Zjubie
-
Items
29 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Zjubie
-
-
Heey iedereen,
Ik heb wat programma's gedownload, maar er is veel rotzooi op de computer komen te staan. Dus ik vroeg me af of jullie me kunnen helpen om het eraf te halen
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:09, on 8-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11383 bytes
Alvast bedankt!
-
Malwarebytes Anti-Malware 1.62.0.1300
Databaseversie: v2012.09.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Job :: JOB-HP [administrator]
8-9-2012 11:36:14
mbam-log-2012-09-08 (11-36-14).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 193803
Verstreken tijd: 2 minuut/minuten, 6 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:09, on 8-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11383 bytes
-
Bedankt voor de snelle reactie, hier is het logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:03:07, on 7-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Job\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12060 bytes
-
Heeey,
Ik ben waarschijnlijk de honderdste die met dit probleem komt, maar babylon heeft zich lekker ingenesteld in mn pc. Dus wil ik het graag weg hebben.
Ik moet hier een HJT-logje voor hebben, maar kunnen jullie even de link van de download geven, dan zet ik het logje er op
Alvast bedankt!
-
jah dat heb ik ook gedaan, volgende keer zal ik duidelijker zijn hhaah
-
Ik heb het gedownload
-
Je moet ook nog Servoce Pack 2 voor Vista opnieuw installeren.
Je kan het SP 2 hier downloaden.
Sla het bestand op en dan dubbelklikken om de installatie te starten.
Je hebt de link voor xp gegeven. ik heb vista
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:38:36, on 4-9-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Opera\Opera.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4090497035-419787805-1109558852-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Hidde')
O4 - HKUS\S-1-5-21-4090497035-419787805-1109558852-1001\..\Run: [Google Update] "C:\Users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Hidde')
O4 - S-1-5-21-4090497035-419787805-1109558852-1001 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Hidde')
O4 - S-1-5-21-4090497035-419787805-1109558852-1001 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Hidde')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 11387 bytes
-
Beste Allemaal!
Ik heb een tijd geleden jullie hulp ook al ingeroepen, en dat werkte toen perfect. Het probleem is dat de computer een keer niet wilde opstarten, toen bood het aan om het probleem te zoeken. Hierdoor is het weer terug gegaan naar een checkpoint (hoe je het ook noemt) hoe de computer een half jaar geleden was. Er zijn kleine problemen met bepaalde programma's. Er zijn er weer een aantal bijgekomen, die ik met behulp van jullie laatst had verwijderd. Hopelijk kunnen jullie mij nogmaals helpen.
Edit: Soms bij het opstarten van de computer krijg ik een blauw scherm met daarop dat er schadelijke bestanden zijn gevonden, en dan sluit ie automatisch af.
Job
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:58, on 4-9-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4090497035-419787805-1109558852-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Hidde')
O4 - HKUS\S-1-5-21-4090497035-419787805-1109558852-1001\..\Run: [Google Update] "C:\Users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Hidde')
O4 - S-1-5-21-4090497035-419787805-1109558852-1001 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Hidde')
O4 - S-1-5-21-4090497035-419787805-1109558852-1001 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Hidde')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 12873 bytes
Malwarebytes' Anti-Malware 1.51.1.1800
Databaseversie: 7611
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
4-9-2011 13:02:07
mbam-log-2011-09-04 (13-02-07).txt
Scantype: Snelle scan
Objecten gescand: 208690
Verstreken tijd: 9 minuut/minuten, 23 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
-
Wat bedoel je precies met manueel verwijderen?
Ik zie nog een icoontje van whitesmoke op mijn bureaublad staan en in mn taakbalk onderin.
-
Whitesmoke is er nog steeds. En in welk stadium zitten we eigenlijk van het opruimen van de pc?
Op de laptop zitten boxen ingebouwd. alleen die klinken zal ik maar zeggen hol. niet het geluid wat eruit hoort te komen. is dit op te lossen?
ComboFix 11-06-06.01 - Eigenaar 06-06-2011 20:21:34.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1099 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\program files\WhiteSmoke\WSEnrichment.exe"
"c:\users\Eigenaar\AppData\Local\Temp\CFcatchme.sys"
"c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk"
"c:\windows\system32\qteryp.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files\WhiteSmoke
c:\program files\WhiteSmoke\buy.ico
c:\program files\WhiteSmoke\ComVistaElevator.dll
c:\program files\WhiteSmoke\FloatButtonWhiteApps.txt
c:\program files\WhiteSmoke\FuncServer_WDC_x64.exe
c:\program files\WhiteSmoke\HookDllOE.dll
c:\program files\WhiteSmoke\HookDllOE64.dll
c:\program files\WhiteSmoke\html\english\common\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\common\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\common\js\common.js
c:\program files\WhiteSmoke\html\english\common\js\pngfix.js
c:\program files\WhiteSmoke\html\english\common\js\prototype.js
c:\program files\WhiteSmoke\html\english\common\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\dictionary.html
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg_old.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\left_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\loading_dictionary.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\right_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\search_strip_bg3.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_over.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\spacer.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\index.html
c:\program files\WhiteSmoke\html\english\dictClientDic\js\common.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\dictInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.combobox.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\prototype.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\transInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\style\combobox.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\dictionary.css
c:\program files\WhiteSmoke\html\english\dictClientDic\translator.html
c:\program files\WhiteSmoke\html\english\floatingButton\blue-Q-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-X-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\index.html
c:\program files\WhiteSmoke\html\english\floatingButton\red&blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Background\howto_bg.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\spacer.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\index.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\index.js
c:\program files\WhiteSmoke\html\english\floatingButton_howto\style\style.css
c:\program files\WhiteSmoke\html\english\gui\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\base_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_top_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.p_goldng
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\cascade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\collapse.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_bl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_br2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_dot.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_sub_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu_dis.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tr2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\Copy of notice_right_top_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_sidefade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\feather.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\inputline_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftBottom3.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide3.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_old.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_checked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_unchecked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\resize_gripper.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightBottom.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_blue.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_purple.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_red.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_left_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_right_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\ticket.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\top_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft__.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft_from_home.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsRight.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topRightBorder.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\wslogo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full3.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\smallclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.jpg
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px_11.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\green.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_1.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logologo2_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\grammarexpclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_up.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\closedy2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\content-review4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\dot.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down-content.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\li-content.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\opencq8.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\report.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow_good.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_analyze.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_complete.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_connection.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_expired.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.swf
c:\program files\WhiteSmoke\html\english\gui\img\screens\myWelcome.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_bottom.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_gold.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_old.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up_11.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_up.png
c:\program files\WhiteSmoke\html\english\gui\img\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\index.html
c:\program files\WhiteSmoke\html\english\gui\js\appInterface.js
c:\program files\WhiteSmoke\html\english\gui\js\builder.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\common.js
c:\program files\WhiteSmoke\html\english\gui\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\gui\js\controls.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\dictionaryContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\dragdrop.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\effects.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentsContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\final.js
c:\program files\WhiteSmoke\html\english\gui\js\gmonitor.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarCache.class.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\gui\js\iframeTest.js
c:\program files\WhiteSmoke\html\english\gui\js\jqModal.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.2.6.pack.NotUSED.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.min.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.ba-throttle-debounce.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.jeegoocontext.min.js
c:\program files\WhiteSmoke\html\english\gui\js\monitor.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\builder.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\controls.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\dragdrop.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\effects.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\prototype.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\slider.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\sound.js
c:\program files\WhiteSmoke\html\english\gui\js\prototype.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\scriptaculous.js
c:\program files\WhiteSmoke\html\english\gui\js\slider.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\sound.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\spellingContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\summary.js
c:\program files\WhiteSmoke\html\english\gui\js\supersleight.js
c:\program files\WhiteSmoke\html\english\gui\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\gui\js\tooltip.js
c:\program files\WhiteSmoke\html\english\gui\js\unittest.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_content_manager.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_functions.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_links.js
c:\program files\WhiteSmoke\html\english\gui\js\x.gif
c:\program files\WhiteSmoke\html\english\gui\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenus.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenusContext.js
c:\program files\WhiteSmoke\html\english\gui\style\combobox.css
