djibbie

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:26:37, on 5/01/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 6468 bytes

bedankt voor de moeite

ComboFix 11-10-04.04 - linda 05/10/2011 11:55:06.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1013.351 [GMT 2:00] Gestart vanuit: c:\users\linda\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files\google\common\google updater\googleupdaterservice.exe c:\users\linda\AppData\Local\Carta c:\users\linda\AppData\Local\Carta\Carta.ini c:\users\linda\AppData\Roaming\Microsoft\Windows\Recent\Axci.nl -.url c:\users\linda\AppData\Roaming\Microsoft\Windows\Recent\NMBS.url c:\users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore c:\users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk c:\users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk c:\windows\animbigN.bmp c:\windows\animsmalN.bmp c:\windows\system32\rnaph.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))) . . 2011-10-05 10:40 . 2011-10-05 10:42 -------- d-----w- c:\users\linda\AppData\Local\temp 2011-10-05 10:40 . 2011-10-05 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-05 07:46 . 2011-10-05 07:46 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91E3D340-8F28-4951-9D4E-1BFFB2ACD868}\MpKsl318c6aa0.sys 2011-10-05 07:46 . 2011-10-05 07:46 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91E3D340-8F28-4951-9D4E-1BFFB2ACD868}\offreg.dll 2011-10-04 19:10 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91E3D340-8F28-4951-9D4E-1BFFB2ACD868}\mpengine.dll 2011-09-29 11:48 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 14:07 . 2011-01-27 13:59 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ED32741-C339-474C-84A0-25E8E563DB71}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-12 23:14 . 2011-04-09 19:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-29 08:40 . 2011-07-29 08:40 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-25 17:31 . 2011-06-06 07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-22 02:54 . 2011-08-12 07:15 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48 . 2011-08-12 07:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44 . 2011-08-12 07:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-13 03:39 . 2011-07-30 11:15 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-07-11 13:25 . 2011-08-24 06:59 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-04 19:47 . 2011-06-06 08:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2011-05-13 4283256] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2008-11-04 1105920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-13 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-13 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-13 81920] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016] "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 54832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2008-11-04 1105920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 mailKmd;mailKmd; [x] R1 MpKsl03f5a4c6;MpKsl03f5a4c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsl03f5a4c6.sys [x] R1 MpKsl0b84cfdb;MpKsl0b84cfdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF913D5A-3D2E-4FDD-AE64-6F57B7CB073C}\MpKsl0b84cfdb.sys [x] R1 MpKsl12359054;MpKsl12359054;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA383F37-FA30-4E60-827C-7B6D3A69EA05}\MpKsl12359054.sys [x] R1 MpKsl16a50eae;MpKsl16a50eae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01DF8A64-F585-4F34-B0C0-D723F9D42683}\MpKsl16a50eae.sys [x] R1 MpKsl1d011c29;MpKsl1d011c29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1922506-764D-4A43-A737-973DB18D5336}\MpKsl1d011c29.sys [x] R1 MpKsl1d5ab697;MpKsl1d5ab697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D4D61ED-63FB-4533-A51D-364D9ECA84A7}\MpKsl1d5ab697.sys [x] R1 MpKsl21eb8ec2;MpKsl21eb8ec2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9396D231-C4A3-4A47-9D79-8233FD3ECCEA}\MpKsl21eb8ec2.sys [x] R1 MpKsl26e0fba1;MpKsl26e0fba1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD02B55-1A94-4489-823B-8EB278C987CF}\MpKsl26e0fba1.sys [x] R1 MpKsl2fa4c11a;MpKsl2fa4c11a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1922506-764D-4A43-A737-973DB18D5336}\MpKsl2fa4c11a.sys [x] R1 MpKsl3599bf3d;MpKsl3599bf3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A349517B-37A6-46F0-A4BA-9ACAC3FD8919}\MpKsl3599bf3d.sys [x] R1 MpKsl360edca0;MpKsl360edca0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6565-6697-4459-988D-0FF806770968}\MpKsl360edca0.sys [x] R1 MpKsl398c4356;MpKsl398c4356;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKsl398c4356.sys [x] R1 MpKsl3de4f9a1;MpKsl3de4f9a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3241408-E64A-4424-97FD-696B57B70801}\MpKsl3de4f9a1.sys [x] R1 MpKsl4a07ea9a;MpKsl4a07ea9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C708814-EE4E-46B2-B7EA-CBFEE85C8728}\MpKsl4a07ea9a.sys [x] R1 MpKsl4b305d40;MpKsl4b305d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CADB0872-8302-4407-ADAD-F32319FA296E}\MpKsl4b305d40.sys [x] R1 MpKsl51b3786f;MpKsl51b3786f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DD261F0-5501-4491-83F2-A2CAA48B7D1D}\MpKsl51b3786f.sys [x] R1 MpKsl54d7838c;MpKsl54d7838c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6565-6697-4459-988D-0FF806770968}\MpKsl54d7838c.sys [x] R1 MpKsl56229812;MpKsl56229812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12A9FF5E-EE69-4EA7-921A-A95678B0FB2B}\MpKsl56229812.sys [x] R1 MpKsl5630ced9;MpKsl5630ced9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{839C2A4D-85E1-4EE4-8762-7A8C7DBC55D0}\MpKsl5630ced9.sys [x] R1 MpKsl5a783958;MpKsl5a783958;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3A35199-EEC0-434E-9062-668B4AB9DB99}\MpKsl5a783958.sys [x] R1 MpKsl6216926e;MpKsl6216926e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F05EAD51-8837-40F5-96E9-64636F6AA587}\MpKsl6216926e.sys [x] R1 MpKsl73336033;MpKsl73336033;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKsl73336033.sys [x] R1 MpKsl74549250;MpKsl74549250;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsl74549250.sys [x] R1 MpKsl7508087f;MpKsl7508087f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKsl7508087f.sys [x] R1 MpKsl88630869;MpKsl88630869;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7FDD00B-C7C9-4E4E-995C-E1802BEB1042}\MpKsl88630869.sys [x] R1 MpKsl89c034e4;MpKsl89c034e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C87A8CD5-4476-470E-8B52-9C9F521E75C1}\MpKsl89c034e4.sys [x] R1 MpKsl8ea3637a;MpKsl8ea3637a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA0476B1-7648-4CE4-A3D2-DBBE1DDC9926}\MpKsl8ea3637a.sys [x] R1 MpKsl91e11db0;MpKsl91e11db0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AFF4D4-D7B1-4E02-A19C-4339223B37FF}\MpKsl91e11db0.sys [x] R1 MpKsl94446ab6;MpKsl94446ab6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC4AF3A3-820B-4644-84CC-F5A3F7A38E7D}\MpKsl94446ab6.sys [x] R1 MpKsla66d3c3f;MpKsla66d3c3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9396D231-C4A3-4A47-9D79-8233FD3ECCEA}\MpKsla66d3c3f.sys [x] R1 MpKsla8482fd1;MpKsla8482fd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsla8482fd1.sys [x] R1 MpKslaf234721;MpKslaf234721;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21B9013D-39C4-429F-8930-0C5547C9C33B}\MpKslaf234721.sys [x] R1 MpKslb0e5daab;MpKslb0e5daab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7D5E319-C450-4000-BC7A-B640DEDD2120}\MpKslb0e5daab.sys [x] R1 MpKslb933b368;MpKslb933b368;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslb933b368.sys [x] R1 MpKslbc29cbf3;MpKslbc29cbf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKslbc29cbf3.sys [x] R1 MpKslbd051e09;MpKslbd051e09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A349517B-37A6-46F0-A4BA-9ACAC3FD8919}\MpKslbd051e09.sys [x] R1 MpKslc020974c;MpKslc020974c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54AE0B3D-5419-49A7-A6E8-790A50F5C3B0}\MpKslc020974c.sys [x] R1 MpKslc072e3e3;MpKslc072e3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54AE0B3D-5419-49A7-A6E8-790A50F5C3B0}\MpKslc072e3e3.sys [x] R1 MpKslcb1fd233;MpKslcb1fd233;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslcb1fd233.sys [x] R1 MpKsld229e1ad;MpKsld229e1ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsld229e1ad.sys [x] R1 MpKsld7c37111;MpKsld7c37111;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCF3B3C2-56A8-4E00-A9D2-CDEC890E0957}\MpKsld7c37111.sys [x] R1 MpKslf4ada7fd;MpKslf4ada7fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslf4ada7fd.sys [x] R1 MpKslf741d28d;MpKslf741d28d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB564CF4-7841-413C-8C9C-64E36E053C05}\MpKslf741d28d.sys [x] R1 MpKslfa9d4557;MpKslfa9d4557;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{772275C3-FFD9-4288-B329-E2AE16FE4EF1}\MpKslfa9d4557.sys [x] R1 MpKslfe84df0e;MpKslfe84df0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKslfe84df0e.sys [x] R1 MpKslffa336cc;MpKslffa336cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD02B55-1A94-4489-823B-8EB278C987CF}\MpKslffa336cc.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 PhilCap;PhilCap service;c:\windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 MpKsl318c6aa0;MpKsl318c6aa0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91E3D340-8F28-4951-9D4E-1BFFB2ACD868}\MpKsl318c6aa0.sys [2011-10-05 28752] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL318C6AA0 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{3A41416E-9B0D-4DCE-9287-1A19D78E389D}.job - c:\windows\system32\msfeedssync.exe [2011-04-17 09:42] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://breedband.telenet.be mWindow Title = Telenet Internet uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: .directnet Trusted Zone: dexia.be\www TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\v104507\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://mirostart.com/?cfg=2-365-0-2YJNE FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE7&q= . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-05 12:42 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2011-10-05 13:00:17 ComboFix-quarantined-files.txt 2011-10-05 10:59 . Pre-Run: 46.664.183.808 bytes beschikbaar Post-Run: 47.576.399.872 bytes beschikbaar . - - End Of File - - 0DE4470A134FED39B1061B26FB51097C

