Spring naar inhoud

Guest's Foto
Welkom,
Guest
Wenst u zich te registreren?


Foto
- - - - -

wtf waar is taakbeheer naar toe


  • Log in om te reageren
21 reacties op dit onderwerp

#1 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 07 april 2008 - 20:37


hey iedereen
ik heb sinfs kort een klein probleempje ik maak eeen reboot en in eens komen er vele errors als men bureaublad wordt weergegeven. explorer.exe is er daar 1 van=> klasse is niet gerregistreerd dus kan deze comp niet openen en dit gebeurt met vele progjes. nu is het zo ik was van plan om via taakbeheer explorer.exe heel even uit te schakelen omdat dit een belangrijk proces is wou ik heb maar is uit en aan zetten!! maar als ik op ctrl alt delete druk dan krijg ik niks, op men werkbalk als ik om rechter muisknop druk krijg ik ook niks. hen ook al het volgende gdn ==> Uitvoeren.
Typ in het dialoogvenster Uitvoeren de opdracht regedit en klik op OK.
Kies in de Register-editor HKEY_CURRENT_USER >> Software >> Microsoft >> Windows >> CurrentVersion >> Policies >> System.
Kies Bewerken >> Nieuw >> Sleutel, geef deze de naam System en selecteer deze sleutel. Is de sleutel System al aanwezig, dan kunt u deze stap overslaan.
Rechtsklik in een leeg deel van de rechter schermhelft en kies Nieuw >> DWORD-waarde.
Geef de nieuwe DWORD-waarde de naam DisableTaskMgr en open deze door erop te dubbelklikken.
Vul als waarde het getal 00000000 in om Taakbeheer in te schakelen. Sluit de Register-editor en dit lukt ook niet. heb ook al bij uitvoeren gpedit.msc en ok willen doen maar diot commando zeg maar vind hij niet eens. en als ik taskmgr druk bij uitvoeren gaat het ook ni dan krijg ik een error, taakbeheer is uitgeschakelt door de hoofdgebruiker en het gekke is ik ben de hoofdgebruiker. heb echt alles geprobeerd, nu ga ik is zien dak geen last heb van spyware en adware en malware of wie weet een virus!! en als het dan nog niet opgelost is dan voer ik een systeemhertsel uit tenzij jullie nog suggesties hebben. wat zouden jullie doen in mijn plaats want dit is echt niet handig werken heb men pc ook al in de veilige modus opgestart maar daar lukt het ook niet daar heb ik het hetzelfde probleem. kunnen jullie dit probleem oplossen want dit is echt niet leuk meer? Mvg van bart

#2 Guest_Masters_*

Guest_Masters_*
  • Gasten

Geplaatst 07 april 2008 - 22:11

ik zou rechtstreeks voor het systeemherstel gaan; dat lijkt me de snelste manier om dat te proberen oplossen.

#3 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 08 april 2008 - 17:37

euhm systeemhertsel ging goed tot ik gereboot heb en de systeemherstel wou uitvoere hij gaf een error!! mmm ben echt eve sprakeloos!! ik denk dat men pc besmet is met spyware,adware,malware,e.d weet iemand hier een goed progje voor ? niet spybot en spyware doctor want dit hielp niet!!

#4 tibzie

tibzie

    Lid

  • Lid
  • PipPipPip
  • 155 berichten

Geplaatst 08 april 2008 - 19:05

Dit is duidelijk een probleem voor kape.

#5 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 08 april 2008 - 20:23

Probeer je taakbeheer te herstellen met DIT. Hoop dat het ook bij jou lukt.

Kan je eigenlijk bij een browser geraken om iets te downloaden of zitten je problemen daar ook voor in de weg ? Anders moet je HiJackThis op he PC proberen te krijgen en laten runnen tot je een log hebt. Hang dit in een volgend bericht en dan gaan we op zoek naar al de malware die je (blijkbaar) verwacht aan boord te hebben.

#6 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 08 april 2008 - 21:54

takenbeheer heb ik ondertussen zelf aan de praat gekregen!!! maar nu nog al die rrors weg werken!! ik hoop dat je me er mee kan helpen ik heb alvast je gevraagde gegevens in de bijlage gestoke!! mvg van bart

Bijgevoegde Bestanden



#7 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 08 april 2008 - 22:10

Met zo’n logje is het duidelijk dat je - spijtig genoeg - heel wat problemen moet hebben. Begin al eens met de volgende stappen.

