Mededeling

Collapse
No announcement yet.

slow

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • slow

    Internet verbinding komt zeer langzaam tot stand.
    Komt dit misschien omdat ik in een of andere uithoek van de wereld zit??
    Vooral bijv. fotoapparatuur.nl waar veel foto's op staan en waar ik graag op rond surf is erg traag.

    Hier m'n hyack logje.

    Gelijk andere vraag; Ik heb er ook Nirsoft op staan; nuttig of naar de prullebak??

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:35:13, on 12/2/2551
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\LClock\LClock.exe
    C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fotoapparatuur.nl/photos/FotoList.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    --
    End of file - 8640 bytes


    Mvg f1sh vanuit Mae sot.

  • #2
    Ik begrijp dat je in Thailand zit? Op wat voor verbinding werk je daar?
    Ik denk dat dit de oorzaak van je problemen is.

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Download Combofix naar je bureaublad

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
    Last edited by Pimmerd; 14-02-08, 12:42.
    Groet,
    Pimmerd

    Comment


    • #3
      slow

      Hier hyack en combo logfile

      Heb breedband van Maxnet.
      Met nirsoft wat men er voor mij opgezet hebben kan ik allerlei systeeminfo bekijken. Ken je dit programma misschien.

      Hij is al wat sneller maar foto's openen van website gaat toch erg traag.

      Jullie site is overigens wel snel te bereiken.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 6:51:26, on 15/2/2551
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\VistaDrive\VistaDrive.exe
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\sm56hlpr.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\LClock\LClock.exe
      C:\Program Files\VisualTaskTips\VisualTaskTips.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Program Files\CyberLink\Shared files\RichVideo.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wuauclt.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fotoapparatuur.nl/photos/FotoList.asp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
      O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

      --
      End of file - 8431 bytes









      ComboFix 08-02-14.2 - Administrator 02/14/2008 19:57:04.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.578 [GMT 7:00]
      Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
      * Created a new restore point

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

      ----- BITS: Possible infected sites -----

      hxxp:๕j+|Cคฬ›v๗+ศ@™JŸ:ฎฝ‰N๊GD_ฉฝบD˜Qฤ{ถภzฮ
      hxxp://au.dow
      .
      ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
      .

      No new files created in this timespan

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-14 12:56 --------- d-----w C:\Program Files\FlashGet
      2008-02-14 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-02-14 00:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
      2008-02-13 10:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
      2008-02-13 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-02-13 00:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TT111
      2008-02-11 14:25 --------- d-----w C:\Program Files\Trend Micro
      2008-02-11 07:17 --------- d-----w C:\Program Files\IPNetInfo
      2008-02-11 07:16 39,424 ----a-w C:\WINDOWS\zipinst.exe
      2008-02-07 01:03 --------- d-----w C:\Program Files\Neat Image
      2008-02-02 15:46 --------- d-----w C:\Program Files\MySpace
      2008-02-02 15:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MySpace
      2008-01-22 03:33 --------- d-----w C:\Program Files\Winamp
      2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2008-01-09 16:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\TT111
      2008-01-09 15:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\AVG7
      2008-01-09 15:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\ATI
      2008-01-09 10:30 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-01-08 13:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-01-08 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-08 11:07 --------- d-----w C:\Program Files\MSXML 6.0
      2008-01-08 07:18 --------- d-----w C:\Program Files\TT111-V3
      2008-01-08 07:18 --------- d-----w C:\Program Files\ThaiNumbers
      2008-01-04 12:27 --------- d-----w C:\Program Files\Unlocker
      2008-01-04 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Genimo
      2008-01-04 01:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Genimo
      2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
      2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
      2007-12-17 12:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
      2007-12-17 11:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
      2007-12-16 13:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
      2007-12-14 11:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
      2007-12-12 12:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
      2007-12-08 03:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
      2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
      2007-12-07 02:21 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
      2007-12-07 02:21 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
      2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
      2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
      2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2007-12-07 02:21 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
      2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
      2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
      2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
      2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2007-12-07 02:21 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
      2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
      2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
      2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
      2007-12-07 02:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
      2007-12-07 02:21 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
      2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
      2007-12-07 02:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
      2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
      2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
      2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
      2007-12-07 02:21 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
      2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
      2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM 15360]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/18/2007 12:30 AM 1230848]
      "LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM 65536]
      "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [07/31/2006 06:33 PM 36864]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [10/09/2006 11:28 AM 139264]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM 5674352]
      "SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [07/26/2007 03:28 PM 208952]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
      "VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
      "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 05:19 PM 15872]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM 90112]
      "RTHDCPL"="RTHDCPL.EXE" [06/13/2007 02:49 PM 16377344 C:\WINDOWS\RTHDCPL.exe]
      "SMSERIAL"="sm56hlpr.exe" [06/06/2005 04:40 PM 544768 C:\WINDOWS\sm56hlpr.exe]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
      "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM 155648]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06/22/2006 12:14 AM 35328]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/09/2008 04:35 PM 579072]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 07:56 AM 15360]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/18/2007 12:30 AM 1230848]
      "LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM 65536]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [01/08/2008 08:33 PM 219136]
      "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/19/2007 08:47 AM 8720384]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "nltide_3"="advpack.dll" [12/07/2007 09:21 AM 124928 C:\WINDOWS\system32\advpack.dll]

