Emperor
-
Items
77 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Emperor
-
-
Zal t ff proberen
geen probleem als het geen officiële versie was?
-
Een tijdje geleden Adobe CS3 trachten te installeren. Installatie mislukte omdat ik nu windows7 gebruik.
Probeerde de installatie te annuleren, maar dat lukte niet.
Ook via configuratiescherm -> software verwijderen, lukt het niet.
Ik kan Adobe CS3 wel in de lijst zien staan, maar er gebeurt niets als ik verwijderen kies.
Bij elke opstart van Windows7, en elk Office-programma dat ik opstart, komt er automatisch een poging van Adobe om een plug-in te installeren. Hij zoekt de installatieschijf (die niet aanwezig is op dat moment, omdat de installatie toch niet lukt), en ik moet die installatie steeds annuleren (of afbreken), maar dat kost veel tijd en geheugen, want office-programma hangt daardoor effe vast vooraleer op te starten...
Kan iemand mij helpen?
Grtz,
Emperor
-
Hoe kan ik de administrator-autorisatie aanpassen?
Pc wordt enkel door mezelf en mijn echtgenote gebruikt. Alles mag dus door de 2 gekende gebruikers worden aangepast, geïnstalleerd, gedeïnstalleerd, ...
Maar als ik via configuratiescherm -> software verwijderen een programma probeer te verwijderen, krijg ik in sommige gevallen te zien dat ik niet over de rechten beschik om dat te doen...
In verkenner staan voor enkele mappen slotjes, maar voor andere niet. Die instellingen kan ik wel aanpassen, maar dat lukt niet altijd (soms ook de melding dat ik niet de rechten heb om dit te doen), en is tevens heel tijdrovend.
Ook installeren van software lukte niet altijd, maar dat lijkt te omzeilen door 'uitvoeren als administrator' te kiezen.
Iemand een voorstel om dit snel en grondig op te lossen?
Grtz,Emperor
-
nee, ik heb geen andere prog's van PC Tools staan.
die conduit is weg, en de babylon ook uit progr files, enkel heette die map myBabylon_english.
-
En die Doctor Spyware is dat misschien Spyware Doctor van PC Tools ?
Ja, da's Spyware Doctor
Enig idee wat hiermee te doen (blijkbaar is trouwens alleen de scan gratis, het opschonen van de bestanden betalend :s )
ps: die Conduitengine zal ik verwijderen.
-
heb de indruk dat de pc sneller werkt opnieuw.
Heb in 'configuratiescherm' en 'software' enkele programma's ook verwijderd die ik niet meer nodig had, en dat liep prima.
Enkel die Babylon blijft er precies opstaan. Die start niet meer automatisch op, maar als ik in 'siftware' op "verwijderen" klik, dan gebeurt er niets.
En ik probeerde Doctor Spyware ook te verwijderen, en dan kreeg ik de melding dat 'sdloader.exe' niet gevonden is, en daardoor wordt het blijkbaar niet verwijderd.
-
Dit is de log na de combo met de babylon-cfscript.txt
Kan je hiermee verder?
CU & Thx,
Emp
ComboFix 11-03-24.06 - Emperor 25/03/2011 23:28:26.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.414 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))
.
.
2011-03-24 17:37 . 2011-03-25 22:28 1409 ----a-w- c:\windows\QTFont.for
2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes
2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security
2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools
2011-03-23 17:53 . 2011-03-25 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe
2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe
2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe
2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe
2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe
2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe
1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe
1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL
1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL
1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE
1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]
"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]
LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]
R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]
S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-Spyware Doctor - c:\documents and settings\DEmperor\Bureaublad\sdsetup_revwire207.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(620)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-03-25 23:51:00
ComboFix-quarantined-files.txt 2011-03-25 22:50
ComboFix2.txt 2011-03-25 21:48
ComboFix3.txt 2011-03-25 09:05
.
Pre-Run: 25.121.751.040 bytes beschikbaar
Post-Run: 25.102.659.584 bytes beschikbaar
.
- - End Of File - - C55F933F401FD263C7F6356C43CACBE5
-
Nu de ComboFix gestart op de Babylon-resten met de nieuwe CFScript.txt. Even zien wat er nu gebeurt.
Grtz,
Emperor
-
Combo is toch beëindigd. (had de indruk dat avast die tegenhield: was terug opgesprongen bij heropstarten. Heb die uitgezet toen ik een waarschuwing van avast voor combofix kreeg, en toen schoot combo in gang).
Hieronder de logfile (nog niet je raad over babylon opgevolgd, dat doe ik zo meteen):
ComboFix 11-03-24.03 - Emperor 25/03/2011 12:15:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.493 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_rseb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))
.
.