c:\program files\WhiteSmoke\html\english\gui\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\gui\style\dictionary.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichment.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichments.css
c:\program files\WhiteSmoke\html\english\gui\style\grammar.css
c:\program files\WhiteSmoke\html\english\gui\style\iframeTest.css
c:\program files\WhiteSmoke\html\english\gui\style\indexnew.css
c:\program files\WhiteSmoke\html\english\gui\style\jeegoo.css
c:\program files\WhiteSmoke\html\english\gui\style\jqModal.css
c:\program files\WhiteSmoke\html\english\gui\style\screens.css
c:\program files\WhiteSmoke\html\english\gui\style\spelling.css
c:\program files\WhiteSmoke\html\english\registration\img\banner.gif
c:\program files\WhiteSmoke\html\english\registration\img\banner.png
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_click.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.png
c:\program files\WhiteSmoke\html\english\registration\img\f2.gif
c:\program files\WhiteSmoke\html\english\registration\index.html
c:\program files\WhiteSmoke\html\english\registration\js\regInterface.js
c:\program files\WhiteSmoke\html\english\registration\style\registration.css
c:\program files\WhiteSmoke\html\english\settings\css\index.css
c:\program files\WhiteSmoke\html\english\settings\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\settings\img\Background\main_bg.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_on.png
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\settings\index.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\settings\js\settingsInterface.js
c:\program files\WhiteSmoke\html\english\templates\dtree.css
c:\program files\WhiteSmoke\html\english\templates\dtree.js
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyInnappropriateBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyUnjustBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Community Work\ResignationFromVoluntaryPosition.html
c:\program files\WhiteSmoke\html\english\templates\General\Condolences\LetterOfCondolence.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\CoverLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\GrantCoverSheet.html
c:\program files\WhiteSmoke\html\english\templates\General\Family\FamilyNewsUpdate.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\AgreementToCompromiseDebt.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\BankError.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\DebtValidation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\InvestigationOfBillingInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditGeneral.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditIrrevocable.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditRevolving.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfDispute.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RemovalOfInadequateInformation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReplyToApplicationForCredit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RequestForIncreaseOfCreditLimit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReturningUnsignedCheck.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\UnauthorizedCreditInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\AChristmasWish.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ArrivalOfChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\BlessingsAtChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetings.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsMessage.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToASpouse.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToWorkers.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasWishes.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\HappyChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\InTheStillOfTheNightChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\JoyousOccasion.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\LovePeaceAndJoy.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasAndHappyNewYear.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasToFamily.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsOnYourGraduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsToTheGraduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\YouHaveGraduated.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmployeePerformanceReviewAndPlanningSessions.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmploymentApplications.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\HealthRelatedIssues.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\NewEmployeeOrientation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TerminationOfEmployment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TuitionReimbursementPolicy.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\EmploymentReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\JobReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\LetterOfReference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\ReferenceLetterByAcquaintance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\RequestForEmployeeReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\VerificationOfEmploymentLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Letter Requesting Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Refusal of Resquest For Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Leave of Absence.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Letter of Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Meeting Regarding Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Paid or Unpaid Leave.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request For Salary Increase.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request to Schedule an Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Acknowledgment of Job Application.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Confirmation of Job Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Final Warning Before Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Rejection of Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Employment Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Introduction of New Employee.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Letter for Assistant Professor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\LetterForTenureTrackAssociateProfessor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Offer of Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Request for Employment Test.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Accept or Decline Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Offer Acceptance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You Letter After Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You to Applicant for Testing.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Acceptance of Employee's Resignation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Employee Termination Notice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Job Resignation Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Personnel Office\Notice of Decision to Reprimand.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Cover Letter Auditor Development Program.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Application Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Disabled Citizens.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Software Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Law Internship Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Letters of Recommendation\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Accounting Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Administrative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Banking Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Customer Service Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Database and Application Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\End User Trainer and Instructional Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Engineering Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Freelance Marcom Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\General CV Format.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Graphic Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Healthcare Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Internship Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Java Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Administrator Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Director Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Essay Residency Experience.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume - Physician.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume Partnership in General Practice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\PowerPoint Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Product Delivery Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Sales Representative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Software QA Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Publication Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Writer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Maintainer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Advertising Commitment Form.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Art Advertising Flyer.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Request for Advertising Rate.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Subscriber Letter News Service.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Legal\Assignment of Literary Property.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Comments to Author Regarding Book.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Introduction of Novel.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Interest to Magazine.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Magazine Review.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Promotional Letter Antique Shop.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Resumes\Actor Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Career Change.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Letter to a Friend Regarding Change of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Sale of Automobile or Other Motor Vehicle.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Upset Regarding Loss of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Admissions Essay for Entrance to Theater Institute.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Essay - Describe Events.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Graduate School Literary Essay.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter for Accounting Position.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter in Journalism.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Compliment Student on Graduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Congratulations to High School Graduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Personal Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Request for Financial Assistance from Parents.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Resume for After-School Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Automotive Service Industry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Forestry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Wildlife.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Appreciation of Scholarship.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for University Application Material.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Letter Thanking Coworker for Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Message of Thanks.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Thank You Staff for Emotional Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Letter of Congratulations.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Welcome New Tenants.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Wishes for Speedy Recovery.html
c:\program files\WhiteSmoke\html\english\templates\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\apply_over.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_press.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_up.png
c:\program files\WhiteSmoke\html\english\templates\img\atart_arrow.jpg
c:\program files\WhiteSmoke\html\english\templates\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\borders.png
c:\program files\WhiteSmoke\html\english\templates\img\borders_good.png
c:\program files\WhiteSmoke\html\english\templates\img\borders2.png
c:\program files\WhiteSmoke\html\english\templates\img\borders3.png
c:\program files\WhiteSmoke\html\english\templates\img\bullet.gif
c:\program files\WhiteSmoke\html\english\templates\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\close.png
c:\program files\WhiteSmoke\html\english\templates\img\close2.png
c:\program files\WhiteSmoke\html\english\templates\img\dirClose.png
c:\program files\WhiteSmoke\html\english\templates\img\dirOpen.png
c:\program files\WhiteSmoke\html\english\templates\img\empty - Copy.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty2.gif
c:\program files\WhiteSmoke\html\english\templates\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\myEmpty.png
c:\program files\WhiteSmoke\html\english\templates\img\neg_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\open.png
c:\program files\WhiteSmoke\html\english\templates\img\open2 - Copy.png
c:\program files\WhiteSmoke\html\english\templates\img\open2.png
c:\program files\WhiteSmoke\html\english\templates\img\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\top_close.png
c:\program files\WhiteSmoke\html\english\templates\img\top_open.png
c:\program files\WhiteSmoke\html\english\templates\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\index.html
