Erg trage pc

Ralph

13-01-2009 15:52

Hey,
Ik heb mijn computer zoveel mogelijk geleegd qua muziek, films etc. Toch bleef mijn pc traag en duurt het heel lang voor iets is geopend als ik dat aanklik. Kan dit iets te maken hebben met de processen die aan het lopen zijn? Zou iemand mij logfile willen checken?
Ik heb alle stappen uitgevoerd en bij MBAM had ik 1 geinfecteerd bestand en dit was een HKEY, maar nu is het probleem dat ik per ongeluk het programma heb verwijdert met daarbij het logbestand, dus kan de tekst van deze niet plakken. Bij S&D waren er 17 meldingen en bij ad-aware 77, maar dit waren tracking cookies.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:39, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\nhksrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 127.255.255.255 newsleecher.com
O1 - Hosts: 127.255.255.255 www.newsleecher.com
O1 - Hosts: 72.55.172.157 secure.newsleecher.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: cwreustrci.exe
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: cmh.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\RunServices: cmh.exe
O4 - HKLM\..\RunServices: cwreustrci.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170001580781
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170018041640
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.imtech.nl/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{317DF617-BC60-4310-8F12-909FAFC350E0}: NameServer = 194.134.5.5 194.134.0.97
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 10318 bytes
Argus

13-01-2009 16:14

Sluit alle vensters en start Hijack This
Klik: Do a Systemscan only
Zet een hekje in het hokje voor:
O1 - Hosts: 127.255.255.255 newsleecher.com
O1 - Hosts: 127.255.255.255 www.newsleecher.com
O1 - Hosts: 72.55.172.157 secure.newsleecher.com
O4 - HKLM\..\Run: cwreustrci.exe
O4 - HKLM\..\Run: cmh.exe
O4 - HKLM\..\RunServices: cmh.exe
O4 - HKLM\..\RunServices: cwreustrci.exe
Download SDFix naar je Bureaublad
Dubbelklikken op SDFix.exe om het uit te pakken.
Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Start op in Veilige modus
Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat
om het script te starten.
Typ Y
om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
De computer zal herstarten. Dit duurt langer dan gewoonlijk.
SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
Het Bureaublad zal verschijnen en er zal een logje openen.
Post de inhoud van dat logje
huib

13-01-2009 16:17

Hoi Ralph,
Wat heb jij van Comodo:? Ook anti virus:?
Verwijder deze dan want 2 virusscanners kunnen elkaar tegen werken;)
Je logje:
Start HijackThis kies voor “do a system scan only”, vink de volgende regel aan:
O4 - HKLM\..\RunServices: cwreustrci.exe
Sluit alle vensters behalve HijackThis en klik op fix checked
Start je computer opnieuw op en plaats een nieuw HijackThis logjes.
>>>Verder voeg je of de traagheid iets te maken kan hebben met de processen die aan het lopen zijn?<<<
Dat is goed mogelijk.
Gebruik het vogende programma om te zien welke niet opgestart hoeven te worden:
http://www.malwarebytes.org/StartUpLite.exe
Voer verder het schoonmaakplan eens uit:
http://www.virushelp.nl/onderhoud.htm
Aangevuld met Ccleaner en Clean up
http://www.filehippo.com/download_ccleaner/
Let wel op bij het installeren van Ccleaner dat je het vinkje weg haalt voor het installeren van de Yahoo toolbar.
http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=72
Ccleaner en Clean up kun je dagelijk voordat je gaat afsluiten laten draaien.
De 1e x dat je deze draait zal het een ietsie pietsie langer duren, maar verder neemt het niet meer tijd in beslag dan zon 2 minuutjes.
Succes,
Huib:)
huib