2011-03-24 17:37 . 2011-03-25 11:32 1409 ----a-w- c:\windows\QTFont.for
2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes
2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security
2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools
2011-03-23 17:53 . 2011-03-25 14:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe
2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe
2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe
2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe
2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe
2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe
1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe
1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL
1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL
1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE
1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]
"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]
"Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]
LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]
R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]
S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 15:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Voltooingstijd: 2011-03-25 22:48:56 - machine werd herstart
ComboFix-quarantined-files.txt 2011-03-25 21:48
ComboFix2.txt 2011-03-25 09:05
.
Pre-Run: 25.418.760.192 bytes beschikbaar
Post-Run: 25.122.717.696 bytes beschikbaar
.
- - End Of File - - 6CC13661BB32C76F05DCFDD31C18BDA6
-
Nog niet bezig aan bestanden van Babylon.
ondertussen 4u later en nog steeds blauwe scherm van combo met daarin: Log rapport wordt voorbereid - Start geen andere programma's tot ComboFix klaar is.
Is het normaal dat die log nog steeds niet klaar is?
(van zodra ik kan, of je opnieuw reageert, zal ik die resten van Babylon ook aanpakken)
-
Kan het zijn dat combo automatisch de pc opnieuw heeft opgestart?
Heb het in gang gezet, ben een paar uur weg geweest en ik kom terug en zie mijn inlogscherm.
Bij verder in windows opstarten komt er opnieuw een blauw combo venstertje.
Die Babylon wilde ik ooit eens gebruiken als een vertaalprogramma. Die toolbar is met het programma meegekomen. Heb het trouwens nooit gebruikt, want online oplossingen bleken veel beter vertalingen te geven.
Zou dit toolbar ook een probl kunnen zijn misschien?
-
Log van combofix: (ter info: snelheid is nog niet helemaal ok hoor, loopt nog af en toe even vast, waarna plots alle commando's ineens uitgevoerd worden)
ComboFix 11-03-24.03 - Emperor 25/03/2011 9:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.268 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
c:\program files\autorun.inf
c:\program files\Setup.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))
.
.
2011-03-24 17:37 . 2011-03-25 08:58 1409 ----a-w- c:\windows\QTFont.for
2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes
2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security
2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools
2011-03-23 17:53 . 2011-03-24 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software
2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe
2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe
2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe
2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe
2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe
2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe
1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe
1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL
1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL
1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE
1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]
"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]
"Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]
LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]
R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]
S0 rseb;rseb; [x]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]
S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job
- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-SCM - c:\program files\silver crest memory adapter tools2.93\scma.exe
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 09:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2011-03-25 10:05:40
ComboFix-quarantined-files.txt 2011-03-25 09:05
.
Pre-Run: 11.879.088.128 bytes beschikbaar
Post-Run: 25.404.387.328 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 84FAC238AD86A753212A90D1F456FB47
-
met de combo bezig
(gister op t werk gaf iemand de tip om met systeemherstel te proberen, kan dat een oplossing zijn? enige probleem: in bureau-acc ontbreekt die functie, net als defragmentatie. let wel: dit heeft niets met dit virus te maken, want was daarvoor al eens weggeraakt)
-
momenteel lijkt het goed te gaan, maar de pc stond de hele nacht op
ik heb de indruk dat het bij het opstarten slechtst is, nl alle programma's die geladne moetne worden rechtsonder in beeld naast de klok. en dan ook nog dat op het bureaublad de helft van de icoontjes ontbreekt (afbeeldingetje kan niet gevonden worden)
maar ik zal de pc even heropstarten en kom dan met meer nieuws...
---------- Post toegevoegd om 08:51 ---------- Vorige post was om 08:45 ----------
ik zal de combofix eerst doen vooraleer herop te starten
---------- Post toegevoegd om 08:58 ---------- Vorige post was om 08:51 ----------
enkel antivurssen tijdje uitschakelen, of ook de firewalls?
-
en toen ik gister naar het werk vertrok (nog steeds voor ik bij jullie terechtkwam) zette ik een volledige systeemscan in, dus gn snelle scan. daarbij werden ook nog 2 bedreigingen gevonden. Logje van MBAM hieronder:
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 6145
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
24/03/2011 17:40:52
mbam-log-2011-03-24 (17-40-52).txt
Scantype: Volledige scan (C:\|D:\|E:\|)
Objecten gescand: 504114
Verstreken tijd: 3 uur/uren, 49 minuut/minuten, 24 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\program files\flac to mp3 converter\all2mp3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\autostretch_hsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
-
Dit is de MBAM log:
(niets gevonden, maar is dat niet logisch? Ik deed voor ik op dit forum terechtkwam reeds een MBAM op aanraden van mijn schoonvader, en toen heeft ie +/-160 mappen en bestanden geïnfecteerd verwijderd.)
