GerDep
-
Items
3 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door GerDep
-
-
Na een klein half uurtje kwam dit uit de bus :
ComboFix 12-09-18.05 - pcgerdep2 18/09/2012 17:42:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.156 [GMT 2:00]
Running from: c:\documents and settings\pcgerdep2\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-17 09:44 . 2012-09-17 09:58 -------- d-----w- C:\automation20120917
2012-09-14 08:12 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-09-14 08:07 . 2012-07-02 17:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-09-14 08:07 . 2012-07-02 17:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-09-14 08:07 . 2012-07-02 17:49 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-14 08:07 . 2012-07-02 17:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-09-14 07:33 . 2012-09-14 07:33 -------- d-sh--w- c:\documents and settings\pcgerdep2\PrivacIE
2012-09-13 13:30 . 2012-09-13 13:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-09-13 13:17 . 2012-09-17 13:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2012-09-13 13:16 . 2012-09-13 13:16 -------- d-sh--w- c:\documents and settings\pcgerdep2\IETldCache
2012-09-13 12:33 . 2012-09-13 12:36 -------- dc-h--w- c:\windows\ie8
2012-09-13 11:55 . 2012-09-13 11:55 -------- d-----w- c:\windows\system32\winrm
2012-09-13 11:55 . 2012-09-13 11:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-09-13 11:26 . 2012-09-13 11:26 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\Identities
2012-09-13 11:25 . 2012-09-14 07:38 -------- d-----w- c:\program files\Windows Desktop Search
2012-09-13 11:23 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-09-13 11:23 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-09-13 11:23 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-09-13 11:22 . 2012-09-13 11:22 -------- d-----w- c:\program files\Windows Media Connect 2
2012-09-13 11:18 . 2012-09-13 11:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-09-13 09:46 . 2012-09-13 09:46 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Schneider Electric
2012-09-13 09:34 . 2012-09-13 09:34 15096 ----a-w- c:\windows\system32\drivers\VdWinIo.sys
2012-09-13 08:13 . 2012-09-13 12:52 -------- d-----w- c:\windows\system32\XPSViewer
2012-09-13 08:13 . 2012-09-13 08:13 -------- d-----w- c:\program files\Reference Assemblies
2012-08-26 20:01 . 2012-09-13 11:18 -------- d-----w- c:\windows\system32\LogFiles
2012-08-26 15:29 . 2012-08-26 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-08-26 15:29 . 2012-08-26 15:30 -------- d-----w- c:\program files\COMODO
2012-08-26 12:28 . 2012-08-26 12:28 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\PCHealth
2012-08-25 17:13 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-08-25 17:13 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-25 17:11 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-08-25 17:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-25 17:05 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-25 17:04 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-08-25 17:02 . 2012-05-28 18:16 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-08-25 16:57 . 2011-04-30 03:01 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2012-08-25 16:53 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-08-25 16:52 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Malwarebytes
2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-25 16:30 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-25 14:51 . 2011-10-28 16:07 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2012-08-25 14:06 . 2012-08-25 14:06 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Avira
2012-08-25 14:00 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-25 14:00 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-25 14:00 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\program files\Avira
2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-08-25 13:47 . 2012-08-25 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\scripting
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\l2schemas
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\en
2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\bits
2012-08-25 12:49 . 2012-08-25 12:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ApplicationHistory
2012-08-25 12:49 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 08:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
1998-04-27 18:15 . 2011-12-08 08:55 570128 ------w- c:\program files\Common Files\dao350.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"prg242u"="c:\program files\COMMON FILES\PLATFORM3000U\PRG242U.EXE" [2010-11-18 299008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2006-04-21 16:30 40960 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-08-31 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-03-23 18:38 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-09-15 00:27 1015808 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"c:\\WINDOWS\\system32\\s7otbxsx.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\MiniWeb.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/08/2011 15:58 98928]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25/08/2012 16:00 36000]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/03/2012 21:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/03/2012 21:13 31704]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 18:56 36768]
R1 VDWINIO;VDWINIO;c:\windows\system32\drivers\VdWinIo.sys [13/09/2012 11:34 15096]
R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [29/03/2010 10:13 1594368]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/08/2012 16:00 86224]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/08/2004 10:00 14336]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [10/03/2009 21:57 28363]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/08/2012 18:30 655944]
R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
R2 NewServiceInstall1;IDS;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe [29/01/2010 17:10 16384]
R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [10/03/2009 0:46 69685]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 18:39 73088]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2/03/2010 9:47 240776]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29/08/2011 23:11 665200]
R2 XBTZG935 USB Link Cable;XBTZG935 USB Link Cable;c:\program files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe [22/10/2010 2:42 90112]
R3 fwkbd;fwkbd;c:\windows\system32\drivers\FwKbd.sys [8/12/2011 12:31 2976]
R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [8/04/2010 12:15 12112]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 13:19 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/08/2012 18:30 22344]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [11/01/2012 13:43 91376]
S2 Productys.PWEService;Explorer Web Server;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe [22/06/2011 8:37 37376]
S2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2/03/2010 9:47 1576072]
S2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [1/03/2010 17:51 31232]
S3 BacnetDataServer;BacnetDataServer;c:\program files\Newron System\BACnetDataServer\BdsServer.exe [7/09/2011 10:39 36864]
S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [4/07/2005 17:04 68280]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 2:34 30512]
S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2/03/2010 9:39 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: gernal.be\vpn
TCP: DhcpNameServer = 192.168.1.101 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-18 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
.
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1088)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-09-18 18:01:12
ComboFix-quarantined-files.txt 2012-09-18 16:01
ComboFix2.txt 2012-09-18 14:24
ComboFix3.txt 2012-08-25 19:42
.
Pre-Run: 27.519.590.400 bytes free
Post-Run: 27.547.992.064 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 6CE2D59A6DC652E8D381C0B963406237
-
Hallo,
Het CPU gebruik van m'n HP portable ligt meestal behoorlijk hoog. Wanneer je dan bvb een map opent, een programma start,.. hangt ie direct een tijdje tegen de 100%.
Waarschijnlijk daarmee gepaard werkt alles aan de trage kant. Hopelijk vinden jullie iets in het onderstaande hijack logje ! Alvast heel erg bedankt voor de tijd en moeite
Groetjes
HiJackThis logje :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:05, on 14/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\mstsc.exe
C:\Documents and Settings\pcgerdep2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [prg242u] C:\PROGRAM FILES\COMMON FILES\PLATFORM3000U\PRG242U.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.gernal.be/XTSAC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347529923234
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://vpn.gernal.be/msrdp.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BacnetDataServer - Newron System - C:\Program Files\Newron System\BACnetDataServer\BdsServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: IDS (NewServiceInstall1) - Unknown owner - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\Opcenum.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Explorer Web Server (Productys.PWEService) - XPSP2 - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XBTZG935 USB Link Cable - Schneider Electric Inc. - C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe
--
End of file - 10338 bytes
CPU gebruik te hoog bij de minste actie
in Archief Bestrijding malware & virussen
Geplaatst:
Alvast bedankt voor de reactie !
Nog een ander fenomeen dat ik ondervonden heb : het draadloos internet valt erg vaak uit (maar waarschijnlijk ligt het probleem aan de verbinding zelf want op een ander draadloos netwerk heb ik hier veel minder problemen mee..)
Hier de link van Speccy : http://speccy.piriform.com/results/vrJqmyLGTENYFWJWUm6231C