13-01-2009 16:18

Huib.
Ralph

13-01-2009 16:57

Hardstikke bedankt voor de snelle hulp argus. Ik heb SDfix uitgevoerd en het volgende logje kwam eruit:
SDFix: Version 1.240
Run by Ralph on di 13-01-2009 at 16:41
Microsoft Windows XP
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 16:50:36
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes …
scanning hidden services & system hive …
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120\”
“h0”=dword:00000000
“ujdew”=hex:1f,75,a7,f7,8e,0a,74,a2,f7,ce,a0,fe,07,7f,e5,c7,31,f3,12,f1,1a,..
“s1”=dword:df0d1f56
“s2”=dword:916d6449
“h0”=dword:00000002
“h0”=dword:00000000
“ujdew”=hex:b0,2a,6c,66,6d,01,cc,73,4d,27,ff,a2,e4,e2,8b,67,f1,22,43,82,42,..
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120\”
“h0”=dword:00000001
“khjeh”=hex:fb,e2,60,01,5d,84,de,96,f2,e8,68,f0,a6,0b,f6,b8,71,90,2d,34,45,..
“h0”=dword:00000000
“ujdew”=hex:6a,69,ac,5d,78,62,cb,13,11,7c,9d,f3,63,87,3f,9d,ed,dd,78,7b,db,..
“h0”=dword:00000001
“khjeh”=hex:fb,e2,60,01,5d,84,de,96,f2,e8,68,f0,a6,0b,f6,b8,71,90,2d,34,45,..
“h0”=dword:00000000
“ujdew”=hex:b0,2a,6c,66,6d,01,cc,73,4d,27,ff,a2,e4,e2,8b,67,f1,22,43,82,42,..
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120\”
“h0”=dword:00000001
“khjeh”=hex:fb,e2,60,01,5d,84,de,96,f2,e8,68,f0,a6,0b,f6,b8,71,90,2d,34,45,..
scanning hidden registry entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
“%windir%\\system32\\sessmgr.exe”=“%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“C:\\Program Files\\Messenger\\msmsgs.exe”=“C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger”
“C:\\WINDOWS\\system32\\cmh.exe”=“C:\\WINDOWS\\system32\\cmh.exe:*:Enabled:cmh”
“C:\\Program Files\\Call of Duty\\CoDMP.exe”=“C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP”
“C:\\Program Files\\Xfire\\xfire.exe”=“C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire”
“C:\\Program Files\\Internet Explorer\\iexplore.exe”=“C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer”
“C:\\Program Files\\Call of Duty\\CoDUOMP.exe”=“C:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Enabled:CoDUOMP”
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=“%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger”
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)”
“%windir%\\system32\\sessmgr.exe”=“%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=“%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger”
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)”
Remaining Files :
Files with Hidden Attributes :
Wed 11 Sep 2002 94,784 ..SH. — “C:\WINDOWS\twain.dll”
Mon 14 Apr 2008 50,688 ..SH. — “C:\WINDOWS\twain_32.dll”
Wed 22 Oct 2008 949,072 A.SHR — “C:\Program Files\Spybot - Search & Destroy\advcheck.dll”
Mon 15 Sep 2008 1,562,960 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll”
Mon 7 Jul 2008 1,429,840 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe”
Mon 7 Jul 2008 4,891,472 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”
Tue 16 Sep 2008 1,833,296 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe”
Wed 22 Oct 2008 962,896 A.SHR — “C:\Program Files\Spybot - Search & Destroy\Tools.dll”
Mon 14 Apr 2008 1,028,096 ..SH. — “C:\WINDOWS\system32\mfc42.dll”
Mon 14 Apr 2008 57,344 ..SH. — “C:\WINDOWS\system32\msvcirt.dll”
Mon 14 Apr 2008 413,696 A.SH. — “C:\WINDOWS\system32\msvcp60.dll”
Mon 14 Apr 2008 343,040 A.SH. — “C:\WINDOWS\system32\msvcrt.dll”
Mon 14 Apr 2008 551,936 ..SH. — “C:\WINDOWS\system32\oleaut32.dll”
Mon 14 Apr 2008 84,992 ..SH. — “C:\WINDOWS\system32\olepro32.dll”
Mon 14 Apr 2008 12,288 ..SH. — “C:\WINDOWS\system32\regsvr32.exe”
Sun 3 Jun 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”
Thu 1 Feb 2007 31,232 …H. — “C:\Documents and Settings\Ralph Peters\Mijn documenten\~WRL0003.tmp”
Fri 2 Feb 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Thu 14 Dec 2006 28,160 A..H. — “C:\Documents and Settings\Ralph Peters\Mijn documenten\School\usb jur\K2N\Engels\~WRL0002.tmp”
Wed 8 Jun 2005 57,856 A..H. — “C:\Documents and Settings\Ralph Peters\Mijn documenten\School\usb jur\K2N\tom\K4\~WRL2549.tmp”
Finished!
Ralph

13-01-2009 17:00

Hoi Huib,
Ik heb de firewall van comodo en de antivirus van nod32. Dus geen dubbele virusscanner op mijn systeem. Maar ik moet uw vorige bericht dus als niet verzonden beschouwen? Ik heb uitgevoerd wat Argus aangaf. Hopelijk is dit voldoende.
Argus