Nog een HJT nodig? Of wil iemand het MBAM-logje van eergister zien?
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 6164
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
25/03/2011 8:28:00
mbam-log-2011-03-25 (08-28-00).txt
Scantype: Snelle scan
Objecten gescand: 226509
Verstreken tijd: 17 minuut/minuten, 2 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
---------- Post toegevoegd om 08:32 ---------- Vorige post was om 08:28 ----------
in afwachting toch het HJT-logje ook gemaakt:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:35:53, on 25/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MD40323\ICON.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
K:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ?
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 19554 bytes
---------- Post toegevoegd om 08:37 ---------- Vorige post was om 08:32 ----------
en voor de volledigheid geef ik ook nog het logje van MBAM mee dat ik op 23/03 maakte:
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 6145
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
23/03/2011 21:54:13
mbam-log-2011-03-23 (21-54-13).txt
Scantype: Snelle scan
Objecten gescand: 226358
Verstreken tijd: 19 minuut/minuten, 40 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 5
Bestanden geïnfecteerd: 158
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
c:\program files\Wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\documents and settings\de keyser michaël\local settings\Temp\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1618.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F277.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F100.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F11.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1147.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1155.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1192.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F12.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F13.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1326.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1385.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1405.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F148.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1481.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1530.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1550.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1559.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1643.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1656.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1671.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1683.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F175.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1759.wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F1764.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F188.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F203.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F207.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F218.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F228.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F233.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F242.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F246.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F295.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F307.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F328.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F350.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F364.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F379.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F390.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F401.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F43.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F44.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F445.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F452.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F492.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F493.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F502.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F544.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F579.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F676.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F718.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F759.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F800.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F815.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F840.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F876.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F901.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F912.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F943.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F950.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod8\F\F975.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F260.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F376.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F104.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F107.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F111.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F122.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F127.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F129.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F131.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F141.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F144.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F15.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F152.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F154.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F158.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F159.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F172.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F176.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F181.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F187.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F197.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F210.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F214.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F219.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F22.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F227.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F23.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F234.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F237.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F248.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F249.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F25.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F254.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F259.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F261.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F266.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F271.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F285.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F287.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F288.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F297.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F323.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F325.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F336.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F341.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F344.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F35.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F359.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F362.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F367.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F37.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F371.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F378.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F395.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F398.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F404.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F411.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F421.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F424.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F426.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F431.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F434.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F436.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F440.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F444.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F6.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F7.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F70.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F72.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F73.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F75.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F78.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F8.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F82.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F90.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F91.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\Wav\Mod9\F\F98.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
-
Via Google en zoeken op oplossingen voor mijn virusprobleem kwam ik op deze site terecht. in tegenstelling tot enkele andere fora leek de uitleg mij hier veel duidelijker!
Ondertussen probeer ik samen met enkele andere leden en mod's en admin's het probleem op te lossen. Hopen dat 't lukt.
Gr, Emperor
-
ja, dat zal ik doen
morgen is er mss al reactie
bedankt voor de hulp!
-
logje is verschenen (zonder veilige modus):
dit stond er:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:36, on 24/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MD40323\ICON.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
K:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ?
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 20334 bytes
-
programma blijft precies hangen bij O23 - NT Services
loopt het normaal vanzelf nog verder? Of moet ik al iets doen? (ik dacht gewoon wachten op de log)
-
is het ok als ik de exe run van op de stick?
(dat gebeurt nu)
of moet ik hem naar bureaublad kopieren?
gr, Emp
-
internetverbinding met geïnfecteerde pc lukt niet (duurt te lang)
ik doe het dan maar met de exe van op mijn usb-stick
(net 10min!!! gewacht op het pop-upje als je met de rechter muisknop op 'start' klikt :s )
-
neem ik de Version 2.0.5 (Beta)
of de Version 2.0.4
van hjt?
om tijd te winnen, gezien mijn pc zo traag werkt:
kan ik het exe-bestand downloaden op een andere pc (of mijn laptop) en via een usb-stick 'uitvoeren' op mijn pc?
of gaan er dan foute resultaten komen? Of kan ik dan de nodige acties niet allemaal uitvoeren?
-
ok, doe ik vanaf ik kan.
thx voor de info!
Adobe CS3 verwijderen
in Archief Andere software
Geplaatst:
Krijg AdobeCS3 niet verwijderd.
Via de Adobe - Adobe Creative Suite Cleaner Tool lukt het ook niet.
Daarna CCleaner geprobeerd. Maar nog steeds zelfde probleem.
Grootte van 2.586MB wordt weergegeven.
Misschien een detail: er staat niet in de lijst van software Adobe CS3, er staat 'Adobe CS3 Design Premium toevoegen of verwijderen'...