Ga naar inhoud

CPU gebruik te hoog bij de minste actie


 Delen

Aanbevolen berichten

Hallo,

Het CPU gebruik van m'n HP portable ligt meestal behoorlijk hoog. Wanneer je dan bvb een map opent, een programma start,.. hangt ie direct een tijdje tegen de 100%.

Waarschijnlijk daarmee gepaard werkt alles aan de trage kant. Hopelijk vinden jullie iets in het onderstaande hijack logje ! Alvast heel erg bedankt voor de tijd en moeite :)

Groetjes

HiJackThis logje :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:49:05, on 14/09/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe

C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe

C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\mstsc.exe

C:\Documents and Settings\pcgerdep2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [prg242u] C:\PROGRAM FILES\COMMON FILES\PLATFORM3000U\PRG242U.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.gernal.be/XTSAC.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347529923234

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://vpn.gernal.be/msrdp.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BacnetDataServer - Newron System - C:\Program Files\Newron System\BACnetDataServer\BdsServer.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: IDS (NewServiceInstall1) - Unknown owner - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\Opcenum.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

O23 - Service: Explorer Web Server (Productys.PWEService) - XPSP2 - C:\Program Files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe

O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: XBTZG935 USB Link Cable - Schneider Electric Inc. - C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe

--

End of file - 10338 bytes

Link naar reactie
Delen op andere sites


Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Na een klein half uurtje kwam dit uit de bus : :)

ComboFix 12-09-18.05 - pcgerdep2 18/09/2012 17:42:48.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.156 [GMT 2:00]

Running from: c:\documents and settings\pcgerdep2\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))

.

.

2012-09-17 09:44 . 2012-09-17 09:58 -------- d-----w- C:\automation20120917

2012-09-14 08:12 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2012-09-14 08:07 . 2012-07-02 17:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-09-14 08:07 . 2012-07-02 17:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-09-14 08:07 . 2012-07-02 17:49 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

2012-09-14 08:07 . 2012-07-02 17:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-09-14 07:33 . 2012-09-14 07:33 -------- d-sh--w- c:\documents and settings\pcgerdep2\PrivacIE

2012-09-13 13:30 . 2012-09-13 13:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-09-13 13:17 . 2012-09-17 13:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware

2012-09-13 13:16 . 2012-09-13 13:16 -------- d-sh--w- c:\documents and settings\pcgerdep2\IETldCache

2012-09-13 12:33 . 2012-09-13 12:36 -------- dc-h--w- c:\windows\ie8

2012-09-13 11:55 . 2012-09-13 11:55 -------- d-----w- c:\windows\system32\winrm

2012-09-13 11:55 . 2012-09-13 11:56 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-09-13 11:26 . 2012-09-13 11:26 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\Identities

2012-09-13 11:25 . 2012-09-14 07:38 -------- d-----w- c:\program files\Windows Desktop Search

2012-09-13 11:23 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2012-09-13 11:23 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2012-09-13 11:23 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2012-09-13 11:22 . 2012-09-13 11:22 -------- d-----w- c:\program files\Windows Media Connect 2

2012-09-13 11:18 . 2012-09-13 11:20 -------- d-----w- c:\windows\system32\drivers\UMDF

2012-09-13 09:46 . 2012-09-13 09:46 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Schneider Electric

2012-09-13 09:34 . 2012-09-13 09:34 15096 ----a-w- c:\windows\system32\drivers\VdWinIo.sys

2012-09-13 08:13 . 2012-09-13 12:52 -------- d-----w- c:\windows\system32\XPSViewer

2012-09-13 08:13 . 2012-09-13 08:13 -------- d-----w- c:\program files\Reference Assemblies

2012-08-26 20:01 . 2012-09-13 11:18 -------- d-----w- c:\windows\system32\LogFiles

2012-08-26 15:29 . 2012-08-26 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2012-08-26 15:29 . 2012-08-26 15:30 -------- d-----w- c:\program files\COMODO

2012-08-26 12:28 . 2012-08-26 12:28 -------- d-----w- c:\documents and settings\pcgerdep2\Local Settings\Application Data\PCHealth

2012-08-25 17:13 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2012-08-25 17:13 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2012-08-25 17:11 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2012-08-25 17:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2012-08-25 17:05 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

2012-08-25 17:04 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2012-08-25 17:02 . 2012-05-28 18:16 536576 ------w- c:\windows\system32\dllcache\msado15.dll

2012-08-25 16:57 . 2011-04-30 03:01 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll

2012-08-25 16:53 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-08-25 16:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-08-25 16:52 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Malwarebytes

2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-25 16:30 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-25 16:30 . 2012-08-25 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-25 14:51 . 2011-10-28 16:07 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll

2012-08-25 14:06 . 2012-08-25 14:06 -------- d-----w- c:\documents and settings\pcgerdep2\Application Data\Avira

2012-08-25 14:00 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-08-25 14:00 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-08-25 14:00 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\program files\Avira

2012-08-25 13:59 . 2012-08-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2012-08-25 13:47 . 2012-08-25 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\scripting