      C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
      OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2549-10-26 20:24:54 98632]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)



      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
      "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
      "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
      HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-14 19:58:13
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\Program Files\Unlocker\UnlockerHook.dll
      -> C:\Program Files\VisualTaskTips\VttHooks.dll
      -> C:\Program Files\LClock\LC.dll
      .
      Completion time: 02/14/2008 19:58:28
      ComboFix-quarantined-files.txt 2008-02-14 12:58:26
      .
      2008-02-13 07:47:05 --- E O F ---


      mvg Nico

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\WINDOWS\VistaDrive\VistaDrive.exe

        Registry::
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "VistaDrive"=-


        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Nog problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          slow

          Heb gedaan wat je voorstelde.
          Combofix gaf eerst aan; acces denied.
          Still run? Y ingedrukt .

          Hier logje.

          ComboFix 08-02-14.2 - Administrator 02/15/2008 20:37:52.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.592 [GMT 7:00]
          Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
          * Created a new restore point

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
          .

          No new files created in this timespan

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-15 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
          2008-02-14 13:00 --------- d-----w C:\Program Files\microsoft frontpage
          2008-02-14 12:56 --------- d-----w C:\Program Files\FlashGet
          2008-02-14 00:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
          2008-02-13 10:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
          2008-02-13 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2008-02-13 00:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TT111
          2008-02-11 14:25 --------- d-----w C:\Program Files\Trend Micro
          2008-02-11 07:17 --------- d-----w C:\Program Files\IPNetInfo
          2008-02-11 07:16 39,424 ----a-w C:\WINDOWS\zipinst.exe
          2008-02-07 01:03 --------- d-----w C:\Program Files\Neat Image
          2008-02-02 15:46 --------- d-----w C:\Program Files\MySpace
          2008-02-02 15:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MySpace
          2008-01-22 03:33 --------- d-----w C:\Program Files\Winamp
          2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
          2008-01-09 16:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\TT111
          2008-01-09 15:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\AVG7
          2008-01-09 15:28 --------- d-----w C:\Documents and Settings\thailand\Application Data\ATI
          2008-01-09 10:30 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-08 13:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
          2008-01-08 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-01-08 11:07 --------- d-----w C:\Program Files\MSXML 6.0
          2008-01-08 07:18 --------- d-----w C:\Program Files\TT111-V3
          2008-01-08 07:18 --------- d-----w C:\Program Files\ThaiNumbers
          2008-01-04 12:27 --------- d-----w C:\Program Files\Unlocker
          2008-01-04 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Genimo
          2008-01-04 01:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Genimo
          2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
          2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
          2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
          2007-12-17 12:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
          2007-12-17 11:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
          2007-12-16 13:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
          2007-12-12 12:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
          2007-12-08 03:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
          2007-12-07 02:21 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
          2007-12-07 02:21 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
          2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
          2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
          2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2007-12-07 02:21 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
          2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
          2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
          2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
          2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2007-12-07 02:21 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
          2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
          2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
          2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
          2007-12-07 02:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
          2007-12-07 02:21 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
          2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
          2007-12-07 02:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
          2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
          2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
          2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
          2007-12-07 02:21 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
          2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
          2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
          2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
          2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
          2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM 15360]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/18/2007 12:30 AM 1230848]
          "LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM 65536]
          "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [07/31/2006 06:33 PM 36864]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [10/09/2006 11:28 AM 139264]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [07/26/2007 03:28 PM 208952]
          "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
          "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
          "VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
          "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 05:19 PM 15872]
          "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM 90112]
          "RTHDCPL"="RTHDCPL.EXE" [06/13/2007 02:49 PM 16377344 C:\WINDOWS\RTHDCPL.exe]
          "SMSERIAL"="sm56hlpr.exe" [06/06/2005 04:40 PM 544768 C:\WINDOWS\sm56hlpr.exe]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM 155648]
          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06/22/2006 12:14 AM 35328]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/09/2008 04:35 PM 579072]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 07:56 AM 15360]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/18/2007 12:30 AM 1230848]
          "LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 12:27 PM 65536]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [01/08/2008 08:33 PM 219136]
          "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/19/2007 08:47 AM 8720384]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "nltide_3"="advpack.dll" [12/07/2007 09:21 AM 124928 C:\WINDOWS\system32\advpack.dll]

          C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
          OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2549-10-26 20:24:54 98632]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "NoSMHelp"= 1 (0x1)

          [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
          "NoSMHelp"= 1 (0x1)



          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
          "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
          "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
          HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-15 20:38:44
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
          -> C:\Program Files\Unlocker\UnlockerHook.dll
          -> C:\Program Files\VisualTaskTips\VttHooks.dll
          -> C:\Program Files\LClock\LC.dll
          .
          Completion time: 02/15/2008 20:38:58
          ComboFix-quarantined-files.txt 2008-02-15 13:38:56
          ComboFix2.txt 2008-02-14 12:58:29
          .
          2008-02-13 07:47:05 --- E O F ---


          Hij is al sneller met uploaden websites maar nog te traag.

          ieg alvast bedankt voor je snelle hulp van de andere kant van deze aardkloot.

