stoffe
-
Items
19 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door stoffe
-
-
Beste
IE 10 is nu blijkbaar ook beschikbaar voor Windows 7.
Valt het aan te raden mijn IE9 versie te upgraden naar IE10 ?
Wat is jullie visie ?
-
IE9
Maar ik denk dat ik het gevonden heb: Active Xfiltering stond aangevinkt. Ik heb het afgevinkt en nu lijkt alles te werken.
-
Hallo
Wanneer ik filmpjes wil bekijken op youtube krijg ik steevast een zwart afspeelscherm met de volgende mededeling:
De Adobe Flash Player is vereist voor het afspelen van video's.
Download de nieuwste Flash Player
Wanneer ik dan de nieuwe FP installeer, blijkt het nog steeds niet te werken.
Kunnen jullie me helpen, aub ?
-
Beste
Om mijn mail van het werk thuis te kunnen lezen dien ik in te loggen op een beveiligde website (https ...).
Daarna dien ik mijn login en paswoord in te voeren om zodoende in mijn mailbox te geraken.
Ik beschik over een laptop met OS windows vista en office 2007. Hiermee kan ik probleemloos alle mogelijke bewerkingen in mijn mailbox doen.
Op mijn nieuwe pc, die draait op windows 7 met office 2010, geraak ik in mijn mailbox, maar ik kan enkel maar mails lezen door erop te dubbelklikken.
Ik krijg geen preview in het daartoe voorziene scherm en ik kan tevens geen mails beantwoorden, doorsturen, verwijderen ...
Ligt het aan de internetinstellingen (gezien dit toch webmail is) of ligt het aan instellingen van windows ?
Kristof
-
Enig idee of ik met een of andere instelling mijn pc weer kan versnellen ?
-
Beste Kane,
Zou het kunnen dat de traagheid van mijn pc veroorzaakt wordt door de verandering van internetverbinding ? (zie mijn vorige post).
-
Ik heb enkele zaken gechronometreerd:
- opstarten (tot het oplanden van het bureaublad waar ik dan 4 gebruikersaccounts zie): 76 seconden
- inloggen op mijn gebruikersaccount: 33 seconden vooraleer mijn bureaublad volledig is geladen (XP vermeldt dan 'uw persoonlijke instellingen worden geladen')
-Exel-bestand openen vanuit een snelkoppeling op het bureaublad: 15 seconden
- IE 8 openen vanop bureaublad (homepage www.tijd.be): 40 seconden
Ik vind dit allemaal nog steeds behoorlijk lang.
Vroeger ging dit alles toch sneller. Ik kan me niet van de indruk ontdoen dat de problemen ontstaan zijn toen ik van internetaansluiting ben veranderd. Voorheen had ik Telenet Expressnet (los, geen deel uitmakend van een shake), nu heb ik een Telenet Fibershake met dus Fibernet en digitale TV.
Kan het daar iets mee te zien hebben ?