c:\program files\WhiteSmoke\html\english\templates\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\templates\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\templates\js\templatesInterface.js
c:\program files\WhiteSmoke\html\english\templates\menu.htm
c:\program files\WhiteSmoke\html\english\templates\objects\ebook_js.js
c:\program files\WhiteSmoke\html\english\templates\objects\flashobject.js
c:\program files\WhiteSmoke\html\english\templates\objects\mcl.css
c:\program files\WhiteSmoke\html\english\templates\objects\navigation.js
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmbasic.css
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmscripts.js
c:\program files\WhiteSmoke\html\english\templates\objects\parseURL.js
c:\program files\WhiteSmoke\html\english\templates\objects\utils.js
c:\program files\WhiteSmoke\html\english\templates\objects\wm_cookies.js
c:\program files\WhiteSmoke\html\english\templates\start.html
c:\program files\WhiteSmoke\html\english\templates\style\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\templates\style\style.css
c:\program files\WhiteSmoke\html\english\templates\style\templates.css
c:\program files\WhiteSmoke\html\english\userGuide\css\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style - Copy.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style.css
c:\program files\WhiteSmoke\html\english\userGuide\faq.html
c:\program files\WhiteSmoke\html\english\userGuide\images\arr.png
c:\program files\WhiteSmoke\html\english\userGuide\images\arr2.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\bg-good.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg - Copy.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg.png
c:\program files\WhiteSmoke\html\english\userGuide\images\boxBlackFix.png
c:\program files\WhiteSmoke\html\english\userGuide\images\buttons.png
c:\program files\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png
c:\program files\WhiteSmoke\html\english\userGuide\images\correctionssuggestions.png
c:\program files\WhiteSmoke\html\english\userGuide\images\dictionaryTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\faq.png
c:\program files\WhiteSmoke\html\english\userGuide\images\i.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\I.png
c:\program files\WhiteSmoke\html\english\userGuide\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\nav.jpg
c:\program files\WhiteSmoke\html\english\userGuide\images\otk.png
c:\program files\WhiteSmoke\html\english\userGuide\images\t.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\TheRight-clickMenu.png
c:\program files\WhiteSmoke\html\english\userGuide\images\TheTemplatesTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\translatorTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WriterTab.png
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\userGuide\js\userGuide.js
c:\program files\WhiteSmoke\html\english\userGuide\troubleshooting.html
c:\program files\WhiteSmoke\html\english\userGuide\userGuide.html
c:\program files\WhiteSmoke\Microsoft.VC80.CRT.manifest
c:\program files\WhiteSmoke\msvcp80.dll
c:\program files\WhiteSmoke\msvcr80.dll
c:\program files\WhiteSmoke\NotifierWhiteApps.txt
c:\program files\WhiteSmoke\osmax.ocx
c:\program files\WhiteSmoke\osmax64.ocx
c:\program files\WhiteSmoke\secman.dll
c:\program files\WhiteSmoke\secman64.dll
c:\program files\WhiteSmoke\settings.ini
c:\program files\WhiteSmoke\TCCons.dll
c:\program files\WhiteSmoke\TCCons_x64.dll
c:\program files\WhiteSmoke\Uninst.exe
c:\program files\WhiteSmoke\WCapture.dll
c:\program files\WhiteSmoke\WCapture_x64.dll
c:\program files\WhiteSmoke\WCaptureX.dll
c:\program files\WhiteSmoke\WCaptureX_x64.dll
c:\program files\WhiteSmoke\WCustom.dll
c:\program files\WhiteSmoke\WCustom_x64.dll
c:\program files\WhiteSmoke\WhiteSmokeRegistration.exe
c:\program files\WhiteSmoke\WHook.dll
c:\program files\WhiteSmoke\WHook_x64.dll
c:\program files\WhiteSmoke\Writer.ico
c:\program files\WhiteSmoke\WSDictHookDll.dll
c:\program files\WhiteSmoke\WSEngine.dll
c:\program files\WhiteSmoke\WSEnrichment.exe
c:\program files\WhiteSmoke\WSLogger.exe
c:\program files\WhiteSmoke\WSMouseHook.dll
c:\program files\WhiteSmoke\WSTray64.exe
c:\programdata\SweetIM
c:\programdata\SweetIM\Messenger\conf\adapter.xml
c:\programdata\SweetIM\Messenger\conf\autoupdate.xml
c:\programdata\SweetIM\Messenger\conf\contentpackages.xml
c:\programdata\SweetIM\Messenger\conf\logger.xml
c:\programdata\SweetIM\Messenger\conf\messages.xml
c:\programdata\SweetIM\Messenger\conf\sweetim.xml
c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml
c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml
c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.html
c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.js
c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.swf
c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat
c:\programdata\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg
c:\windows\system32\config\systemprofile\AppData\Roaming\KB897623.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
c:\windows\system32\qteryp.exe
c:\windows\system32\znwujjau.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CFCATCHME
-------\Service_CFcatchme
-------\Service_yuclwxci
-------\Service_qteryp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-06 to 2011-06-06 ))))))))))))))))))))))))))))))
.
.
2011-06-06 18:36 . 2011-06-06 18:42 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2011-06-06 18:36 . 2011-06-06 18:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-06 18:36 . 2011-06-06 18:36 -------- d-----w- c:\users\Hidde\AppData\Local\temp
2011-06-06 18:36 . 2011-06-06 18:36 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-06-06 18:36 . 2011-06-06 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 14:10 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6110A3AF-A83F-47CD-8840-381B7B3F87FF}\mpengine.dll
2011-06-03 13:26 . 2011-06-03 13:26 -------- d-----w- c:\users\Default\Tracing
2011-05-23 18:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:07 . 2011-06-01 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 15:03 . 2011-05-23 15:03 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03 . 2011-05-23 15:03 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 17:07 . 2011-01-29 13:51 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-09 20:46 . 2010-08-20 09:18 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12 . 2011-04-15 14:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-15 14:22 1161728 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-08-24 2356088]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-20 232912]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 44544]
scanxdiskbk86.dll [2009-6-10 589824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl05309e8f;MpKsl05309e8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKsle820e8eb;MpKsle820e8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2980EAB4-4D47-48EF-BB55-F3C88126527E}\MpKsle820e8eb.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-06 20:40
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(2744)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-06 20:50:58 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-06 18:50
ComboFix2.txt 2011-06-03 14:08
ComboFix3.txt 2011-05-31 10:29
ComboFix4.txt 2011-05-30 16:18
ComboFix5.txt 2011-06-06 18:19
.
Pre-Run: 94.424.825.856 bytes beschikbaar
Post-Run: 94.951.337.984 bytes beschikbaar
.
- - End Of File - - 83DB680D2944F57ED7B720FC51315022
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:49, on 6-6-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: scandisk.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: scanxdiskbk86.dll (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 8988 bytes
-
ja is weer prima. bedankt!
-
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 6784
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06-06-2011 10:11:34
mbam-log-2011-06-06 (10-11-34).txt
Scantype: Snelle scan
Objecten gescand: 166065
Verstreken tijd: 7 minuut/minuten, 54 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 6
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 9
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Value: idln2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\documents and settings\boudewijn\local settings\Temp\0.6392573924603935.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
c:\documents and settings\boudewijn\local settings\Temp\Akp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\boudewijn\local settings\Temp\Akq.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\boudewijn\local settings\Temp\Akr.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\boudewijn\local settings\Temp\8593997.exe (Spyware.Wemon) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1317812375exe. 1836 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1382531056exe. 1836 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1583526854exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\userinitxx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:13, on 06-06-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
Z:\Boudewijn\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GBMHome8Agent] "C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HipServ Agent] C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Z-schijf] net use z: \\192.168.0.50\GedeeldeBestanden /user:gast gast09
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://telewerken.jumbosupermarkten.nl/webapp/psvpns/VPNInstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8EFF83-53F9-4FC6-A3C6-70797FD1367D}: NameServer = 213.46.228.196,62.179.104.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E8EFF83-53F9-4FC6-A3C6-70797FD1367D}: NameServer = 213.46.228.196,62.179.104.196
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\Program Files\AEP\SSLTunnel\NVPNs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 8052 bytes
-
Heey iedereen,
Via dumpert.nl werd ik naar een verkeerde site gestuurd en daarna is het internet heel langzaam geworden.
misschien probleem..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:38, on 05-06-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
z:\Boudewijn\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: LW Plus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: LW Plus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LW Plus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim2.dll
O4 - HKLM\..\Run: [GBMHome8Agent] "C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HipServ Agent] C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Z-schijf] net use z: \\192.168.0.50\GedeeldeBestanden /user:gast gast09
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37066585-F2BD-4F2E-A6C6-F2CB64EEE826} (AEP SSL Tunnel Client ActiveX Control) - https://telewerken.jumbosupermarkten.nl/webapp/psvpns/VPNInstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8EFF83-53F9-4FC6-A3C6-70797FD1367D}: NameServer = 213.46.228.196,62.179.104.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E8EFF83-53F9-4FC6-A3C6-70797FD1367D}: NameServer = 213.46.228.196,62.179.104.196
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: AEP SSL Tunnel Helper Service (NetillaVPNService) - AEP Networks, Inc. - C:\Program Files\AEP\SSLTunnel\NVPNs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 8557 bytes
-
Er is opeens een whitesmoke icoontje op mijn bureaublad komen te staan. van Buy whitesmoke.
ComboFix 11-06-03.02 - Eigenaar 03-06-2011 15:45:38.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1841 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\TEMP\5724.tmp
c:\windows\TEMP\wh58.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))
.
.
2011-06-03 13:58 . 2011-06-03 13:59 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2011-06-03 13:58 . 2011-06-03 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-03 13:58 . 2011-06-03 13:58 -------- d-----w- c:\users\Hidde\AppData\Local\temp
2011-06-03 13:58 . 2011-06-03 13:58 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-06-03 13:58 . 2011-06-03 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-03 13:34 . 2011-06-03 13:34 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FC4BB52-CF6C-4B91-B881-ECD2B80C8AD1}\MpKsla2825961.sys
2011-06-03 13:26 . 2011-06-03 13:26 -------- d-----w- c:\users\Default\Tracing
2011-06-03 13:26 . 2011-06-03 13:26 -------- d-----w- c:\program files\SweetIM
2011-06-03 13:26 . 2011-06-03 13:26 -------- d-----w- c:\program files\WhiteSmoke
2011-06-03 13:26 . 2011-06-03 13:26 -------- d-----w- c:\programdata\SweetIM
2011-06-01 14:25 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FC4BB52-CF6C-4B91-B881-ECD2B80C8AD1}\mpengine.dll
2011-06-01 12:14 . 2011-06-01 12:14 62976 ----a-w- c:\windows\system32\qteryp.exe
2011-05-23 18:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:07 . 2011-06-01 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 15:03 . 2011-05-23 15:03 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03 . 2011-05-23 15:03 -------- d-----w- c:\program files\Trend Micro
2011-05-06 12:10 . 2011-05-06 12:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-06 09:48 . 2011-05-31 10:24 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:20 . 2011-05-05 16:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 17:07 . 2011-01-29 13:51 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-30 17:06 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-09 20:46 . 2010-08-20 09:18 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12 . 2011-04-15 14:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-15 14:22 1161728 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 13:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-08-24 2356088]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-20 232912]
.