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {330E4FA0-CE48-46EA-B843-D4C03E7B587C} - C:\Windows\system32\avicap3.dll
O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\Windows\drnpfdxlsk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\Run: [nqmheosx] C:\Windows\system32\nqmheosx.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [2Wpuiu7EEf] C:\Windows\fulqzkls.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tu p1.0.1.0.cab

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht. En laat ook eens weten wat je nu al – na deze behandeling – nog aan problemen hebt, zodat we de toestand op de voet kunnen volgen.

#8 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 12 april 2008 - 07:29

hey had een beetje vertraging door men Internet en ga vandaag pas aan de slag maar nu zie ik dat je verschillende links hebt doorgegeven wat moet ik daar mee!! graag ietsje meer uitleg. mvg van bart

#9 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 12 april 2008 - 07:32

heb nier rekening gehouden met je links en nu krijg ik volgende error ==> Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing))
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 6.00.1904
MSIE version: 7.0.6000.16609
HijackThis version: 2.0.2

#10 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 12 april 2008 - 08:14

Please help us improve HijackThis by reporting this error. Click 'Yes' to submit

Die error mag je doorgeven naar HiJackThis - ter verbetering van hun programma - door YES te klikken. Om ondertussen ook je log te kunnen maken, mag je die 09-lijn van Net2Phone (even) laten voor wat ze is, d.w.z. deze moet je dus niet aanvinken om te fixen. Dat bekijken we later opnieuw. Al de rest mag je wel uitvoeren. Als er nog problemen zijn, lees ik het wel :)

#11 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 12 april 2008 - 08:54

hey heb je instructie gevolgd maar hij zegt da ik al men internetverbindingen en explorer kaderkes moet afzetten dit doe ik via taakbeheer en ja het probleem blijft!! mvg van bart!! wat nu te doen? MVG VAN BART

#12 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 12 april 2008 - 10:59

is het lijstje zo goed:
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {330E4FA0-CE48-46EA-B843-D4C03E7B587C} - C:\Windows\system32\avicap3.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\Windows\drnpfdxlsk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [2Wpuiu7EEf] C:\Windows\fulqzkls.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

maar ik vind het wel raar ik kan nog altijd ni deze computer openen.
en krijg nog altijd massa's errors
mvg van bart gelieve een berichtje terug te sturen!!

#13 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 12 april 2008 - 15:22

Logisch dat je nog niet uit de problemen bent, er is nog heel wat werk aan de winkel.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {330E4FA0-CE48-46EA-B843-D4C03E7B587C} - C:\Windows\system32\avicap3.dll
O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\Windows\drnpfdxlsk.dll (file missing)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [2Wpuiu7EEf] C:\Windows\fulqzkls.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bart\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar....tup1.0.1.0.cab

Klik op 'Fix checked' om de items te verwijderen.

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.
Typ Y om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten (dit duurt langer dan gewoonlijk).
Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.
Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Start je computer terug op in normale modus.

Daarna voer je uit wat ik je eerder al aanbevolen heb : Combofix (zie info vorig bericht).

Plak nu de inhoud van dat rapportje van SDFix, het log van Combofix en een nieuw HJT-log in je volgende bericht.

#14 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 13 april 2008 - 10:18

hey ik heb je instructies gevolgd maar het probleem blijft ik zal je in men volgend berichtje zoals afgesproke men logjes plaatsen!! mvg van bart

#15 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 14 april 2008 - 16:16

zizo alles coorect gevolgt en hier zijn de logjes. maar is dat normaal dat het probleem zich nog steeds voor doet ?

combofixlogje

ComboFix 08-04-11.5 - ikke 2008-04-14 16:55:02.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1157 [GMT 2:00]
Gestart vanuit: C:\Users\ikke\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\ikke\AppData\Local\Temp\winlogon.exe
.
---- Previous Run -------
.
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp3.exe
C:\Users\ikke\AppData\Roaming\inst.exe
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\Installer\{a8b07d1e-5725-4587-aaf7-f9cfc33aac89}\PrxBoot.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortProxy


(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 14:52 --------- d-----w C:\Program Files\Steam
2008-04-14 14:51 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck
2008-04-14 14:51 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT
2008-04-14 14:51 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck
2008-04-14 14:51 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG
2008-04-13 20:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-13 20:09 --------- d-----w C:\Program Files\Spy Cleaner Gold
2008-04-13 19:58 --------- d-----w C:\PROGRA~2\Protexis
2008-04-13 19:15 --------- d-----w C:\Program Files\Last.fm
2008-04-13 19:13 --------- d-----w C:\Users\ikke\AppData\Roaming\BitTorrent
2008-04-13 19:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-13 19:13 --------- d-----w C:\Program Files\CoffeeCup Software
2008-04-12 10:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Uniblue
2008-04-12 09:13 --------- d-----w C:\Program Files\Trend Micro
2008-04-12 07:58 --------- d-----w C:\Program Files\Panda Security
2008-04-12 07:07 --------- d-----w C:\Program Files\nLite
2008-04-08 19:37 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-07 19:48 --------- d-----w C:\Program Files\FreeRIP3
2008-04-07 17:49 --------- d-----w C:\Users\ikke\AppData\Roaming\Skype
2008-04-07 15:16 --------- d-----w C:\Users\ikke\AppData\Roaming\skypePM
2008-04-06 10:40 5,196 ----a-w C:\Windows\System32\PerfStringBackup.TMP
2008-04-05 17:02 66,707,456 ----a-w C:\Windows\System32\imageres.dll
2008-04-03 15:39 --------- d-----w C:\Users\ikke\AppData\Roaming\Xfire
2008-03-31 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 13:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-31 13:41 --------- d-----w C:\Program Files\Java
2008-03-29 14:32 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ Toolbar
2008-03-29 13:00 --------- d-----w C:\Users\ikke\AppData\Roaming\acccore
2008-03-29 12:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-29 12:57 --------- d-----w C:\Program Files\AIM6
2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL OCP
2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL
2008-03-29 12:56 --------- d-----w C:\PROGRA~2\AOL Downloads
2008-03-29 12:53 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ
2008-03-29 12:53 --------- d-----w C:\Program Files\ICQ6
2008-03-29 11:13 --------- d-----w C:\Program Files\Skype
2008-03-29 11:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 11:13 --------- d-----w C:\PROGRA~2\Skype
2008-03-28 22:34 --------- d-----w C:\PROGRA~2\FLEXnet
2008-03-28 14:34 --------- d-----w C:\Program Files\7-Zip
2008-03-28 10:41 --------- d-----w C:\Users\ikke\AppData\Roaming\BSplayer
2008-03-23 20:50 --------- d-----w C:\Program Files\MediaMonkey
2008-03-22 15:49 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-03-21 13:05 --------- d-----w C:\Users\ikke\AppData\Roaming\FileSubmit
2008-03-21 10:56 90,112 ----a-w C:\Windows\System32\nqmheosx.exe
2008-03-21 10:46 --------- d-----w C:\Program Files\Common Files\Stardock
2008-03-20 21:22 --------- d-----w C:\PROGRA~2\WinZip
2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\WinBatch
2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\InstallShield
2008-03-20 15:23 --------- d-----w C:\Program Files\HP Webcam
2008-03-20 15:11 --------- d-----w C:\PROGRA~2\Xerox
2008-03-19 17:24 --------- d-----w C:\Program Files\DNA
2008-03-19 17:24 --------- d-----w C:\Program Files\BitTorrent
2008-03-18 20:49 --------- d-----w C:\Users\ikke\AppData\Roaming\FastStone
2008-03-18 20:49 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-03-18 17:08 47,360 ----a-w C:\Users\ikke\AppData\Roaming\pcouffin.sys
2008-03-18 17:08 --------- d-----w C:\Users\ikke\AppData\Roaming\Vso
2008-03-18 17:08 --------- d-----w C:\Program Files\VSO
2008-03-14 16:46 27,240 ----a-w C:\Users\ikke\AppData\Roaming\nvModes.dat
2008-03-13 21:03 --------- d-----w C:\Users\ikke\AppData\Roaming\Apple Computer
2008-03-13 20:54 --------- d-----w C:\Program Files\Opera
2008-03-09 09:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-09 09:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-05 18:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 18:45 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-03-05 18:13 --------- d-----w C:\Program Files\Windows Live
2008-03-02 21:40 --------- d-----w C:\Users\ikke\AppData\Roaming\DivX
2008-03-02 20:40 --------- d-----w C:\Program Files\Picasa2
2008-03-02 11:38 --------- d-----w C:\Users\ikke\AppData\Roaming\Netscape
2008-03-01 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 17:27 --------- d-----w C:\Program Files\MSN Messenger
2008-03-01 17:17 --------- d-----w C:\PROGRA~2\WLInstaller
2008-03-01 17:15 --------- d-----w C:\Users\ikke\AppData\Roaming\AntiVirusScherm
2008-03-01 12:55 --------- d-----w C:\Users\ikke\AppData\Roaming\GlobalSCAPE
2008-02-29 18:36 --------- d-----w C:\Users\ikke\AppData\Roaming\SmartFTP
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 15:15 --------- d-----w C:\Program Files\Xfire
2008-02-27 15:15 --------- d-----w C:\PROGRA~2\Xfire
2008-02-27 12:16 0 ----a-w C:\Users\ikke\AppData\Roaming\wklnhst.dat
2008-02-23 19:57 --------- d-----w C:\Users\ikke\AppData\Roaming\CyberLink
2008-02-22 21:20 --------- d-----w C:\Users\ikke\AppData\Roaming\HandigeBeheerder
2008-02-22 19:06 --------- d-----w C:\Users\ikke\AppData\Roaming\Ahead
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-20 16:47 --------- d-----w C:\Users\ikke\AppData\Roaming\HP
2008-02-19 20:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Talkback
2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmEditor
2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmDesigner
2008-02-19 17:17 --------- d-----w C:\Users\ikke\AppData\Roaming\Nvu
2008-02-17 13:37 --------- d-----w C:\PROGRA~2\PY_Software
2008-02-17 11:17 --------- d-----w C:\PROGRA~2\GlobalSCAPE
2008-02-16 14:31 --------- d-----w C:\Program Files\Quintessential Media Player
2008-02-16 13:57 --------- d-----w C:\Program Files\DivX
2008-02-16 13:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-02-15 20:42 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-15 16:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-12 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-12 22:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-12 22:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-12 22:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-05-09 18:54 50736]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-06 13:02 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [ ]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [ ]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-26 18:46 77824]