-
Ik heb de Emsisoft Emergency Kit - scan toch eens een dagje laten lopen, met volgend resultaat:
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 6/03/2012 13:17:38
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 12/03/2012 9:20:47
C:\Program Files\ConvertXToDVD_v2.2.3.258f - programma\ConvertXToDVD_v2.2.3.258f.rar/KeyGen.exe Ontdekt: Riskware.keygen.BlindWrite!IK
C:\Program Files\ConvertXToDVD_v2.2.3.258f - programma\KeyGen.exe Ontdekt: Riskware.keygen.BlindWrite!IK
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\iexplore.exe.tmp.vir Ontdekt: Trojan-Banker.Win32.Banker!IK
C:\System Volume Information\_restore{13E99F3D-0BF5-4F29-9C10-8CE2AC4A921A}\RP30\A0007598.exe Ontdekt: SoftwareBundler!IK
C:\System Volume Information\_restore{13E99F3D-0BF5-4F29-9C10-8CE2AC4A921A}\RP5\A0003278.exe Ontdekt: SoftwareBundler!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-anti.prm Ontdekt: Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-backa.prm Ontdekt: Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-ghost.prm Ontdekt: Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-horiz.prm Ontdekt: Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-vhold.prm Ontdekt: Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-vnois.prm Ontdekt: Trojan.Win32.Buzus!IK
Gescand
Bestanden: 517460
Sporen: 564292
Cookies: 268
Processen: 27
Gevonden
Bestanden: 11
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 12/03/2012 17:11:16
Scantijd: 7:50:29
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-anti.prm In Quarantaine Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-backa.prm In Quarantaine Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-ghost.prm In Quarantaine Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-horiz.prm In Quarantaine Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-vhold.prm In Quarantaine Trojan.Win32.Buzus!IK
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-vnois.prm In Quarantaine Trojan.Win32.Buzus!IK
C:\System Volume Information\_restore{13E99F3D-0BF5-4F29-9C10-8CE2AC4A921A}\RP30\A0007598.exe In Quarantaine SoftwareBundler!IK
C:\System Volume Information\_restore{13E99F3D-0BF5-4F29-9C10-8CE2AC4A921A}\RP5\A0003278.exe In Quarantaine SoftwareBundler!IK
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\iexplore.exe.tmp.vir In Quarantaine Trojan-Banker.Win32.Banker!IK
C:\Program Files\ConvertXToDVD_v2.2.3.258f - programma\ConvertXToDVD_v2.2.3.258f.rar/KeyGen.exe In Quarantaine Riskware.keygen.BlindWrite!IK
C:\Program Files\ConvertXToDVD_v2.2.3.258f - programma\KeyGen.exe In Quarantaine Riskware.keygen.BlindWrite!IK
In Quarantaine
Bestanden: 11
Sporen: 0
Cookies: 0
De besmette bestanden heb ik eerst in quarantaine geplaatst en nadien verwijderd.
-
Ik merk niet echt veel beterschap.
De problemen zijn eigenlijk begonnen toen ik bij Telenet overschakelde van Expressnet naar Fibernet. Kan het daar iets mee te maken hebben ?
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a22867deeffc464f85cd2a06a41807c8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-08 11:18:47
# local_time=2012-03-08 12:18:47 (+0100, West-Europa (standaardtijd))
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 12971234 12971234 0 0
# compatibility_mode=5891 16776869 42 87 43509 28064125 0 0
# compatibility_mode=8192 67108863 100 0 3937 3937 0 0
# scanned=190175
# found=2
# cleaned=2
# scan_time=12291
C:\System Volume Information\_restore{D92015FC-53F3-4CF9-A3F7-03C067D5FD00}\RP1081\A0284795.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-boost.prm probably a variant of Win32/Inject.FSYLWEE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
Ik heb de scan gestart (zoals hierboven omschreven) om 15 uur en om 18.10 uur zat hij aan 6%.
Sorry, maar dat is me iets te lang, temeer daar ik mijn pc niet mag/kan gebruiken tijdens de scan.
Hebt u andere voorstellen ?