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2011-4-12 2162688]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 44544]
scanxdiskbk86.dll [2009-6-10 589824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl05309e8f;MpKsl05309e8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKsle820e8eb;MpKsle820e8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2980EAB4-4D47-48EF-BB55-F3C88126527E}\MpKsle820e8eb.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 qteryp;Windows Autenthification Service;c:\windows\system32\qteryp.exe [2011-06-01 62976]
R2 yuclwxci;Brother MFC USB Serial WDM Support;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 CFcatchme;CFcatchme;c:\users\Eigenaar\AppData\Local\Temp\CFcatchme.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsla2825961;MpKsla2825961;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FC4BB52-CF6C-4B91-B881-ECD2B80C8AD1}\MpKsla2825961.sys [2011-06-03 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSLA2825961
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yuclwxci
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKU-Default-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-03 15:59
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-06-03 16:08:26
ComboFix-quarantined-files.txt 2011-06-03 14:08
ComboFix2.txt 2011-05-31 10:29
ComboFix3.txt 2011-05-30 16:18
ComboFix4.txt 2011-05-25 20:06
ComboFix5.txt 2011-06-01 13:31
.
Pre-Run: 91.962.146.816 bytes beschikbaar
Post-Run: 92.024.594.432 bytes beschikbaar
.
- - End Of File - - 524C29D142036D4875E1EF118CC9BE3F
-
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 6736
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
1-6-2011 14:14:13
mbam-log-2011-06-01 (14-14-13).txt
Scantype: Snelle scan
Objecten gescand: 190970
Verstreken tijd: 5 minuut/minuten, 12 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 21
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
c:\WINDOWS\System32\nyload3A.dll (Heuristics.Shuriken) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcods (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2A6YXA8X1C6AYZ9WKAGTTPHNPM (Trojan.Downloader) -> Value: 2A6YXA8X1C6AYZ9WKAGTTPHNPM -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> Delete on reboot.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\WINDOWS\System32\nyload3A.dll (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Eigenaar\nyload3A.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\chererasras\chererasras.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\nyload3A.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\dcods.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanhdiskc79.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanvdiskj68.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanxdiskbk86.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanhdiskc79.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanxdiskbk86.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\qloadB1.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\zloadp6F.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\9D67.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\adloadf21.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\psloadwf3.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\qloadB1.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\zloadp6F.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Hidde\adloadf21.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Hidde\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\avcheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
-
er zit toch nog aardig wat rommel op.
trouwens nog een probleem:
- soms veranderd de vista taakbalk in een grijze windows2000 (zoiets iig zo'n ouderwetse) taakbald.
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 6736
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
1-6-2011 13:47:17
mbam-log-2011-06-01 (13-47-14).txt
Scantype: Snelle scan
Objecten gescand: 190470
Verstreken tijd: 5 minuut/minuten, 40 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 21
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
c:\WINDOWS\System32\nyload3A.dll (Heuristics.Shuriken) -> No action taken.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcods (Spyware.Passwords.XGen) -> No action taken.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2A6YXA8X1C6AYZ9WKAGTTPHNPM (Trojan.Downloader) -> Value: 2A6YXA8X1C6AYZ9WKAGTTPHNPM -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\WINDOWS\System32\nyload3A.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\nyload3A.dll (Heuristics.Shuriken) -> No action taken.
c:\chererasras\chererasras.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\System32\config\systemprofile\nyload3A.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\System32\dcods.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanhdiskc79.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanvdiskj68.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanxdiskbk86.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanhdiskc79.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanxdiskbk86.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\System32\qloadB1.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\System32\config\systemprofile\zloadp6F.dll (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\temp\9D67.tmp (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\adloadf21.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\psloadwf3.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\qloadB1.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Eigenaar\zloadp6F.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Hidde\adloadf21.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\Hidde\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\avcheck.exe (Trojan.Agent) -> No action taken.
c:\Users\Eigenaar\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
-
Hey Kape,
Ik word inderdaad niet meer via google doorgestuurd naar ongewenste sites, maar ik merk wel dat:
-De programma's op de computer vaak 'niet meer reageren' (zodra ik via crtl alt delete wegdoe krijg ik een zwart scherm en moet ik de computer opnieuw opstarten)
-Het internet nog traag is, filmpjes laden wel snel, dus ligt niet zozeer aan de internet snelheid maar aan het programma ofzo. want het internet was sneller.
verder heb je me al heeeeel erg geholpen!
Ik hoop dat de laatste stapjes ook lukken.
logje komt er morgen vroeg aan!
-
ComboFix 11-05-30.07 - Eigenaar 31-05-2011 11:11:48.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1766 [GMT 2:00]
Gestart vanuit: C:\Users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\Eigenaar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\erbib.exe"
"c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
"c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\giysyp.exe"
"c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tueh.exe"
"c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ xiyg.exe"
"c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll"
"c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiyg.exe"
"c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanvdiskj68.dll"
"c:\windows\System32\config\systemprofile\qloadB1.dll"
"c:\windows\System32\qloadB1.dll"
"c:\windows\system32\swinr.exe"
"c:\windows\System32\zloadp6F.dll"
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\erbib.exe
C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
C:\Users\Eigenaar\AppData\Roaming\Reove
c:\users\Eigenaar\AppData\Roaming\Reove\zaxiy.exe
C:\Users\Eigenaar\AppData\Roaming\Yldim
C:\Users\Eigenaar\AppData\Roaming\Yldim\zaogk.ini
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tueh.exe
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiyg.exe
C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanvdiskj68.dll
c:\windows\System32\config\systemprofile\qloadB1.dll
c:\windows\System32\qloadB1.dll
c:\windows\system32\swinr.exe
c:\windows\System32\zloadp6F.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_swinr
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-31 ))))))))))))))))))))))))))))))
2011-05-31 09:21:01 . 2011-05-31 10:25:01 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 09:21:01 . 2011-05-31 09:21:01 -------- d-----w- C:\Users\Hidde\AppData\Local\temp
2011-05-31 09:21:01 . 2011-05-31 09:21:01 -------- d-----w- C:\Users\Gast\AppData\Local\temp
2011-05-31 09:21:01 . 2011-05-31 09:21:01 -------- d-----w- C:\Users\Eigenaar\AppData\Local\temp
2011-05-31 09:21:01 . 2011-05-31 09:21:01 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-31 09:20:28 . 2011-05-31 09:20:28 62976 ----a-w- C:\Windows\system32\dcods.exe
2011-05-26 16:26:37 . 2011-05-09 20:46:45 6962000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE6DE1CC-A3F9-40B3-A461-993BE1CC2819}\mpengine.dll
2011-05-23 18:07:26 . 2010-12-20 16:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07:22 . 2010-12-20 16:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-23 18:07:21 . 2011-05-23 18:07:28 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-23 18:03:45 . 2011-05-23 18:03:45 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03:41 . 2011-05-23 18:03:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-23 15:03:31 . 2011-05-23 15:03:32 388096 ----a-r- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03:30 . 2011-05-23 15:03:30 -------- d-----w- C:\Program Files\Trend Micro
2011-05-14 07:37:33 . 2011-05-14 07:37:32 94208 ----a-w- C:\Users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avcheck.exe
2011-05-06 12:10:56 . 2011-05-06 12:10:56 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2011-05-06 09:48:07 . 2011-05-31 10:24:54 -------- d-----w- C:\Windows\system32\config\systemprofile\Tracing
2011-05-06 09:42:17 . 2011-05-06 09:42:17 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42:15 . 2011-05-06 09:42:15 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:20:14 . 2011-05-05 16:20:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-05-30 17:07:06 . 2011-01-29 13:51:24 137176 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2011-05-30 17:06:58 . 2011-01-29 13:51:18 268952 ----a-w- C:\Windows\system32\PnkBstrB.exe
2011-05-30 17:06:58 . 2011-01-29 13:51:15 268952 ----a-w- C:\Windows\system32\PnkBstrB.xtr
2011-05-30 17:06:40 . 2011-01-29 13:51:18 268952 ----a-w- C:\Windows\system32\PnkBstrB.ex0
2011-04-11 07:04:07 . 2010-08-20 09:18:37 7071056 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12:54 . 2011-04-15 14:22:25 1136640 ----a-w- C:\Windows\system32\mfc42.dll
2011-03-10 16:12:54 . 2011-04-15 14:22:24 1161728 ----a-w- C:\Windows\system32\mfc42u.dll
2011-03-03 15:00:15 . 2011-04-15 14:22:13 738816 ----a-w- C:\Windows\system32\inetcomm.dll
2011-03-03 14:56:40 . 2011-04-28 06:57:13 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2011-03-03 14:56:29 . 2011-04-28 06:57:13 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 . 2011-04-28 06:57:13 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 . 2011-04-28 06:57:14 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 14:56:25 . 2011-04-28 06:57:13 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 13:01:01 . 2011-04-28 06:57:13 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53:48 . 2011-04-15 14:22:17 2040832 ----a-w- C:\Windows\system32\win32k.sys
2011-03-02 14:49:43 . 2011-04-15 14:22:15 86528 ----a-w- C:\Windows\system32\dnsrslvr.dll
2009-06-10 12:47:29 589824 --sha-w- C:\Windows\System32\nyload3A.dll
2009-06-10 12:47:29 589824 --sha-w- C:\Windows\System32\config\systemprofile\nyload3A.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\zloadp6F.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanhdiskc79.dll