"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [2005-04-07 04:18 557056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-25 20:46:38 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^ikke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\Windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 11:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 11:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-04-23 18:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-30 21:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 16:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-09-30 10:17 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{83523B6B-8F78-400F-8359-BFC5D585775A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D877737F-8D56-4B8D-AA82-3F0FD0BBBA79}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{0092543F-753A-4105-BDD0-C53B1204DD98}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{B1A3565D-DE06-4DFF-B189-4B7E2529227D}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6F015DB6-B455-4B64-97E2-F6B77EF49812}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{9339EF88-C9D8-4A3C-96B6-53B88A5E1CBC}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{667FCA5A-CC1B-4C55-9DDC-9843D3E3B73D}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{5A2ADFB7-9EBB-4697-B19F-0749B234CD06}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{4DFD7A31-919E-4A59-9137-D6914A164CA4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{22A6DE5F-2ECF-44CE-9240-66D6984EC106}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{757A06AC-E95A-44DE-9844-5F76B9B71CDB}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{38F37EDA-A5E8-42FB-92C5-194C7130D9C4}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{552D77A5-69D4-4600-A142-1EF2D05EE433}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare
"UDP Query User{0F60DED8-0E3F-40F3-A7BF-F483E30FEBAA}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare
"TCP Query User{DC482A8D-F2D4-47D4-B2CE-72B1C73DDAA5}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3FBC69B3-7328-4FEE-9987-E5858EE177FD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1ED630D7-5911-4783-9F7E-F6AD867FC5E2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{BDF77066-BFB8-41F3-B35E-3CBFA8158FDA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9C14A28B-07EF-4C7D-B814-A3A0FACCD585}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DF80080F-4B3E-4867-B985-0133274D6F4D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6DF00939-A66A-4A7E-8634-561867C5BFB8}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{61CAF39C-B025-4821-A035-708F6F724ADD}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{A7BEAB48-648C-4BBB-83D8-75150936BDF8}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{A2ACD869-5728-4175-A2D5-46B703227E43}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"{1A76E207-7772-4600-A6CF-2DEADD620D11}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{D41B2AE6-2F98-4B0D-B89B-EF153FDDB234}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D824E184-7A55-4DAA-907C-95E5495AB8D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5F52C282-D76E-4720-A8BB-FE3A97D5987F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D2522863-5F7F-4627-A697-737125D1E6BF}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2
"UDP Query User{08671418-D823-4A60-B540-10FC3E3B999D}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2
"{2DB40983-6280-460F-8458-4019751D772A}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B6339253-71B2-43D5-9DBF-B9CBC6790BBB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{16CA3A18-28FF-4A59-A7E1-D27C88D29851}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{4997B15B-BBE2-4489-8679-47E2D665D7EC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DB4C318E-3FF6-4030-81B7-47D94C1BFE68}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2AAD00A5-5167-4E50-A7D7-3F732A8043A0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C9D7D84B-747D-4CCA-94DF-B111DD8A1414}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9A66DE17-E459-4651-B2C5-769BFEFF8F62}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{A29A89B3-3906-47C7-8CFD-02E8A86CE612}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= UDP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{117E4158-75D0-45A2-8846-A68926E0CC41}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= TCP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe
"{C2D4D891-F47C-4801-86C3-26C4D199764B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFE1B510-6F8F-4E36-B39D-39EA221FED6E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{727CE370-29F0-4033-BE82-8871EB5E1A2B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{176C9E80-A887-411E-A12F-1D9C904F8762}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1112A60F-254C-4693-8F3B-0F6CB4B4F474}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{AF17A790-875F-4BBE-BB0D-76B0568A8E2C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{39454884-EEEE-4131-8BE9-95E022681A90}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C8BA96EB-F64F-470B-8007-615906F516F6}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8BE25293-98A8-44BA-AE3C-6468D4E44B27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{89287EED-F97B-4537-8B7A-96B388DF1AF3}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{93B0045B-1C90-4D4D-835C-AD204B436660}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{DF4CE028-FA2F-4D43-B5C3-8D3DDF1D3B66}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{2AAE8935-765E-4266-AA39-34A8E241AEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]
R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]
R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]
R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]
R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2007-10-29 12:55]
R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 09:44]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe" [2007-03-21 20:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 14:20]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-15 22:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d665a4e4-6e06-11dc-8e34-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
\shell\directx\command - F:\DirectX9\dxsetup.exe
\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4dce9cf-6f6e-11dc-823d-001a6be139af}]
\shell\AutoRun\command - N:\setup.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-14 15:00:00 C:\Windows\Tasks\User_Feed_Synchronization-{2CC08CE3-A954-4B66-89A4-84469A7D2A23}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 16:59:20
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-14 17:00:35
ComboFix-quarantined-files.txt 2008-04-14 15:00:27
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
.
2008-04-13 19:29:51 --- E O F ---