-
ComboFix 12-03-04.02 - Kristof 05/03/2012 19:26:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1022.374 [GMT 1:00]
Gestart vanuit: c:\users\Kristof\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 18:18 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-03-05 18:18 . 2012-03-05 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D64E1B0-0B1F-4D55-8646-60CF37A20BCE}\gapaengine.dll
2012-03-05 18:18 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ADA2E4-D3D0-4DCA-9C7A-3A48B6091E99}\gapaengine.dll
2012-03-05 18:16 . 2012-03-01 12:34 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC1AF95-3C75-4814-8C0C-714DBFB7AE73}\mpengine.dll
2012-03-05 18:06 . 2012-03-05 18:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-05 18:05 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-05 15:46 . 2012-03-05 15:46 388096 ----a-r- c:\users\Kristof\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-05 15:46 . 2012-03-05 15:46 -------- d-----w- c:\program files\Trend Micro
2012-03-05 14:54 . 2012-03-05 14:54 -------- d-----w- c:\users\Kristof\AppData\Roaming\Malwarebytes
2012-03-05 14:53 . 2012-03-05 14:53 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 14:53 . 2012-03-05 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 14:53 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-03 11:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A530808-C20A-4F45-9DAB-833E2E425275}\mpengine.dll
2012-02-17 15:02 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:02 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:02 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-11-02 07:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 08:19 . 2011-12-10 08:19 0 ---ha-w- c:\users\Kristof\AppData\Local\BITC630.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 4710400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Password.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
backup=c:\windows\pss\Password.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Kristof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
path=c:\users\Kristof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-06 10:07 136176 ----atw- c:\users\Kristof\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-17 18:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 18:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 18:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206567934-2115700775-3520260804-1003Core.job
- c:\users\Kristof\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 10:07]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206567934-2115700775-3520260804-1003UA.job
- c:\users\Kristof\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 10:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 19:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GenePccMon.exe = c:\program files\Genesys PC Camera Device\GenePccMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-03-05 19:40:47
ComboFix-quarantined-files.txt 2012-03-05 18:40
.
Pre-Run: 42.023.632.896 bytes beschikbaar
Post-Run: 41.858.785.280 bytes beschikbaar
.
- - End Of File - - C6F1A2FC5FB7D75F4EA9B24A8FD6232E
-
Beste
Mijn laptop reageert traag.
Ik heb al een hijackthis-logje opgemaakt:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:58, on 5/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5228 bytes
Ik heb ook al Malwarebytes losgelaten op mijn laptop:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
Databaseversie: v2012.03.05.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kristof :: PC_VAN_KRISTOF [administrator]
Realtime bescherming: Ingeschakeld
5/03/2012 16:04:11
mbam-log-2012-03-05 (16-04-11).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 168613
Verstreken tijd: 14 minuut/minuten, 31 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Graa
-
Ik heb de indruk dat mijn pc toch weer wat sneller geworden is. 't Is nog niet zoals vroeger, maar 't is al iets beter.
Heb je nog andere suggesties ?
-
Beste
Ik heb ComboFix laten lopen. Dit is de logfile:
ComboFix 12-02-27.02 - Kristof 28/02/2012 18:41:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2047.1222 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Kristof\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Kids\Application Data\PriceGong
c:\documents and settings\Kids\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kids\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kids\WINDOWS
c:\documents and settings\Kristof\Application Data\PriceGong
c:\documents and settings\Kristof\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kristof\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kristof\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Kristof\setup_SSDGPI_Fotoservice.exe
c:\documents and settings\Kristof\WINDOWS
c:\documents and settings\Sybille\Application Data\PriceGong
c:\documents and settings\Sybille\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Sybille\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Sybille\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
c:\program files\Internet Explorer\iexplore.exe.tmp
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\windows\IsUn0413.exe
c:\windows\unin0413.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-28 to 2012-02-28 ))))))))))))))))))))))))))))))
.
.