2009-06-10 12:47:29 589824 --sha-w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanxdiskbk86.dll
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 12:08:32 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 20:12:58 3872080]
"NvCplDaemonTool"="C:\Windows\system32\config\SYSTEM~1\nyload3A.dll" [2009-06-10 12:47:29 589824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-14 02:09:00 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-14 02:09:00 92704]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 11:31:22 1033512]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-06-27 15:42:06 442467]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 13:55:34 222504]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-06-25 20:35:38 468264]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 06:45:10 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 16:42:38 554288]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 11:42:16 70912]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 14:24:20 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 12:51:00 488752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:38 39792]
"MSSE"="C:\Program Files\Microsoft Security Essentials\msseces.exe" [2010-09-15 02:34:02 1094224]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 16:04:56 47904]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-12-13 16:16:18 421160]
"GBMHome8Agent"="C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 03:28:10 189056]
"NvCplDaemonTool"="C:\Windows\system32\nyload3A.dll" [2009-06-10 12:47:29 589824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 12:08:32 2289664]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 20:12:58 3872080]
"NvCplDaemonTool"="C:\Windows\system32\config\SYSTEM~1\nyload3A.dll" [2009-06-10 12:47:29 589824]
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scanhdiskc79.dll [2009-6-10 593920]
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
R1 MpKsl05309e8f;MpKsl05309e8f;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKsle820e8eb;MpKsle820e8eb;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2980EAB4-4D47-48EF-BB55-F3C88126527E}\MpKsle820e8eb.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 dcods;Windows Autenthification Service;C:\Windows\system32\dcods.exe [2011-05-31 09:20:28 62976]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2008-01-21 02:23:43 21504]
R2 yuclwxci;Brother MFC USB Serial WDM Support;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
R3 CFcatchme;CFcatchme;C:\Users\Eigenaar\AppData\Local\Temp\CFcatchme.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 19:30:22 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 06:29:26 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 12:16:28 753504]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 15:53:08 77824]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2008-03-18 14:24:58 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-25 23:15:26 361808]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 09:23:34 193840]
S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 13:23:12 52736]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-08 10:16:26 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-14 02:09:00 43552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yuclwxci
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
Inhoud van de 'Gedeelde Taken' map
2011-05-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12:15 . 2010-08-18 18:12:15]
2011-05-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12:15 . 2010-08-18 18:12:15]
2011-04-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- C:\Users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19:36 . 2010-09-29 19:19:35]
2011-05-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- C:\Users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19:36 . 2010-09-29 19:19:35]
2011-05-31 C:\Windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- C:\Windows\system32\msfeedssync.exe [2011-04-15 14:22:30 . 2011-02-22 04:43:04]
------- Bijkomende Scan -------
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-31 12:24:47
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(4596)
C:\Windows\system32\nyload3A.dll
------------------------ Andere Aktieve Processen ------------------------
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
**************************************************************************
Voltooingstijd: 2011-05-31 12:29:55 - machine werd herstart
ComboFix-quarantined-files.txt 2011-05-31 10:29:51
ComboFix2.txt 2011-05-30 16:18:03
ComboFix3.txt 2011-05-25 20:06:23
ComboFix4.txt 2011-05-24 09:28:26
Pre-Run: 93.020.987.392 bytes beschikbaar
Post-Run: 92.809.830.400 bytes beschikbaar
- - End Of File - - 300E3D78824BBB8F79B2CBA6093F6457
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:52, on 31-5-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKLM\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\nyload3A.dll,_IWMPEvents
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Eigenaar\nyload3A.dll,_IWMPEvents
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\config\SYSTEM~1\nyload3A.dll,_IWMPEvents (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - S-1-5-18 Startup: scanhdiskc79.dll (User 'SYSTEEM')
O4 - .DEFAULT Startup: scanhdiskc79.dll (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: scanhdiskc79.dll
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Windows Autenthification Service (dcods) - Lsirkikvc Software - C:\Windows\system32\dcods.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 9781 bytes
-
ComboFix 11-05-29.04 - Eigenaar 30-05-2011 17:51:51.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1867 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\adloadf21.dll"
"c:\windows\system32\cnixc.exe"
"c:\windows\System32\config\systemprofile\adloadf21.dll"
"c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll"
"c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanhdiskc79.dll"
"c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskn46.dll"
"c:\windows\System32\config\systemprofile\psloadwF3.dll"
"c:\windows\System32\config\systemprofile\zloadp6F.dll"
"c:\windows\System32\psloadwF3.dll"
"c:\windows\System32\zloadp6F.dll"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\GEROINSSVSE
c:\geroinssvse\config.bin
c:\geroinssvse\GEROINSSVSE.exe
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Eigenaar\AppData\Roaming\Muzye
c:\users\Eigenaar\AppData\Roaming\Muzye\kieha.oru
c:\users\Eigenaar\AppData\Roaming\Nigaot
c:\users\Eigenaar\AppData\Roaming\Nigaot\vouqa.exe
c:\users\Eigenaar\AppData\Roaming\Ricy
c:\users\Eigenaar\AppData\Roaming\Ricy\vaisp.own
c:\windows\System32\adloadf21.dll
c:\windows\system32\cnixc.exe
c:\windows\System32\config\systemprofile\adloadf21.dll
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanhdiskc79.dll
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskn46.dll
c:\windows\System32\config\systemprofile\psloadwF3.dll
c:\windows\System32\config\systemprofile\zloadp6F.dll
c:\windows\System32\psloadwF3.dll
c:\windows\System32\zloadp6F.dll
.
---- Voorgaande Run -------
.
c:\pkgfurotmvn\config.bin
c:\pkgfurotmvn\pkgfurotmvn.exe
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\buoh.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\holou.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\laemc.exe
c:\users\Eigenaar\AppData\Roaming\Koka\uqyql.exe
c:\users\Eigenaar\AppData\Roaming\Loedq\diyr.yzx
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Eigenaar\AppData\Roaming\Olety\sopyi.exe
c:\users\Eigenaar\AppData\Roaming\Zesa\uccy.exe
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuuki.exe
c:\users\Hidde\AppData\Roaming\Cawo\avane.dat
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fudeef.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cnixc
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 16:07 . 2011-05-30 16:07 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Yldim
2011-05-30 16:07 . 2011-05-30 16:07 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Reove
2011-05-30 16:01 . 2011-05-30 16:09 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2011-05-30 16:01 . 2011-05-30 16:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-30 16:01 . 2011-05-30 16:01 -------- d-----w- c:\users\Hidde\AppData\Local\temp
2011-05-30 16:01 . 2011-05-30 16:01 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-30 16:01 . 2011-05-30 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 16:00 . 2011-05-30 16:00 62976 ----a-w- c:\windows\system32\swinr.exe
2011-05-30 12:41 . 2011-05-30 12:41 122368 ----a-w- c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiyg.exe
2011-05-30 12:41 . 2011-05-30 12:41 122368 ----a-w- c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tueh.exe
2011-05-30 12:41 . 2011-05-30 12:41 122368 ----a-w- c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\giysyp.exe
2011-05-30 12:41 . 2011-05-30 12:41 122368 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\erbib.exe
2011-05-26 16:26 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE6DE1CC-A3F9-40B3-A461-993BE1CC2819}\mpengine.dll
2011-05-23 18:07 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:07 . 2011-05-23 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 15:03 . 2011-05-23 15:03 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03 . 2011-05-23 15:03 -------- d-----w- c:\program files\Trend Micro
2011-05-14 07:37 . 2011-05-14 07:37 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avcheck.exe
2011-05-06 12:10 . 2011-05-06 12:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-06 09:48 . 2011-05-06 09:48 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:20 . 2011-05-05 16:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 16:55 . 2011-01-29 13:51 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-26 16:55 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-26 16:55 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-24 09:41 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-11 07:04 . 2010-08-20 09:18 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12 . 2011-04-15 14:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-15 14:22 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-03 15:00 . 2011-04-15 14:22 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-28 06:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 14:56 . 2011-04-28 06:57 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 06:57 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 06:57 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-28 06:57 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 13:01 . 2011-04-28 06:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53 . 2011-04-15 14:22 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-15 14:22 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\qloadB1.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\zloadp6F.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\qloadB1.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanvdiskj68.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-08-24 2356088]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NvCplDaemonTool"="c:\users\Eigenaar\zloadp6F.dll" [2009-06-10 593920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"NvCplDaemonTool"="c:\windows\system32\qloadB1.dll" [2009-06-10 593920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"NvCplDaemonTool"="c:\windows\system32\config\SYSTEM~1\qloadB1.dll" [2009-06-10 593920]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
tueh.exe [2011-5-30 122368]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avcheck.exe [2011-5-14 94208]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
scancdiskg07.dll [2009-6-10 593920]
xiyg.exe [2011-5-30 122368]
.