HJT logje

Logfile of HijackThis v1.99.1
Scan saved at 23:01, on 2008-04-13
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Spy Cleaner Gold\SpyWatcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\7-Zip\7zFM.exe
C:\Users\ikke\AppData\Local\Temp\7zO2AC7.tmp\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\Windows\SYSTEM32\avldr.dll
O21 - SSODL: PrxBoot - {a8b07d1e-5725-4587-aaf7-f9cfc33aac89} - (no file)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

mvg van bart

#16 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 14 april 2008 - 16:52

Heb je eerst die suggestie met SDFix uitgevoerd ? Wil je dan - voor ik de rest volledig ga analyseren - eerst eens dat logje in een bericht zetten.

En nog iets : dit programma C:\Program Files\Spy Cleaner Gold. Waar heb je dat gedownload ? Toevallig bij Spycleaner.com ? Of ergens anders ?

#17 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 14 april 2008 - 17:11

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O21 - SSODL: PrxBoot - {a8b07d1e-5725-4587-aaf7-f9cfc33aac89} - (no file)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::
C:\Windows\System32\nqmheosx.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe


Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

#18 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 14 april 2008 - 17:48

combofix.txt logje:

ComboFix 08-04-11.5 - ikke 2008-04-14 18:33:03.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1170 [GMT 2:00]
Gestart vanuit: C:\Users\ikke\Desktop\ComboFix.exe
Command switches used :: C:\Users\ikke\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Windows\System32\nqmheosx.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\nqmheosx.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 16:27 --------- d-----w C:\Program Files\Steam
2008-04-14 16:26 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck
2008-04-14 16:26 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT
2008-04-14 16:26 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck
2008-04-14 16:26 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG
2008-04-13 20:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-13 20:09 --------- d-----w C:\Program Files\Spy Cleaner Gold
2008-04-13 19:58 --------- d-----w C:\PROGRA~2\Protexis
2008-04-13 19:15 --------- d-----w C:\Program Files\Last.fm
2008-04-13 19:13 --------- d-----w C:\Users\ikke\AppData\Roaming\BitTorrent
2008-04-13 19:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-13 19:13 --------- d-----w C:\Program Files\CoffeeCup Software
2008-04-12 10:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Uniblue
2008-04-12 09:13 --------- d-----w C:\Program Files\Trend Micro
2008-04-12 07:58 --------- d-----w C:\Program Files\Panda Security
2008-04-12 07:07 --------- d-----w C:\Program Files\nLite
2008-04-08 19:37 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-07 19:48 --------- d-----w C:\Program Files\FreeRIP3
2008-04-07 17:49 --------- d-----w C:\Users\ikke\AppData\Roaming\Skype
2008-04-07 15:16 --------- d-----w C:\Users\ikke\AppData\Roaming\skypePM
2008-04-06 10:40 5,196 ----a-w C:\Windows\System32\PerfStringBackup.TMP
2008-04-05 17:02 66,707,456 ----a-w C:\Windows\System32\imageres.dll
2008-04-03 15:39 --------- d-----w C:\Users\ikke\AppData\Roaming\Xfire
2008-03-31 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 13:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-31 13:41 --------- d-----w C:\Program Files\Java
2008-03-29 14:32 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ Toolbar
2008-03-29 13:00 --------- d-----w C:\Users\ikke\AppData\Roaming\acccore
2008-03-29 12:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-29 12:57 --------- d-----w C:\Program Files\AIM6
2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL OCP
2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL
2008-03-29 12:56 --------- d-----w C:\PROGRA~2\AOL Downloads
2008-03-29 12:53 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ
2008-03-29 12:53 --------- d-----w C:\Program Files\ICQ6
2008-03-29 11:13 --------- d-----w C:\Program Files\Skype
2008-03-29 11:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 11:13 --------- d-----w C:\PROGRA~2\Skype
2008-03-28 22:34 --------- d-----w C:\PROGRA~2\FLEXnet
2008-03-28 14:34 --------- d-----w C:\Program Files\7-Zip
2008-03-28 10:41 --------- d-----w C:\Users\ikke\AppData\Roaming\BSplayer
2008-03-23 20:50 --------- d-----w C:\Program Files\MediaMonkey
2008-03-22 15:49 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-03-21 13:05 --------- d-----w C:\Users\ikke\AppData\Roaming\FileSubmit
2008-03-21 10:46 --------- d-----w C:\Program Files\Common Files\Stardock
2008-03-20 21:22 --------- d-----w C:\PROGRA~2\WinZip
2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\WinBatch
2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\InstallShield
2008-03-20 15:23 --------- d-----w C:\Program Files\HP Webcam
2008-03-20 15:11 --------- d-----w C:\PROGRA~2\Xerox
2008-03-19 17:24 --------- d-----w C:\Program Files\DNA
2008-03-19 17:24 --------- d-----w C:\Program Files\BitTorrent
2008-03-18 20:49 --------- d-----w C:\Users\ikke\AppData\Roaming\FastStone
2008-03-18 20:49 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-03-18 17:08 47,360 ----a-w C:\Users\ikke\AppData\Roaming\pcouffin.sys
2008-03-18 17:08 --------- d-----w C:\Users\ikke\AppData\Roaming\Vso
2008-03-18 17:08 --------- d-----w C:\Program Files\VSO
2008-03-14 16:46 27,240 ----a-w C:\Users\ikke\AppData\Roaming\nvModes.dat
2008-03-13 21:03 --------- d-----w C:\Users\ikke\AppData\Roaming\Apple Computer
2008-03-13 20:54 --------- d-----w C:\Program Files\Opera
