Ga naar inhoud

GerDep

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    3

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door GerDep

    CPU gebruik te hoog bij de minste actie

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Na een klein half uurtje kwam dit uit de bus : :)

    ComboFix 12-09-18.05 - pcgerdep2 18/09/2012 17:42:48.3.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.156 [GMT 2:00]

    Running from: c:\documents and settings\pcgerdep2\Desktop\ComboFix.exe

    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))

    .

    .

    2012-09-17 09:44 . 2012-09-17 09:58 -------- d-----w- C:\automation20120917

    2012-09-14 08:12 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

    2012-09-14 08:07 . 2012-07-02 17:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

    2012-09-14 08:07 . 2012-07-02 17:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

    2012-09-14 08:07 . 2012-07-02 17:49 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

    2012-09-14 08:07 . 2012-07-02 17:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

    2012-09-14 07:33 . 2012-09-14 07:33 -------- d-sh--w- c:\documents and settings\pcgerdep2\PrivacIE

    2012-09-13 13:30 . 2012-09-13 13:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

    2012-09-13 13:17 . 2012-09-17 13:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware

    2012-09-13 13:16 . 2012-09-13 13:16 -------- d-sh--w- c:\documents and settings\pcgerdep2\IETldCache

    2012-09-13 12:33 . 2012-09-13 12:36 -------- dc-h--w- c:\windows\ie8

    2012-09-13 11:55 . 2012-09-13 11:55 -------- d-----w- c:\windows\system32\winrm

    2012-09-13 11:55 . 2012-09-13 11:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

    2012-09-13 11:26 . 2012-09-13 11:26 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\Identities

    2012-09-13 11:25 . 2012-09-14 07:38 -------- d-----w- c:\program files\Windows Desktop Search

    2012-09-13 11:23 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

    2012-09-13 11:23 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

    2012-09-13 11:23 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

    2012-09-13 11:22 . 2012-09-13 11:22 -------- d-----w- c:\program files\Windows Media Connect 2

    2012-09-13 11:18 . 2012-09-13 11:20 -------- d-----w- c:\windows\system32\drivers\UMDF

    2012-09-13 09:46 . 2012-09-13 09:46 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Schneider Electric

    2012-09-13 09:34 . 2012-09-13 09:34 15096 ----a-w- c:\windows\system32\drivers\VdWinIo.sys

    2012-09-13 08:13 . 2012-09-13 12:52 -------- d-----w- c:\windows\system32\XPSViewer

    2012-09-13 08:13 . 2012-09-13 08:13 -------- d-----w- c:\program files\Reference Assemblies

    2012-08-26 20:01 . 2012-09-13 11:18 -------- d-----w- c:\windows\system32\LogFiles

    2012-08-26 15:29 . 2012-08-26 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

    2012-08-26 15:29 . 2012-08-26 15:30 -------- d-----w- c:\program files\COMODO

    2012-08-26 12:28 . 2012-08-26 12:28 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\PCHealth

    2012-08-25 17:13 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

    2012-08-25 17:13 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

    2012-08-25 17:11 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

    2012-08-25 17:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

    2012-08-25 17:05 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

    2012-08-25 17:04 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

    2012-08-25 17:02 . 2012-05-28 18:16 536576 ------w- c:\windows\system32\dllcache\msado15.dll

    2012-08-25 16:57 . 2011-04-30 03:01 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll

    2012-08-25 16:53 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

    2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

    2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

    2012-08-25 16:52 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

    2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Malwarebytes

    2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2012-08-25 16:30 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-08-25 14:51 . 2011-10-28 16:07 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll

    2012-08-25 14:06 . 2012-08-25 14:06 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Avira

    2012-08-25 14:00 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2012-08-25 14:00 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

    2012-08-25 14:00 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\program files\Avira

    2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

    2012-08-25 13:47 . 2012-08-25 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

    2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\scripting

    2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\l2schemas

    2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\en

    2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\bits

    2012-08-25 12:49 . 2012-08-25 12:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ApplicationHistory

    2012-08-25 12:49 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-06 13:58 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\browser.dll

    2012-07-04 14:05 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-07-03 13:40 . 2004-08-04 08:00 1866112 ----a-w- c:\windows\system32\win32k.sys

    2012-07-02 17:49 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2012-07-02 17:49 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2012-07-02 17:49 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-07-02 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

    1998-04-27 18:15 . 2011-12-08 08:55 570128 ------w- c:\program files\Common Files\dao350.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]

    "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

    "prg242u"="c:\program files\COMMON FILES\PLATFORM3000U\PRG242U.EXE" [2010-11-18 299008]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

    2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

    2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    .

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

    backup=c:\windows\pss\Bluetooth.lnkCommon Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

    2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

    2006-04-21 16:30 40960 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

    2005-08-31 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2005-02-17 06:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

    2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

    2006-03-23 18:38 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

    2007-09-15 00:27 1015808 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\system32\\mqsvc.exe"=

    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=

    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

    "c:\\WINDOWS\\system32\\mstsc.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"=

    "c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=

    "c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=

    "c:\\WINDOWS\\system32\\s7otbxsx.exe"=

    "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"=

    "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"=

    "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\MiniWeb.exe"=

    "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"=

    "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"=

    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

    "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    .