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
giysyp.exe [2011-5-30 122368]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
erbib.exe [2011-5-30 122368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl05309e8f;MpKsl05309e8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKsle820e8eb;MpKsle820e8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2980EAB4-4D47-48EF-BB55-F3C88126527E}\MpKsle820e8eb.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 swinr;Windows Autenthification Service;c:\windows\system32\swinr.exe [2011-05-30 62976]
R2 yuclwxci;Brother MFC USB Serial WDM Support;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 CFcatchme;CFcatchme;c:\users\Eigenaar\AppData\Local\Temp\CFcatchme.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yuclwxci
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-8Z5B7GZG2V5HXF8APYFGLGTWE - c:\geroinssvse\GEROINSSVSE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-30 18:07
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1828)
c:\users\Eigenaar\qloadB1.dll
c:\users\Eigenaar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANHD~1.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2011-05-30 18:17:59 - machine werd herstart
ComboFix-quarantined-files.txt 2011-05-30 16:17
ComboFix2.txt 2011-05-25 20:06
ComboFix3.txt 2011-05-24 09:28
.
Pre-Run: 93.484.552.192 bytes beschikbaar
Post-Run: 93.192.994.816 bytes beschikbaar
.
- - End Of File - - 6657B368DC18803CBDCE257795CBBE5E
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:46, on 30-5-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKLM\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\qloadB1.dll,_IWMPEvents
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Eigenaar\qloadB1.dll,_IWMPEvents
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\config\SYSTEM~1\qloadB1.dll,_IWMPEvents (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - .DEFAULT User Startup: erbib.exe (User 'Default user')
O4 - Startup: giysyp.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Windows Autenthification Service (swinr) - Lsirkikvc Software - C:\Windows\system32\swinr.exe
--
End of file - 9629 bytes
-
ComboFix 11-05-29.02 - Eigenaar 30-05-2011 13:51:56.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.1880 [GMT 2:00]
Gestart vanuit: C:\Users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\Eigenaar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\buoh.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\holou.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\laemc.exe"
"c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyep.exe"
"c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuuki.exe"
"c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fudeef.exe"
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
C:\pkgfurotmvn
C:\pkgfurotmvn\config.bin
C:\pkgfurotmvn\pkgfurotmvn.exe
C:\Recycle.Bin
C:\Recycle.Bin\config.bin
C:\recycle.bin\Recycle.Bin.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\buoh.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\holou.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\laemc.exe
c:\users\Eigenaar\AppData\Roaming\Ikygnu
C:\Users\Eigenaar\AppData\Roaming\Koka
C:\Users\Eigenaar\AppData\Roaming\Koka\uqyql.exe
C:\Users\Eigenaar\AppData\Roaming\Loedq
C:\Users\Eigenaar\AppData\Roaming\Loedq\diyr.yzx
C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
C:\Users\Eigenaar\AppData\Roaming\Olety
C:\Users\Eigenaar\AppData\Roaming\Olety\sopyi.exe
c:\users\Eigenaar\AppData\Roaming\Woluov
C:\Users\Eigenaar\AppData\Roaming\Zesa
C:\Users\Eigenaar\AppData\Roaming\Zesa\uccy.exe
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuuki.exe
c:\users\Hidde\AppData\Roaming\Cawo
c:\users\Hidde\AppData\Roaming\Cawo\avane.dat
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fudeef.exe
C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-30 ))))))))))))))))))))))))))))))
2011-05-30 12:02:59 . 2011-05-30 12:02:59 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2011-05-30 12:02:59 . 2011-05-30 12:02:59 -------- d-----w- C:\Users\Hidde\AppData\Local\temp
2011-05-30 12:02:59 . 2011-05-30 12:02:59 -------- d-----w- C:\Users\Gast\AppData\Local\temp
2011-05-30 12:02:59 . 2011-05-30 12:02:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-26 16:26:37 . 2011-05-09 20:46:45 6962000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE6DE1CC-A3F9-40B3-A461-993BE1CC2819}\mpengine.dll
2011-05-26 15:25:49 . 2011-05-26 15:25:49 62976 ----a-w- C:\Windows\system32\cnixc.exe
2011-05-25 20:12:05 . 2011-05-25 20:12:05 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Muzye
2011-05-25 20:06:26 . 2011-05-30 12:08:41 -------- d-----w- C:\Users\Eigenaar\AppData\Local\temp
2011-05-23 18:07:26 . 2010-12-20 16:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07:22 . 2010-12-20 16:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-23 18:07:21 . 2011-05-23 18:07:28 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-23 18:03:45 . 2011-05-23 18:03:45 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03:41 . 2011-05-23 18:03:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-23 15:03:31 . 2011-05-23 15:03:32 388096 ----a-r- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03:30 . 2011-05-23 15:03:30 -------- d-----w- C:\Program Files\Trend Micro
2011-05-14 07:37:33 . 2011-05-14 07:37:32 94208 ----a-w- C:\Users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avcheck.exe
2011-05-06 12:10:56 . 2011-05-06 12:10:56 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2011-05-06 09:48:07 . 2011-05-06 09:48:07 -------- d-----w- C:\Windows\system32\config\systemprofile\Tracing
2011-05-06 09:42:17 . 2011-05-06 09:42:17 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42:15 . 2011-05-06 09:42:15 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:20:14 . 2011-05-05 16:20:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-05-26 16:55:17 . 2011-01-29 13:51:24 137176 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2011-05-26 16:55:08 . 2011-01-29 13:51:18 268952 ----a-w- C:\Windows\system32\PnkBstrB.exe
2011-05-26 16:55:08 . 2011-01-29 13:51:15 268952 ----a-w- C:\Windows\system32\PnkBstrB.xtr
2011-05-24 09:41:50 . 2011-01-29 13:51:18 268952 ----a-w- C:\Windows\system32\PnkBstrB.ex0
2011-04-11 07:04:07 . 2010-08-20 09:18:37 7071056 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12:54 . 2011-04-15 14:22:25 1136640 ----a-w- C:\Windows\system32\mfc42.dll
2011-03-10 16:12:54 . 2011-04-15 14:22:24 1161728 ----a-w- C:\Windows\system32\mfc42u.dll
2011-03-03 15:00:15 . 2011-04-15 14:22:13 738816 ----a-w- C:\Windows\system32\inetcomm.dll
2011-03-03 14:56:40 . 2011-04-28 06:57:13 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2011-03-03 14:56:29 . 2011-04-28 06:57:13 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 . 2011-04-28 06:57:13 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 . 2011-04-28 06:57:14 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 14:56:25 . 2011-04-28 06:57:13 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 13:01:01 . 2011-04-28 06:57:13 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53:48 . 2011-04-15 14:22:17 2040832 ----a-w- C:\Windows\system32\win32k.sys
2011-03-02 14:49:43 . 2011-04-15 14:22:15 86528 ----a-w- C:\Windows\system32\dnsrslvr.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\adloadf21.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\psloadwF3.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\zloadp6F.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\adloadf21.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\psloadwF3.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\zloadp6F.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanhdiskc79.dll
2009-06-10 12:47:29 593920 --sha-w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskn46.dll
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:13, on 30-5-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKLM\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\zloadp6F.dll,_IWMPEvents
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Eigenaar\zloadp6F.dll,_IWMPEvents
O4 - HKCU\..\Run: [WV3E3W0UXE4W1H6JOEOJOSEIHJTGBG] C:\pkgfurotmvn\pkgfurotmvn.exe /q
O4 - HKCU\..\Run: [4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI] C:\Recycle.Bin\Recycle.Bin.exe
O4 - HKCU\..\Run: [{4C61EA73-D250-B216-5F03-CDC2355A6FC2}] C:\Users\Eigenaar\AppData\Roaming\Zesa\uccy.exe
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\config\SYSTEM~1\zloadp6F.dll,_IWMPEvents (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - S-1-5-18 Startup: scancdiskg07.dll (User 'SYSTEEM')
O4 - S-1-5-18 Startup: scanudiskn46.dll (User 'SYSTEEM')
O4 - .DEFAULT Startup: scancdiskg07.dll (User 'Default user')
O4 - .DEFAULT Startup: scanudiskn46.dll (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: scancdiskg07.dll
O4 - Startup: scanudiskn46.dll
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows Autenthification Service (cnixc) - Lsirkikvc Software - C:\Windows\system32\cnixc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 10177 bytes
-
Moet hier nog iets aan gedaan worden?!