2008-03-09 09:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-09 09:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-05 18:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 18:45 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-03-05 18:13 --------- d-----w C:\Program Files\Windows Live
2008-03-02 21:40 --------- d-----w C:\Users\ikke\AppData\Roaming\DivX
2008-03-02 20:40 --------- d-----w C:\Program Files\Picasa2
2008-03-02 11:38 --------- d-----w C:\Users\ikke\AppData\Roaming\Netscape
2008-03-01 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 17:27 --------- d-----w C:\Program Files\MSN Messenger
2008-03-01 17:17 --------- d-----w C:\PROGRA~2\WLInstaller
2008-03-01 17:15 --------- d-----w C:\Users\ikke\AppData\Roaming\AntiVirusScherm
2008-03-01 12:55 --------- d-----w C:\Users\ikke\AppData\Roaming\GlobalSCAPE
2008-02-29 18:36 --------- d-----w C:\Users\ikke\AppData\Roaming\SmartFTP
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 15:15 --------- d-----w C:\Program Files\Xfire
2008-02-27 15:15 --------- d-----w C:\PROGRA~2\Xfire
2008-02-27 12:16 0 ----a-w C:\Users\ikke\AppData\Roaming\wklnhst.dat
2008-02-23 19:57 --------- d-----w C:\Users\ikke\AppData\Roaming\CyberLink
2008-02-22 21:20 --------- d-----w C:\Users\ikke\AppData\Roaming\HandigeBeheerder
2008-02-22 19:06 --------- d-----w C:\Users\ikke\AppData\Roaming\Ahead
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-20 16:47 --------- d-----w C:\Users\ikke\AppData\Roaming\HP
2008-02-19 20:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Talkback
2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmEditor
2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmDesigner
2008-02-19 17:17 --------- d-----w C:\Users\ikke\AppData\Roaming\Nvu
2008-02-17 13:37 --------- d-----w C:\PROGRA~2\PY_Software
2008-02-17 11:17 --------- d-----w C:\PROGRA~2\GlobalSCAPE
2008-02-16 14:31 --------- d-----w C:\Program Files\Quintessential Media Player
2008-02-16 13:57 --------- d-----w C:\Program Files\DivX
2008-02-16 13:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-02-15 20:42 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-15 16:05 --------- d-----w C:\Program Files\Common Files\Real
2008-02-12 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-12 22:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-12 22:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-12 22:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-12 22:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_16.59.52.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 14:50:22 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-14 16:24:43 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-13 21:02:31 5,336 ----a-w C:\Windows\bthservsdp.dat
+ 2008-04-14 16:13:56 5,336 ----a-w C:\Windows\bthservsdp.dat
- 2008-04-14 14:51:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-14 16:34:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-14 14:52:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-14 16:35:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-14 16:35:21 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-14 14:54:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-14 16:32:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-14 14:52:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-14 16:27:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-14 16:27:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-14 14:54:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-14 16:32:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-14 16:32:48 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-04-14 14:53:04 7,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188678296-3888111633-339422319-1002_UserData.bin
+ 2008-04-14 16:27:35 7,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188678296-3888111633-339422319-1002_UserData.bin
- 2008-04-14 14:53:04 139,510 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-14 16:27:35 139,618 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-14 14:53:02 80,246 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-14 16:27:33 80,246 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-05-09 18:54 50736]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-06 13:02 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [ ]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [ ]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-26 18:46 77824]
"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [2005-04-07 04:18 557056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-25 20:46:38 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^ikke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\Windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 11:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 11:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-04-23 18:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-30 21:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 16:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-09-30 10:17 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{83523B6B-8F78-400F-8359-BFC5D585775A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D877737F-8D56-4B8D-AA82-3F0FD0BBBA79}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{0092543F-753A-4105-BDD0-C53B1204DD98}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{B1A3565D-DE06-4DFF-B189-4B7E2529227D}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6F015DB6-B455-4B64-97E2-F6B77EF49812}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{9339EF88-C9D8-4A3C-96B6-53B88A5E1CBC}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{667FCA5A-CC1B-4C55-9DDC-9843D3E3B73D}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{5A2ADFB7-9EBB-4697-B19F-0749B234CD06}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{4DFD7A31-919E-4A59-9137-D6914A164CA4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{22A6DE5F-2ECF-44CE-9240-66D6984EC106}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{757A06AC-E95A-44DE-9844-5F76B9B71CDB}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{38F37EDA-A5E8-42FB-92C5-194C7130D9C4}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{552D77A5-69D4-4600-A142-1EF2D05EE433}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare
"UDP Query User{0F60DED8-0E3F-40F3-A7BF-F483E30FEBAA}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare
"TCP Query User{DC482A8D-F2D4-47D4-B2CE-72B1C73DDAA5}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3FBC69B3-7328-4FEE-9987-E5858EE177FD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1ED630D7-5911-4783-9F7E-F6AD867FC5E2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{BDF77066-BFB8-41F3-B35E-3CBFA8158FDA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9C14A28B-07EF-4C7D-B814-A3A0FACCD585}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DF80080F-4B3E-4867-B985-0133274D6F4D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6DF00939-A66A-4A7E-8634-561867C5BFB8}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{61CAF39C-B025-4821-A035-708F6F724ADD}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe
"TCP Query User{A7BEAB48-648C-4BBB-83D8-75150936BDF8}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{A2ACD869-5728-4175-A2D5-46B703227E43}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"{1A76E207-7772-4600-A6CF-2DEADD620D11}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{D41B2AE6-2F98-4B0D-B89B-EF153FDDB234}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D824E184-7A55-4DAA-907C-95E5495AB8D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5F52C282-D76E-4720-A8BB-FE3A97D5987F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D2522863-5F7F-4627-A697-737125D1E6BF}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2
"UDP Query User{08671418-D823-4A60-B540-10FC3E3B999D}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2
"{2DB40983-6280-460F-8458-4019751D772A}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B6339253-71B2-43D5-9DBF-B9CBC6790BBB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{16CA3A18-28FF-4A59-A7E1-D27C88D29851}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{4997B15B-BBE2-4489-8679-47E2D665D7EC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DB4C318E-3FF6-4030-81B7-47D94C1BFE68}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2AAD00A5-5167-4E50-A7D7-3F732A8043A0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C9D7D84B-747D-4CCA-94DF-B111DD8A1414}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9A66DE17-E459-4651-B2C5-769BFEFF8F62}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{A29A89B3-3906-47C7-8CFD-02E8A86CE612}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= UDP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe
"UDP Query User{117E4158-75D0-45A2-8846-A68926E0CC41}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= TCP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe
"{C2D4D891-F47C-4801-86C3-26C4D199764B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFE1B510-6F8F-4E36-B39D-39EA221FED6E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{727CE370-29F0-4033-BE82-8871EB5E1A2B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{176C9E80-A887-411E-A12F-1D9C904F8762}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1112A60F-254C-4693-8F3B-0F6CB4B4F474}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{AF17A790-875F-4BBE-BB0D-76B0568A8E2C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{39454884-EEEE-4131-8BE9-95E022681A90}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C8BA96EB-F64F-470B-8007-615906F516F6}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8BE25293-98A8-44BA-AE3C-6468D4E44B27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{89287EED-F97B-4537-8B7A-96B388DF1AF3}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{93B0045B-1C90-4D4D-835C-AD204B436660}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{DF4CE028-FA2F-4D43-B5C3-8D3DDF1D3B66}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{2AAE8935-765E-4266-AA39-34A8E241AEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]
R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]
R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]
R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]
R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2007-10-29 12:55]
R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 09:44]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe" [2007-03-21 20:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 14:20]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-15 22:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d665a4e4-6e06-11dc-8e34-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
\shell\directx\command - F:\DirectX9\dxsetup.exe
\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4dce9cf-6f6e-11dc-823d-001a6be139af}]
\shell\AutoRun\command - N:\setup.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-14 16:35:00 C:\Windows\Tasks\User_Feed_Synchronization-{2CC08CE3-A954-4B66-89A4-84469A7D2A23}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 18:36:42
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-14 18:37:58
ComboFix-quarantined-files.txt 2008-04-14 16:37:50
ComboFix2.txt 2008-04-14 15:00:37
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
.
2008-04-13 19:29:51 --- E O F ---