Problemen zijn opgelost, gewoon opgestart zonder problemen.Er verschijnt wel !sommige opstartprogramma's worden geblokkeerd Vind mijn documenten en foto's terug. De meeste icoontjes zijn wel weg. Pc is ook niet meer beveiligd. Ben héél tevreden.Was moeilijke bevalling voor mij en dus een dikke,welgemeende merci ---------- Post toegevoegd om 23:23 ---------- Vorige post was om 23:18 ---------- nog een vraagje:Kan ik die opstartprogramma's deblokkeren?

Pc kan gewoon worden opgestart zonder de foutmeldingen maar met pikzwart scherm links icoontje van malwarebites kan mappen openen van documenten en afbeeldingen maar die zijn LEEG opstartprogramma's zijn geblokkeerd

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:44:45, on 4/10/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Windows\system32\rundll32.exe F:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7002 bytes Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 7866 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 4/10/2011 19:00:17 mbam-log-2011-10-04 (19-00-17).txt Scantype: Volledige scan (C:\|D:\|E:\|) Objecten gescand: 375905 Verstreken tijd: 1 uur/uren, 10 minuut/minuten, 23 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\programdata\pojsjfghgjflx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\linda\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2N6LXVGF\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:19:28, on 4/10/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE F:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" O4 - HKCU\..\Run: [poJSJfghGjFLx.exe] C:\ProgramData\poJSJfghGjFLx.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Samsung Auto Backup Guage.lnk = ? O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ? O4 - Startup: Samsung Auto Backup Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7729 bytes