13-01-2009 17:59

Installeer MalwareBytes' Anti-Malware weer dit programma kun je tegenwoordig niet meer missen
Word meerdere malen per dag geupdated
Combofix
Download Combofix naar je Bureaublad.
Dubbelklik Combofix.exe
Volg de instructies, accepteer de disclaimer door 1 (continue) te typen gevolgd door een ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien tijdens tijdens het gebruik van Combofix een melding komt van je Antivirus- of een andere realtime scanner, schakel deze scanner dan uit en download Combofix opnieuw. Sommige scanners zien onderdelen die Combofix gebruikt als verdacht en kunnen deze blokkeren of verwijderen! Hierdoor kan combofix niet naar behoren functioneren.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post
samen met een nieuw HijackThis log even hier.
Ralph

13-01-2009 18:35

Heb combofix uitgevoerd en een hijacklog gemaakt. Ik heb de recovery console niet geinstalleerd via combofix omdat hij de hele tijd tijdens uitvoeren aangaf dat ik geen internetverbinding had, terwijl dit toch wel het geval was.
Logfiles:
ComboFix 09-01-12.04 - Ralph Peters 2009-01-13 18:17:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.511.252
Gestart vanuit: c:\documents and settings\Ralph Peters\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
FW: COMODO Firewall *disabled*
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ralph Peters\Application Data\NTuser3.exe
c:\windows\system32\AutoRun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-13 to 2009-01-13 ))))))))))))))))))))))))))))))
.
2009-01-13 16:40 . 2009-01-13 16:40 580,096 –a–c— c:\windows\system32\dllcache\user32.dll
2009-01-13 16:37 . 2009-01-13 16:37 d——– c:\windows\ERUNT
2009-01-13 16:32 . 2009-01-13 16:53 d——– C:\SDFix
2009-01-13 15:43 . 2009-01-13 15:43 d——– c:\program files\Trend Micro
2009-01-13 15:01 . 2009-01-13 15:01 d——– c:\documents and settings\Ralph Peters\Application Data\Malwarebytes
2009-01-13 15:01 . 2009-01-13 15:01 d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 12:47 . 2007-01-28 17:08 d–h—– c:\documents and settings\Administrator\Sjablonen
2009-01-13 12:47 . 2007-01-28 18:02 d–h—– c:\documents and settings\Administrator\Onlangs geopend
2009-01-13 12:47 . 2007-01-28 18:02 d–h—– c:\documents and settings\Administrator\Netwerkprinteromgeving
2009-01-13 12:47 . 2007-01-28 18:02 d——– c:\documents and settings\Administrator\Mijn documenten
2009-01-13 12:47 . 2007-01-28 18:02 dr——- c:\documents and settings\Administrator\Menu Start
2009-01-13 12:47 . 2007-01-28 18:02 d——– c:\documents and settings\Administrator\Favorieten
2009-01-13 12:47 . 2007-01-28 18:02 d——– c:\documents and settings\Administrator\Bureaublad
2009-01-13 12:47 . 2009-01-13 12:47 d——– c:\documents and settings\Administrator
2009-01-07 23:12 . 2009-01-07 23:12 42,320 –a—— c:\windows\system32\xfcodec.dll
2009-01-06 14:16 . 2009-01-06 14:16 54,156 –ah—– c:\windows\QTFont.qfn
2009-01-06 14:16 . 2009-01-06 14:16 1,409 –a—— c:\windows\QTFont.for
2008-12-13 13:41 . 2008-12-15 13:57 d——– c:\documents and settings\All Users\Application Data\WinZip
2008-12-13 11:58 . 2008-12-13 11:58 d——– c:\windows\Sun
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 16:31 ——— d—–w c:\program files\Call of Duty
2009-01-13 16:23 138,376 —-a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-13 16:22 202,448 —-a-w c:\windows\system32\PnkBstrB.exe
2009-01-13 13:01 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-13 11:41 ——— d—–w c:\program files\Windows Media Connect 2
2009-01-13 10:52 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-12 08:00 ——— d-s—w c:\program files\Xfire
2009-01-10 13:50 ——— d—–w c:\documents and settings\Ralph Peters\Application Data\Xfire
2009-01-07 11:28 ——— d—–w c:\documents and settings\Ralph Peters\Application Data\LimeWire
2008-12-11 13:33 410,984 —-a-w c:\windows\system32\deploytk.dll
2008-12-11 13:33 ——— d—–w c:\program files\Java
2008-12-09 17:25 ——— d—–w c:\program files\PartyGaming.Net
2008-12-09 10:55 147,192 —-a-w c:\windows\system32\guard32.dll
2008-12-09 10:55 101,776 —-a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-21 16:05 ——— d—–w c:\program files\Lavasoft
2008-11-21 16:04 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 14:16 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-21 13:56 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 22:08 31,504 —-a-w c:\windows\system32\drivers\cmdhlp.sys
