sluit Internet Explorer.
  • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
  • Klik de Cookies verwijderen knop
  • Klik op de Bestanden verwijderen knop ernaast
  • Vink aan: Ook alle off line items verwijderen, klik OK

* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

  • Ga naar Extra > Opties.
  • Klik Privacy in het menu.
  • Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
  • Klik OK om het venster opnieuw te sluiten.

* Leeg andere Temporary files + Prullenbak

  • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
  • Laat het je systeem scannen op bestanden die moeten verwijderd worden
  • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  • Klik daarna op OK.

Laat dan je NOD32 nog eens runnen en bekijk of die nog iets te vertellen heeft. En dan wacht ik ook nog graag op dat Panda-log.

Link naar reactie
Delen op andere sites

Scan performed at: 17/05/2008 20:01:27

Scanning Log

NOD32 version 3106 (20080516) NT

Operating memory - is OK

Date: 17.5.2008 Time: 20:02:08

Anti-Stealth technology is enabled.

Scanned disks, folders and files: C:; D:; H:

C:\hiberfil.sys - error opening (File locked) [4]

C:\pagefile.sys - error opening (File locked) [4]

C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\user\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\user\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\parent.lock - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\pending.dat - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\dfsr.db - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\fsr.log - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\fsrtmp.log - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\tmp.edb - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]

C:\WINDOWS\system32\config\default - error opening (File locked) [4]

C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]

C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]

C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\software - error opening (File locked) [4]

C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\system - error opening (File locked) [4]

C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\drivers\sptd.sys - error opening (File locked) [4]

D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]

Number of scanned files: 126438

Number of threats found: 0

Time of completion: 21:11:49 Total scanning time: 4181 sec (01:09:41)

Notes:

[4] File cannot be opened. It may be in use by another application or operating system.

Link naar reactie
Delen op andere sites

ComboFix 08-05-15.3 - user 2008-05-18 19:03:18.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.153 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))

.

2008-05-17 10:14 . 2008-05-17 10:14 <DIR> d-------- C:\WING

2008-05-17 10:14 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL

2008-05-17 10:14 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\WING.DLL

2008-05-17 10:14 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL

2008-05-17 10:14 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\WINGDIB.DRV

2008-05-17 10:14 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\WINGPAL.WND

2008-05-15 18:18 . 2008-05-18 18:13 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend

2008-05-15 18:11 . 2008-05-15 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-13 12:13 . 2008-05-15 19:52 <DIR> d-------- C:\Program Files\Panda Security

2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes

2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-10 17:18 . 2008-05-10 17:18 1,099,839 --a------ C:\WINDOWS\system32\TmpA1954125

2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-06 23:47 . 2008-05-17 23:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc

2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx

2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX

2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX

2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 16:39 --------- d-----w C:\Program Files\Soulseek

2008-05-17 14:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent

2008-05-15 16:12 --------- d-----w C:\Program Files\VideoLAN

2008-05-15 12:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-15 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-15 11:57 --------- d-----w C:\Program Files\SpywareGuard

2008-05-10 15:18 --------- d-----w C:\Program Files\Absolute MP3 Splitter

2008-05-10 15:18 --------- d-----w C:\Program Files\Ableton

2008-05-10 14:19 --------- d-----w C:\Program Files\Java

2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro

2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh

2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer

2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft

2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-08 14:03 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp

2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip

2008-03-21 08:22 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes

2008-03-21 08:01 --------- d-----w C:\Program Files\iPod

2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime

2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour

2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update

2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate

2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk

backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

--a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

--a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

-ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler]

C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"SDhelper"=3 (0x3)

"iPodService"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []

S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys []

S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]

S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys []

S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}]

\Shell\AutoRun\command - J:\AutoTransfer.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 19:08:30

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

Voltooingstijd: 2008-05-18 19:19:00

ComboFix-quarantined-files.txt 2008-05-18 17:18:19

ComboFix2.txt 2008-05-15 14:05:26

Pre-Run: 4,357,693,440 bytes beschikbaar

Post-Run: 4,404,039,680 bytes beschikbaar

221 --- E O F --- 2007-09-01 08:14:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20:26, on 18/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O14 - IERESET.INF: START_PAGE_URL=www.google.be

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 6257 bytes

pc gaat nog altijd heel traag.. meestal als er meerdere programmas draaien.

Link naar reactie
Delen op andere sites

Laatste poging (want dan is mijn ideeënbus leeg) :

Download resetdma naar je bureaublad

- Dubbelklik op resetdma.vbs.

- Als er een ATA drive gevonden wordt om te resetten, herstart je je PC en test je alle drives.

- Zo niet, sluit dan het script af en doe verder niks.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.