    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/08/2011 15:58 98928]

    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25/08/2012 16:00 36000]

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/03/2012 21:13 494968]

    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/03/2012 21:13 31704]

    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 18:56 36768]

    R1 VDWINIO;VDWINIO;c:\windows\system32\drivers\VdWinIo.sys [13/09/2012 11:34 15096]

    R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [29/03/2010 10:13 1594368]

    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/08/2012 16:00 86224]

    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/08/2004 10:00 14336]

    R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [10/03/2009 21:57 28363]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/08/2012 18:30 655944]

    R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]

    R2 NewServiceInstall1;IDS;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe [29/01/2010 17:10 16384]

    R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [10/03/2009 0:46 69685]

    R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 18:39 73088]

    R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2/03/2010 9:47 240776]

    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29/08/2011 23:11 665200]

    R2 XBTZG935 USB Link Cable;XBTZG935 USB Link Cable;c:\program files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe [22/10/2010 2:42 90112]

    R3 fwkbd;fwkbd;c:\windows\system32\drivers\FwKbd.sys [8/12/2011 12:31 2976]

    R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [8/04/2010 12:15 12112]

    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 13:19 36352]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/08/2012 18:30 22344]

    R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [11/01/2012 13:43 91376]

    S2 Productys.PWEService;Explorer Web Server;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe [22/06/2011 8:37 37376]

    S2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2/03/2010 9:47 1576072]

    S2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [1/03/2010 17:51 31232]

    S3 BacnetDataServer;BacnetDataServer;c:\program files\Newron System\BACnetDataServer\BdsServer.exe [7/09/2011 10:39 36864]

    S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [4/07/2005 17:04 68280]

    S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 2:34 30512]

    S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2/03/2010 9:39 124928]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Cognizance REG_MULTI_SZ ASChannel

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.be/

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

    LSP: %SystemRoot%\system32\vsocklib.dll

    Trusted Zone: gernal.be\vpn

    TCP: DhcpNameServer = 192.168.1.101 192.168.1.1

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2012-09-18 17:56

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    detected NTDLL code modification:

    ZwClose

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(1128)

    c:\windows\system32\Ati2evxx.dll

    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    c:\windows\system32\IfxWlxEN.dll

    .

    - - - - - - - > 'lsass.exe'(1184)

    c:\windows\system32\guard32.dll

    .

    - - - - - - - > 'csrss.exe'(1088)

    c:\windows\system32\cmdcsr.dll

    .

    Completion time: 2012-09-18 18:01:12

    ComboFix-quarantined-files.txt 2012-09-18 16:01

    ComboFix2.txt 2012-09-18 14:24

    ComboFix3.txt 2012-08-25 19:42

    .

    Pre-Run: 27.519.590.400 bytes free

    Post-Run: 27.547.992.064 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    .

    - - End Of File - - 6CE2D59A6DC652E8D381C0B963406237

    CPU gebruik te hoog bij de minste actie

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hallo,

    Het CPU gebruik van m'n HP portable ligt meestal behoorlijk hoog. Wanneer je dan bvb een map opent, een programma start,.. hangt ie direct een tijdje tegen de 100%.

    Waarschijnlijk daarmee gepaard werkt alles aan de trage kant. Hopelijk vinden jullie iets in het onderstaande hijack logje ! Alvast heel erg bedankt voor de tijd en moeite :)

    Groetjes

    HiJackThis logje :

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 11:49:05, on 14/09/2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\HPQ\IAM\bin\asghost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\IFXSPMGT.exe

    C:\WINDOWS\system32\IFXTCS.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe

    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

    C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe

    C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

    C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

    C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

    C:\WINDOWS\system32\vmnat.exe

    C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\Program Files\VMware\VMware Player\vmware-authd.exe

    C:\WINDOWS\system32\vmnetdhcp.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\SMINST\Scheduler.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\mstsc.exe

    C:\Documents and Settings\pcgerdep2\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

    O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

    O4 - HKLM\..\Run: [prg242u] C:\PROGRAM FILES\COMMON FILES\PLATFORM3000U\PRG242U.EXE

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

    O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.gernal.be/XTSAC.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347529923234

    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://vpn.gernal.be/msrdp.cab

    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe

    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: BacnetDataServer - Newron System - C:\Program Files\Newron System\BACnetDataServer\BdsServer.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: IDS (NewServiceInstall1) - Unknown owner - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe

    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\Opcenum.exe

    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

    O23 - Service: Explorer Web Server (Productys.PWEService) - XPSP2 - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe

    O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

    O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

    O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

    O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    O23 - Service: XBTZG935 USB Link Cable - Schneider Electric Inc. - C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe

    --

    End of file - 10338 bytes

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.