2012-02-28 11:50 . 2012-02-28 17:32 -------- d--h--r- c:\documents and settings\Kristof\Onlangs geopend
2012-02-27 20:06 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\mpengine.dll
2012-02-26 13:58 . 2012-02-26 13:58 -------- d-----w- c:\documents and settings\Sybille\Application Data\OpenOffice.org
2012-02-24 14:07 . 2012-02-24 14:07 -------- d-----w- c:\documents and settings\Kids\Application Data\Systweak
2012-02-24 14:07 . 2012-02-10 10:37 17280 ----a-w- c:\windows\system32\roboot.exe
2012-02-24 14:06 . 2012-02-24 14:07 -------- d-----w- c:\program files\RegClean Pro
2012-02-23 19:26 . 2012-02-26 17:13 -------- d--h--r- c:\documents and settings\Sybille\Onlangs geopend
2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\documents and settings\Kristof\Application Data\Malwarebytes
2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-02-22 19:20 . 2012-02-22 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-22 19:20 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 07:28 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-15 17:58 . 2012-02-15 17:58 -------- d--h--r- c:\documents and settings\Sybille en Kristof\Onlangs geopend
2012-01-31 18:03 . 2012-02-18 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2012-01-31 17:38 . 2012-01-31 17:38 -------- d-----w- c:\documents and settings\Kristof\Local Settings\Application Data\Ilivid Player
2012-01-31 17:36 . 2012-01-31 17:36 -------- d-----w- c:\program files\Windows iLivid Toolbar
2012-01-31 17:36 . 2012-01-31 17:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2012-01-29 18:09 . 2012-01-31 18:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:55 . 2010-04-22 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 04:39 . 2011-05-16 16:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2006-03-02 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start Uninstallation survey | AVG Nederland" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Password.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Password.lnk
backup=c:\windows\pss\Password.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-27 04:37 136176 ----atw- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-06-01 09:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-03 07:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"nwiz"=nwiz.exe /install
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\KetnetKick2\\Main.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TuneUp Utilities 2012\\Integrator.exe"=
"c:\\Program Files\\TuneUp Utilities 2012\\UpdateWizard.exe"=
"c:\\Program Files\\TuneUp Utilities 2012\\OneClick.exe"=
"c:\\Program Files\\TuneUp Utilities 2012\\EnergyOptimizer.exe"=
"c:\\Program Files\\TuneUp Utilities 2012\\StartupOptimizer.exe"=
"c:\\Garmin\\Training Center.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8514:TCP"= 8514:TCP:BitComet 8514 TCP
"8514:UDP"= 8514:UDP:BitComet 8514 UDP
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2012 20:20 652360]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [23/11/2011 14:15 1510720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2012 20:20 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29/01/2008 9:29 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 15:00 10064]
S1 MpKsld88a96a2;MpKsld88a96a2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\MpKsld88a96a2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D056C57-FE43-492F-94B5-5B31F39377C1}\MpKsld88a96a2.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:37 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:37 135664]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [25/12/2008 14:25 38656]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:36]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:36]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1006Core.job
- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-02 04:37]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1006UA.job
- c:\documents and settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-02 04:37]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1007Core.job
- c:\documents and settings\Kids\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 11:39]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-839522115-1007UA.job
- c:\documents and settings\Kids\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 11:39]
.
2012-02-26 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-02-24 10:37]
.
2012-02-24 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-02-24 10:37]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.tijd.be/
mStart Page = hxxp://www.google.com
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-28 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1659004503-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F77AC7CC-E924-F712-109E-38E37A9AEF80}*]
"jacfaeomacdikflapaee"=hex:62,61,6d,6f,00,00
"iackdlkjlmecjhbchm"=hex:6b,61,6e,6f,63,66,62,6a,6c,63,63,67,70,70,62,70,6d,6a,
67,67,64,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(1408)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-02-28 18:59:56 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-28 17:59
.
Pre-Run: 22.649.798.656 bytes beschikbaar
Post-Run: 23.188.336.640 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect /usepmtimer
.
- - End Of File - - BDED840C7F50DC01F122BC1464476CCC
-
De snelheid van mijn pc is er niet echt op verbeterd.
Het duurt nog steeds een tweetal minuten alvorens mijn desktop verschijnt na het opstarten.
En programma's reageren ook heel traag. Bv. oulook express opstarten duurde zonet bijna één minuut alvorens het programma geopend was en alle mail (16 stuks) was binnengetrokken, een Excel-bestandje openen duurt ongeveer 30 seconden, klikken op een internetlink in een mail duurt ongeveer 30 seconden alvorens internet opent.
-
Bedankt voor jullie snelle antwoord.