-
Steeds als ik vanaf google naar een site ga dan krijg ik een spam site.
Btw jullie helpen mij echt geweldig. nog nooit op andere fora zo veel hulp gezien!
ComboFix 11-05-25.01 - Eigenaar 25-05-2011 21:37:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.2055 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eigenaar\Documents\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\bJ28601CoHaM28601
c:\programdata\bJ28601CoHaM28601\bJ28601CoHaM28601
c:\programdata\bJ28601CoHaM28601\bJ28601CoHaM28601.exe
c:\users\Eigenaar\AppData\Roaming\Epyg
c:\users\Eigenaar\AppData\Roaming\Epyg\faaba.exe
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\sshnas21.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-25 to 2011-05-25 ))))))))))))))))))))))))))))))
.
.
2011-05-25 20:00 . 2011-05-25 20:01 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Ikygnu
2011-05-25 20:00 . 2011-05-25 20:00 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Zesa
2011-05-25 19:47 . 2011-05-25 20:00 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2011-05-25 19:47 . 2011-05-25 19:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-25 19:47 . 2011-05-25 19:47 -------- d-----w- c:\users\Hidde\AppData\Local\temp
2011-05-25 19:47 . 2011-05-25 19:47 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-25 19:47 . 2011-05-25 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 19:08 . 2011-05-25 19:11 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Woluov
2011-05-25 19:08 . 2011-05-25 19:08 121344 ----a-w- c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fudeef.exe
2011-05-25 19:08 . 2011-05-25 19:08 121344 ----a-w- c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuuki.exe
2011-05-25 19:08 . 2011-05-25 19:08 121344 ----a-w- c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyep.exe
2011-05-25 19:08 . 2011-05-25 19:08 121344 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\laemc.exe
2011-05-24 20:57 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F452E328-BA22-4B50-9362-8474B44B36D0}\mpengine.dll
2011-05-23 18:07 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:07 . 2011-05-23 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 15:03 . 2011-05-23 15:03 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03 . 2011-05-23 15:03 -------- d-----w- c:\program files\Trend Micro
2011-05-20 21:54 . 2011-05-20 21:54 129536 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\buoh.exe
2011-05-20 21:47 . 2011-05-20 21:48 -------- d-----w- c:\users\Hidde\AppData\Roaming\Cawo
2011-05-18 17:48 . 2011-05-18 17:48 131696 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\holou.exe
2011-05-14 07:37 . 2011-05-14 07:37 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avcheck.exe
2011-05-06 12:10 . 2011-05-06 12:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-06 09:48 . 2011-05-06 09:48 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:20 . 2011-05-05 16:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-30 11:05 . 2011-04-30 11:05 -------- d-----w- c:\program files\WinSCP
2011-04-28 15:26 . 2011-04-28 15:28 -------- d-----w- c:\program files\mp3DirectCut
2011-04-28 07:09 . 2011-04-28 07:09 -------- d-----w- c:\program files\TuneUpMedia
2011-04-28 07:09 . 2011-04-28 07:14 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\TuneUpMedia
2011-04-28 07:09 . 2011-04-28 07:09 -------- d-----w- c:\programdata\TuneUpMedia
2011-04-28 07:06 . 2011-04-29 04:16 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Azureus
2011-04-28 07:05 . 2011-04-28 07:05 -------- d-----w- c:\program files\Vuze
2011-04-28 06:57 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 06:57 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 09:41 . 2011-01-29 13:51 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-24 09:41 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-24 09:41 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-05 13:13 . 2011-01-29 13:51 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-11 07:04 . 2010-08-20 09:18 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12 . 2011-04-15 14:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-15 14:22 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-03 15:00 . 2011-04-15 14:22 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-28 06:57 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 06:57 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 06:57 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-28 06:57 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 12:53 . 2011-04-15 14:22 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-15 14:22 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\adloadf21.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\psloadwF3.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\zloadp6F.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\adloadf21.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\psloadwF3.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\zloadp6F.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskg07.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanhdiskc79.dll
2009-06-10 12:47 593920 --sha-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskn46.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-08-24 2356088]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NvCplDaemonTool"="c:\users\Eigenaar\zloadp6F.dll" [2009-06-10 593920]
"{4C61EA73-D250-B216-5F03-CDC2355A6FC2}"="c:\users\Eigenaar\AppData\Roaming\Zesa\uccy.exe" [2010-08-12 121344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"NvCplDaemonTool"="c:\windows\system32\zloadp6F.dll" [2009-06-10 593920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"NvCplDaemonTool"="c:\windows\system32\config\SYSTEM~1\zloadp6F.dll" [2009-06-10 593920]
.
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scancdiskg07.dll [2009-6-10 593920]
scanudiskn46.dll [2009-6-10 593920]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
tuuki.exe [2011-5-25 121344]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avcheck.exe [2011-5-14 94208]
fudeef.exe [2011-5-25 121344]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
scancdiskg07.dll [2009-6-10 593920]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
buoh.exe [2011-5-20 129536]
holou.exe [2011-5-18 131696]
laemc.exe [2011-5-25 121344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl05309e8f;MpKsl05309e8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKsle820e8eb;MpKsle820e8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2980EAB4-4D47-48EF-BB55-F3C88126527E}\MpKsle820e8eb.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 yuclwxci;Brother MFC USB Serial WDM Support;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yuclwxci
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-25 c:\windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI - c:\recycle.bin\Recycle.Bin.exe
HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll
HKU-Default-RunOnce-bJ28601CoHaM28601 - c:\programdata\bJ28601CoHaM28601\bJ28601CoHaM28601.exe
HKU-Default-RunOnce-0 - c:\windows\TEMP\0.9192711205148835.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 22:00
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(6020)
c:\windows\system32\zloadp6F.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Voltooingstijd: 2011-05-25 22:06:20 - machine werd herstart
ComboFix-quarantined-files.txt 2011-05-25 20:06
ComboFix2.txt 2011-05-24 09:28
.
Pre-Run: 93.735.456.768 bytes beschikbaar
Post-Run: 93.584.756.736 bytes beschikbaar
.
- - End Of File - - 7C806CBF9A37300A09028A5A98897EEC
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:18, on 25-5-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKLM\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\zloadp6F.dll,_IWMPEvents
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Eigenaar\zloadp6F.dll,_IWMPEvents
O4 - HKCU\..\Run: [{4C61EA73-D250-B216-5F03-CDC2355A6FC2}] C:\Users\Eigenaar\AppData\Roaming\Zesa\uccy.exe
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\S-1-5-18\..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\config\SYSTEM~1\zloadp6F.dll,_IWMPEvents (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O4 - S-1-5-18 Startup: scancdiskg07.dll (User 'SYSTEEM')
O4 - S-1-5-18 Startup: scanudiskn46.dll (User 'SYSTEEM')
O4 - .DEFAULT Startup: scancdiskg07.dll (User 'Default user')
O4 - .DEFAULT Startup: scanudiskn46.dll (User 'Default user')
O4 - .DEFAULT User Startup: buoh.exe (User 'Default user')
O4 - .DEFAULT User Startup: holou.exe (User 'Default user')
O4 - .DEFAULT User Startup: laemc.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: qyep.exe
O4 - Startup: scancdiskg07.dll
O4 - Startup: scanudiskn46.dll
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 10552 bytes
-
Ben echt blij dat jullie me zo helpen!