          Comment


          • #6
            Download OTMoveIt2 (by OldTimer) naar je Bureaublad.
            • * Dubbelklik op OTMoveIt2.exe om de tool te starten.
              * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst :

              • C:\WINDOWS\VistaDrive\VistaDrive.exe
              * Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
              * Klik op de rode MoveIt! knop
              * Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,
              (of het logje dat je terugvindt als C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
              * Sluit OTMoveIt2

            Indien een bestand of map niet onmiddellijk kan verplaatst worden,
            kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
            Klik dan op Ja/Yes.

            Post ook een nieuw Hijackthis logje.
            Groet,
            Pimmerd

            Comment


            • #7
              slow

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 7:07:14, on 16/2/2551
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\VistaDrive\VistaDrive.exe
              C:\Program Files\Unlocker\UnlockerAssistant.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\WINDOWS\sm56hlpr.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\Program Files\Winamp\winampa.exe
              C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Sidebar\sidebar.exe
              C:\Program Files\LClock\LClock.exe
              C:\Program Files\VisualTaskTips\VisualTaskTips.exe
              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
              C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\Program Files\CyberLink\Shared files\RichVideo.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fotoapparatuur.nl/photos/FotoList.asp
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
              O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
              O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
              O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
              O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
              O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
              O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
              O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
              O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
              O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
              O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
              O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
              O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
              O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
              O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
              O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

              --
              End of file - 8266 bytes


              Hyacklogje.

              Hmm, kan het logje van OtMoveIt2 dus niet meer terugvinden.

              Rechts stond wel dat C:\WINDOWS\VistaDrive\VistaDrive.exe
              met succes verplaatst is. Was iets te snel met afsluiten.
              Last edited by f1sh; 16-02-08, 01:18.

              Comment


              • #8
                slow

                Kon alleen dit terugvinden:

                C:\WINDOWS\VistaDrive\VistaDrive.exe moved successfully.

                OTMoveIt2 v1.0.20 log created on 02162008_065614

                in C:\_OTMoveIt\MovedFiles

                Comment


                • #9
                  Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

                  O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

                  Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

                  Herstart daarna je PC en post een Hijackthis logfile ter controle.
                  Groet,
                  Pimmerd

                  Comment


                  • #10
                    slow

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 6:34:00, on 18/2/2551
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\system32\userinit.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Unlocker\UnlockerAssistant.exe
                    C:\WINDOWS\RTHDCPL.EXE
                    C:\WINDOWS\sm56hlpr.exe
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
                    C:\Program Files\Winamp\winampa.exe
                    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Windows Sidebar\sidebar.exe
                    C:\Program Files\LClock\LClock.exe
                    C:\Program Files\VisualTaskTips\VisualTaskTips.exe
                    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                    C:\Program Files\MSN Messenger\msnmsgr.exe
                    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\Program Files\CyberLink\Shared files\RichVideo.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fotoapparatuur.nl/photos/FotoList.asp
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
                    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
                    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
                    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
                    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
                    O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
                    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
                    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
                    O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
                    O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
                    O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                    O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
                    O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
                    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
                    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
                    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
                    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

                    --
                    End of file - 8200 bytes

                    Comment


                    • #11
                      Je logje ziet er nu weer goed uit

                      Je Java software is verouderd.
                      Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                      Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

                      Download Java Runtime Environment (JRE) 6u4.
                      • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                      • Klik op de "Download" knop aan de rechterkant.
                      • In het uitklapmenu rechts naast Platform, selecteer Windows
                      • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                      • De pagina zal herladen.
                      • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                      • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                      • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                      • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                      • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                      • Herhaal dit tot alle oudere versies verdwenen zijn.
                      • Na het verwijderen van alle oudere versies, herstart je pc.
                      • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                      Hoe is het inmiddels met je problemen?
                      Groet,
                      Pimmerd

                      Comment


                      • #12
                        slow

                        hij is al sneller. bedankt voor de hulp

                        Comment


                        • #13
                          Graag gedaan

                          Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
                          Jawwi.nl is een startpagina. Wij bieden een overzicht van alle handige links, en dat op 1 startpagina.


                          Ik zet de status van dit topic op opgelost. Mocht je hem terug heropent willen hebben, kan je mij een PM sturen.
                          Groet,
                          Pimmerd

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X