hjackthis logje

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.00.1904
MSIE version: 7.0.6000.16609
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

deze hijackthis kreeg ik niet weg ==> O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing), krijg ook geen error fzo het gaat redelijk vlot maar als ik na de bewerking kijk of ie er niet meer staat ja dan staat ie er nog. mvg van bart

#19 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40941 berichten

Geplaatst 14 april 2008 - 18:39

Dat kan kloppen : dan moet je eerst deze service uitschakelen. Via Start -> Uitvoeren -> typ services.msc en zoek daar naar deze service. Als hij daar staat verwijderen of uitschakelen ... en dan daarna opnieuw proberen te verwijderen met HJT. En dat log van SDFix zou ik ook nog altijd graag zien ?

Verwijder ook je huidige HiJackThis en download een nieuwe versie HIER.

Daar kan je dan een nieuw logje mee maken en proberen bovenstaande service te fixen.

#20 bart 16

bart 16

    Lid

  • Gebanned
  • PipPipPip
  • 291 berichten

Geplaatst 14 april 2008 - 19:36

euhm als ik op die cmd klik dan krijg ik een foutmelding van wininit.dll dat hij die dll niet kan vinden en dat dit nieuw installeren hiervoor de oplossing kan zijn !! wat nu te doen ? MVG VAN BART ?




0 gebruiker(s) lezen dit onderwerp

0 leden, 0 gasten, 0 anonieme gebruikers

Over ons

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!