2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\l2schemas

2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\en

2012-08-25 13:13 . 2012-08-25 13:13 -------- d-----w- c:\windows\system32\bits

2012-08-25 12:49 . 2012-08-25 12:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ApplicationHistory

2012-08-25 12:49 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-06 13:58 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2004-08-04 08:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

1998-04-27 18:15 . 2011-12-08 08:55 570128 ------w- c:\program files\Common Files\dao350.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]

"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]

"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

"prg242u"="c:\program files\COMMON FILES\PLATFORM3000U\PRG242U.EXE" [2010-11-18 299008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2006-04-21 16:30 40960 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-08-31 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 06:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2006-03-23 18:38 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-09-15 00:27 1015808 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\mstsc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"=

"c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=

"c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=

"c:\\WINDOWS\\system32\\s7otbxsx.exe"=

"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"=

"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"=

"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\MiniWeb.exe"=

"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"=

"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/08/2011 15:58 98928]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25/08/2012 16:00 36000]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/03/2012 21:13 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/03/2012 21:13 31704]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 18:56 36768]

R1 VDWINIO;VDWINIO;c:\windows\system32\drivers\VdWinIo.sys [13/09/2012 11:34 15096]

R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [29/03/2010 10:13 1594368]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/08/2012 16:00 86224]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4/08/2004 10:00 14336]

R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [10/03/2009 21:57 28363]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/08/2012 18:30 655944]

R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]

R2 NewServiceInstall1;IDS;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Manager\IDS.exe [29/01/2010 17:10 16384]

R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [10/03/2009 0:46 69685]

R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 18:39 73088]

R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2/03/2010 9:47 240776]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29/08/2011 23:11 665200]

R2 XBTZG935 USB Link Cable;XBTZG935 USB Link Cable;c:\program files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTZG935svr.exe [22/10/2010 2:42 90112]

R3 fwkbd;fwkbd;c:\windows\system32\drivers\FwKbd.sys [8/12/2011 12:31 2976]

R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [8/04/2010 12:15 12112]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 13:19 36352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/08/2012 18:30 22344]

R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [11/01/2012 13:43 91376]

S2 Productys.PWEService;Explorer Web Server;c:\program files\Schneider Electric\Vijeo-Designer\IDS\IDS Explorer\Productys.PWEService.exe [22/06/2011 8:37 37376]

S2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2/03/2010 9:47 1576072]

S2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [1/03/2010 17:51 31232]

S3 BacnetDataServer;BacnetDataServer;c:\program files\Newron System\BACnetDataServer\BdsServer.exe [7/09/2011 10:39 36864]

S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [4/07/2005 17:04 68280]

S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 2:34 30512]

S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2/03/2010 9:39 124928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: gernal.be\vpn

TCP: DhcpNameServer = 192.168.1.101 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-09-18 17:56

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1128)

c:\windows\system32\Ati2evxx.dll

c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

c:\windows\system32\IfxWlxEN.dll

.

- - - - - - - > 'lsass.exe'(1184)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'csrss.exe'(1088)

c:\windows\system32\cmdcsr.dll

.

Completion time: 2012-09-18 18:01:12

ComboFix-quarantined-files.txt 2012-09-18 16:01

ComboFix2.txt 2012-09-18 14:24

ComboFix3.txt 2012-08-25 19:42

.

Pre-Run: 27.519.590.400 bytes free

Post-Run: 27.547.992.064 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 6CE2D59A6DC652E8D381C0B963406237

Link naar reactie
Delen op andere sites


Beide logjes bieden niet meteen problemen op het vlak van soft- of malware. Doe even het volgende :

Download en installeer Speccy.

Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren.

Start het nu programma en er zal een overzicht gemaakt worden van je hardware.

Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ".

In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht.

Wil je in woord en beeld zien hoe je een logje van Speccy maakt en plaatst kun je dat Hier lezen.

Ook Dit (KLIK) filmpje laat zien hoe je een Speccy-logje kan plakken in je antwoord.

Na het plaatsen van je logje wordt dit door een expert nagekeken.

Link naar reactie
Delen op andere sites

Alvast bedankt voor de reactie !

Nog een ander fenomeen dat ik ondervonden heb : het draadloos internet valt erg vaak uit (maar waarschijnlijk ligt het probleem aan de verbinding zelf want op een ander draadloos netwerk heb ik hier veel minder problemen mee..)

Hier de link van Speccy : http://speccy.piriform.com/results/vrJqmyLGTENYFWJWUm6231C

Link naar reactie
Delen op andere sites

Het eerste wat opvalt zijn de tamelijk hoge temperaturen van de processor en het moederbord.

Te hoge temperaturen van een PC / laptop worden meestal veroorzaakt door een te hoog stofgehalte.

Om dit op een veilige manier te verwijderen verwijzen we graag naar deze zeer duidelijke uitleg.

Neem de tips grondig door en doe het nodige om je systeem stofvrij te (laten) maken…nadien kan je ons dan de nieuwe resultaten van Speccy bezorgen.

Link naar reactie
Delen op andere sites


 Delen

×
×
  • Nieuwe aanmaken...