Ik heb gedaan zoals hierboven aangegeven. Het enige wat ik niet hoefde te doen na de MBAM-scan, was heropstarten.
Hierbij de gevraagde logfiles:
Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:31, on 22/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Uninstallation survey | AVG Nederland
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kristof\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 6777 bytes
MBAM
Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
Databaseversie: v2012.02.22.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kristof :: DESKTOP [administrator]
Realtime bescherming: Ingeschakeld
22/02/2012 20:22:26
mbam-log-2012-02-22 (20-22-26).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 402413
Verstreken tijd: 36 minuut/minuten, 58 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 19
HKCR\AppID\{E81CF86B-F683-422A-B742-3F2427EA9D6A} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{86C510E9-97EF-4749-914F-0280247BE3A6} (Adware.WebDir) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe (Security.Hijack) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Slecht: (SearchCompletion Search) Goed: (Google) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 1
C:\Documents and Settings\Kids\M-1-52-5782-8754-5245 (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 3
C:\Documents and Settings\Administrator.INDEPEND-M26V8H\Desktop\spywarescanner.lnk (Rogue.AntiSpyware) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\WINDOWS\system32\QFPRED6R.exe.a_a (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\WINDOWS\system32\s86ha43k.exe.a_a (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Graag uw deskundig advies ...
Groeten,
Kristof
-
Beste,
Tot voor twee weken had ik geen enkel probleem met mijn PC. Nu stel ik vast dat die steeds trager wordt.
Enerzijds duurt het lang vooraleer een internetlink opent, anderzijds gaat ook het typen heel traag (wanneer ik een aanslag doe, duurt het quasi een seconde alvorens de letter/cijfer op het scherm verschijnt.)
Ik ken er niet veel van, maar blijkbaar vragen jullie meestal een Hijackthis-file:
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:27, on 18/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\progra~1\avg\avg10\avgchsvx.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\avg\avg10\avgfws.exe
c:\program files\avg\avg10\avgwdsvc.exe
c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe
c:\program files\avg\avg10\avgam.exe
c:\program files\avg\avg10\avgnsx.exe
c:\program files\avg\avg10\avgemcx.exe
c:\windows\explorer.exe
c:\windows\rthdcpl.exe
c:\program files\avg\avg10\avgtray.exe
c:\windows\system32\ctfmon.exe
c:\program files\avg\avg10\identity protection\agent\bin\avgidsmonitor.exe
c:\program files\outlook express\msimn.exe
c:\program files\avg\avg10\avgcsrvx.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\svchost.exe
c:\progra~1\avg\avg10\avgrsx.exe
c:\program files\avg\avg10\avgcsrvx.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\system32\msiexec.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\microsoft office\office11\winword.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.tijd.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://startsear.ch/?aff=2&cf=0264c94c-299a-11e1-b2b5-00508d9191d1[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r1 - hkcu\software\microsoft\internet connection wizard,shellnext = [noparse]http://go.microsoft.com/fwlink/?linkid=74005[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,window title = internet explorer
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
o2 - bho: java plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [avg_tray] c:\program files\avg\avg10\avgtray.exe
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [google update] c:\documents and settings\kristof\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: c:\windows\system32\nwprovau.dll
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg10\avgpp.dll
o20 - appinit_dlls:
o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorieën - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: avg firewall (avgfws) - avg technologies cz, s.r.o. - c:\program files\avg\avg10\avgfws.exe
o23 - service: avgidsagent - avg technologies cz, s.r.o. - c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe
o23 - service: avg watchdog (avgwd) - avg technologies cz, s.r.o. - c:\program files\avg\avg10\avgwdsvc.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: tuneup utilities service (tuneup.utilitiessvc) - tuneup software - c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe
--
end of file - 6707 bytes
[/hjt]
Internet Explorer 10
in Archief Internet & Netwerk
Geplaatst:
Ik ga het toch eens uitproberen😉