2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
2008-08-29 17:36 1,695,744 —-a-w c:\documents and settings\Ralph Peters\Application Data\NTuser.exe
2008-08-29 17:34 249 —-a-w c:\documents and settings\Ralph Peters\Application Data\shedl.bat
2007-09-12 14:46 737 —-a-w c:\program files\uninst00.log
2007-09-12 14:46 206 —-a-w c:\program files\MouInfo.ini
2007-09-12 14:46 14 —-a-w c:\program files\SETTING.INI
2007-09-12 14:45 98,816 —-a-w c:\program files\OFMDLL.DLL
2007-09-12 14:45 555 —-a-w c:\program files\uninst.un2
2007-09-12 14:45 28,672 —-a-w c:\program files\NHKSRV.EXE
2007-09-12 14:45 215,040 —-a-w c:\program files\OFFICEKB.EXE
2002-09-11 12:00 94,784 –sh–w c:\windows\twain.dll
2008-04-14 17:02 50,688 –sh–w c:\windows\twain_32.dll
2008-04-14 17:02 1,028,096 –sh–w c:\windows\system32\mfc42.dll
2008-04-14 17:02 57,344 –sh–w c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413,696 –sha-w c:\windows\system32\msvcp60.dll
2008-04-14 17:02 343,040 –sha-w c:\windows\system32\msvcrt.dll
2008-04-14 17:02 551,936 –sh–w c:\windows\system32\oleaut32.dll
2008-04-14 17:02 84,992 –sh–w c:\windows\system32\olepro32.dll
2008-04-14 17:03 12,288 –sh–w c:\windows\system32\regsvr32.exe
2008-09-03 12:04 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090320080904\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe”
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe”
“SpeedTouch USB Diagnostics”=“c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“HPHmon03”=“c:\windows\system32\hphmon03.exe”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“COMODO Firewall Pro”=“c:\program files\COMODO\Firewall\cfp.exe”
“COMODO Internet Security”=“c:\program files\COMODO\Firewall\cfp.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
“AppInit_DLLs”= c:\windows\system32\guard32.dll
“VIDC.XFR1”= xfcodec.dll
c:\program files\\
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
“EnableFirewall”= 0 (0x0)
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Call of Duty\\CoDMP.exe”=
“c:\\Program Files\\Xfire\\xfire.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\msikbd2k.sys
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
R4 nhksrv;Netropa NHK Server;c:\program files\NHKSRV.EXE
S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys –> c:\windows\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys –> c:\windows\system32\DRIVERS\btkrnbdg.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys –> c:\windows\system32\Drivers\csrbc01.sys
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys –> c:\windows\system32\drivers\vadmulti.sys
— Andere Services/Drivers In Geheugen —
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - StarWindServiceAE
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-cpanel - c:\windows\System32\winlogin32.exe
MSConfigStartUp-CTFMON - (no file)
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {317DF617-BC60-4310-8F12-909FAFC350E0} = 194.134.5.5 194.134.0.97
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.techzine.nl/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 18:22:50
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-13 18:29:29 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-13 17:29:25
Pre-Run: 61,612,318,720 bytes beschikbaar
Post-Run: 61,510,647,808 bytes beschikbaar
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
233 — E O F — 2008-12-18 13:22:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:22, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\nhksrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170001580781
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170018041640
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.imtech.nl/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{317DF617-BC60-4310-8F12-909FAFC350E0}: NameServer = 194.134.5.5 194.134.0.97
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 9115 bytes
Argus

13-01-2009 20:09

Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Dit zal combofix deïnstalleren.
Gebruik CCleaner http://www.wurksjops.nl/ccleaner/
Happy Surfing :-)
Ralph

13-01-2009 20:20

Super bedankt voor uw hulp . Kan ik weer mooi vooruit

Erg trage pc

Ralph

Argus

huib

huib

Ralph

Ralph

Argus

Ralph

Argus

Ralph