Hier is het logje
ComboFix 11-05-23.02 - Eigenaar 24-05-2011 11:12:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3068.2033 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\README.EXE
c:\users\Eigenaar\AppData\Roaming\Adobe\plugs
c:\users\Eigenaar\AppData\Roaming\Adobe\shed
c:\users\Eigenaar\AppData\Roaming\AECD664A86B1F3DFD39B919C6A3D44B9
c:\users\Eigenaar\AppData\Roaming\AECD664A86B1F3DFD39B919C6A3D44B9\enemies-names.txt
c:\users\Eigenaar\AppData\Roaming\AECD664A86B1F3DFD39B919C6A3D44B9\local.ini
c:\users\Eigenaar\AppData\Roaming\AECD664A86B1F3DFD39B919C6A3D44B9\lsrslt.ini
c:\users\Eigenaar\AppData\Roaming\Ciru
c:\users\Eigenaar\AppData\Roaming\Ciru\evsy.exe
c:\users\Eigenaar\AppData\Roaming\config.txt
c:\users\Eigenaar\AppData\Roaming\Umatza
c:\users\Eigenaar\AppData\Roaming\Umatza\ufim.akw
c:\users\Eigenaar\Desktop\Internet Explorer.lnk
c:\users\Hidde\AppData\Roaming\Ezyv
c:\users\Hidde\AppData\Roaming\Ezyv\ysuf.exe
c:\users\Hidde\AppData\Roaming\Owak
c:\users\Hidde\AppData\Roaming\Owak\riame.exe
c:\users\Hidde\AppData\Roaming\Ynni
c:\users\Hidde\AppData\Roaming\Ynni\goeqz.exe
c:\windows\system32\config\systemprofile\AppData\Local\mekomdo.dll
c:\windows\system32\taeiclzx.dll
c:\windows\system32\tmp.tmp
F:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 ))))))))))))))))))))))))))))))
.
.
2011-05-24 09:21 . 2011-05-24 09:23 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2011-05-24 09:21 . 2011-05-24 09:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-24 09:21 . 2011-05-24 09:21 -------- d-----w- c:\users\Hidde\AppData\Local\temp
2011-05-24 09:21 . 2011-05-24 09:21 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-24 09:04 . 2011-05-24 09:04 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B6BF6C5-18CF-4F01-8520-F5ADCB096681}\MpKsl8e9ed60c.sys
2011-05-23 18:07 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 18:07 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 18:07 . 2011-05-23 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2011-05-23 18:03 . 2011-05-23 18:03 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 15:03 . 2011-05-23 15:03 388096 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 15:03 . 2011-05-23 15:03 -------- d-----w- c:\program files\Trend Micro
2011-05-20 21:54 . 2011-05-20 21:54 129536 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\buoh.exe
2011-05-20 21:47 . 2011-05-20 21:48 -------- d-----w- c:\users\Hidde\AppData\Roaming\Cawo
2011-05-18 17:48 . 2011-05-18 17:48 131696 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\holou.exe
2011-05-18 17:38 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B6BF6C5-18CF-4F01-8520-F5ADCB096681}\mpengine.dll
2011-05-14 07:37 . 2011-05-14 07:37 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avcheck.exe
2011-05-13 21:07 . 2011-05-13 21:07 -------- d-----w- c:\users\Hidde\AppData\Roaming\Diqy
2011-05-13 21:07 . 2011-05-20 21:56 -------- d-----w- c:\users\Hidde\AppData\Roaming\Kyze
2011-05-06 12:10 . 2011-05-06 12:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-06 09:48 . 2011-05-06 09:48 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Genie-soft
2011-05-06 09:42 . 2011-05-06 09:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-05-05 16:29 . 2011-05-24 09:09 2592824 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-05 16:20 . 2011-05-05 16:20 -------- d--h--w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-30 11:05 . 2011-04-30 11:05 -------- d--h--w- c:\program files\WinSCP
2011-04-28 15:26 . 2011-04-28 15:28 -------- d--h--w- c:\program files\mp3DirectCut
2011-04-28 07:09 . 2011-04-28 07:09 -------- d--h--w- c:\program files\TuneUpMedia
2011-04-28 07:09 . 2011-04-28 07:14 -------- d--h--w- c:\users\Eigenaar\AppData\Roaming\TuneUpMedia
2011-04-28 07:09 . 2011-04-28 07:09 -------- d--h--w- c:\programdata\TuneUpMedia
2011-04-28 07:06 . 2011-04-29 04:16 -------- d--h--w- c:\users\Eigenaar\AppData\Roaming\Azureus
2011-04-28 07:05 . 2011-04-28 07:05 -------- d--h--w- c:\program files\Vuze
2011-04-28 07:04 . 2011-04-28 07:04 -------- d--h--w- c:\users\Eigenaar\AppData\Local\Conduit
2011-04-28 06:57 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 06:57 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 13:13 . 2011-01-29 13:51 137176 ---ha-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-05 13:13 . 2011-01-29 13:51 268952 ---ha-w- c:\windows\system32\PnkBstrB.exe
2011-05-05 13:13 . 2011-01-29 13:51 268952 ---ha-w- c:\windows\system32\PnkBstrB.xtr
2011-05-04 16:30 . 2011-01-29 13:51 268952 ---ha-w- c:\windows\system32\PnkBstrB.ex0
2011-04-11 07:04 . 2010-08-20 09:18 7071056 ---ha-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 16:12 . 2011-04-15 14:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-15 14:22 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-03 15:00 . 2011-04-15 14:22 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-28 06:57 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 06:57 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 06:57 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-28 06:57 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 12:53 . 2011-04-15 14:22 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-15 14:22 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-08-24 2356088]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avcheck.exe [2011-5-14 94208]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
buoh.exe [2011-5-20 129536]
holou.exe [2011-5-18 131696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4090497035-419787805-1109558852-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl05309e8f;MpKsl05309e8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F10D784-6A7B-4ACC-8D2F-4AF106041706}\MpKsl05309e8f.sys [x]
R1 MpKsl46055f2f;MpKsl46055f2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8D584CC-047C-40AE-9237-1979C84F8B89}\MpKsl46055f2f.sys [x]
R1 MpKsl64ae66d0;MpKsl64ae66d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72659B81-90CD-43A1-B7FD-75921B6A6A1C}\MpKsl64ae66d0.sys [x]
R1 MpKslf3456a10;MpKslf3456a10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38A4DCE2-C663-4AC7-8550-A91951CBF21F}\MpKslf3456a10.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 yuclwxci;Brother MFC USB Serial WDM Support;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl8e9ed60c;MpKsl8e9ed60c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B6BF6C5-18CF-4F01-8520-F5ADCB096681}\MpKsl8e9ed60c.sys [2011-05-24 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL8E9ED60C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yuclwxci
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 18:12]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001Core.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090497035-419787805-1109558852-1001UA.job
- c:\users\Hidde\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 19:19]
.
2011-05-24 c:\windows\Tasks\User_Feed_Synchronization-{9CDAFF32-6F1E-4083-BB31-875ED51CB42E}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://co112w.col112.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\e0xdhxtb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_NL Community Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - %profile%\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKCU-Run-Konni Symbol Autostart - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-24 11:23
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
c:\users\Eigenaar\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-05-24 11:28:25
ComboFix-quarantined-files.txt 2011-05-24 09:28
.
Pre-Run: 88.831.221.760 bytes beschikbaar
Post-Run: 95.018.831.872 bytes beschikbaar
.
- - End Of File - - 10D80DFDBD44D70969896476E5D8D73D
---------- Post toegevoegd om 11:36 ---------- Vorige post was om 11:31 ----------
Ik zie dat heel veel is hersteld.
Er zijn wel wat bestanden weg, maar misschien weten jullie of je die nog terug kan krijgen.
Verder heb ik het probleem op het internet. dat als ik naar een site toe ga dat er een spam site voor in de plaats komt. na een paar keer proberen kom ik pas op de goede site uit....
---------- Post toegevoegd om 11:40 ---------- Vorige post was om 11:36 ----------
Ik kom voornamelijk bij deze site uit:
That's IT! -- Nieuwe en gebruikte computers, onderdelen en randapparatuur
Computer langzaam, en veel reclame
in Archief Bestrijding malware & virussen
Geplaatst:
Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download
Databaseversie: v2013.01.27.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Job :: JOB-HP [administrator]
27-1-2013 22:08:11
mbam-log-2013-01-27 (22-08-11).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 213332
Verstreken tijd: 4 minuut/minuten, 54 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:09, on 8-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11383 bytes