Ga naar inhoud

Exif

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    89

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Exif

  1. Exif
    Hierbij het logje. Ondertussen ook de andere stappen uitgevoerd en Hitman Pro vindt geen malware meer. Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: folder "C:\Documents and Settings\Gilles\Mijn documenten\Downloads\6AS0 4h Noël Claudie" not found! Deletion of folder "C:\Documents and Settings\Gilles\Mijn documenten\Downloads\6AS0 4h Noël Claudie" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. *******************
  2. Exif
    Ben ondertussen bezig met de vorige stappen uit te voeren, maar het vinkje bij systeemherstel staat bij mij standaard wél aangevinkt.
  3. Exif
    Nee, als ik dat probeer zegt hij dat kladblok het bestand niet kan vinden.
  4. Exif
    Screenshot gemaakt, das duidelijker.
  5. Exif
    Dat ene bestand heeft hij niet kunnen verwijderen. Op zich niet zo erg, het stoort niet echt maar het is wel netjes als het weg is. Wel vreemd dat hij dat bij die twee andere dan wel kon. Hier is het logje. ComboFix 13-01-15.02 - Gilles 15/01/2013 11:18:06.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2403 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gilles\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gilles\Bureaublad\CFScript.txt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\SET162.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))) . . 2013-01-15 10:03 . 2013-01-15 10:03 -------- d-----w- c:\windows\LastGood 2013-01-13 14:42 . 2013-01-13 14:42 388096 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-13 14:42 . 2013-01-13 14:42 -------- d-----w- c:\program files\Trend Micro 2013-01-13 13:21 . 2013-01-13 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-01-13 11:46 . 2013-01-13 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\B89CDD279E07EFFB0000B89C2490F577 2013-01-10 20:19 . 2013-01-10 09:33 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2013-01-10 20:19 . 2013-01-10 20:19 -------- d-----w- c:\program files\Soluto 2013-01-04 11:01 . 2013-01-04 11:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2013-01-04 11:01 . 2013-01-04 11:01 -------- d-----w- c:\program files\DVDVideoSoft 2013-01-04 00:12 . 2013-01-04 00:12 710504 ----a-w- c:\windows\is-LKOT0.exe 2012-12-30 15:53 . 2013-01-15 09:09 -------- d--h--r- c:\documents and settings\Gilles\Onlangs geopend 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2008-11-16 19:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:05 . 2012-07-18 12:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-13 12:05 . 2012-07-18 12:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 11:55 . 2004-08-04 12:00 1866496 ------w- c:\windows\system32\win32k.sys 2012-11-06 02:00 . 2008-04-14 17:02 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-05 23:15 . 2012-11-05 23:15 90112 ----a-w- c:\windows\system32\regdacl.exe 2012-11-05 23:15 . 2012-11-05 23:15 4096 ----a-w- c:\windows\system32\reboot.exe 2012-11-02 02:03 . 2004-08-04 12:00 375296 ------w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2009-09-12 22:05 . 2013-01-10 22:02 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-12 22:06 . 2013-01-10 22:02 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-12 22:06 . 2013-01-10 22:02 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-12 22:06 . 2013-01-10 22:02 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-12 22:06 . 2013-01-10 22:02 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-12 22:07 . 2013-01-10 22:02 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-12 22:06 . 2013-01-10 22:02 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-12 22:06 . 2013-01-10 22:02 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 12:33 . 2013-01-10 22:02 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-12 22:06 . 2013-01-10 22:02 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2013-01-10 22:02 . 2013-01-10 22:02 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-11-01 1201664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-5 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Edimax Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Edimax Wireless Utility.lnk backup=c:\windows\pss\Edimax Wireless Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\UPDATE.EXE"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "h:\\Program Files\\FIFA 09\\FIFA09.exe"= "h:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\Fouc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "f:\\Program Files\\Steam\\steamapps\\common\\rollercoaster tycoon 3 gold\\RCT3plus.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassins Creed Brotherhood\\ACBSP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [10/01/2013 21:19 51144] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [8/09/2009 18:13 65584] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [9/09/2009 21:01 7936] R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [10/01/2013 11:09 166896] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [10/01/2013 11:09 547312] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/11/2007 17:31 38656] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [22/05/2012 22:02 99856] R3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\drivers\BDA_Capture_225.sys [11/11/2007 16:03 14592] R3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18/03/2009 23:54 47360] S2 gupdate1c98618c26df836;Google Update Service (gupdate1c98618c26df836);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 17:02 133104] S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\system32\drivers\BDA_Loader_225.sys [11/11/2007 16:03 18944] S3 cpuz130;cpuz130;\??\c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [9/09/2009 21:01 23680] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [19/04/2006 14:13 17280] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/11/2007 10:19 507264] S3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [10/01/2013 10:33 1239552] . Inhoud van de 'Gedeelde Taken' map . 2008-06-12 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF205168971.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 00:46] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003Core.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003UA.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Trusted Zone: plantyn.com\interactief TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\ FF - prefs.js: browser.search.selectedEngine - GoogleCOM FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - user.js: browser.search.selectedEngine - GoogleCOM FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-01-15 11:23 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" "a"="WINWORD.EXE" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids] "?_auto_file"=hex(0): . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Ondersteuning] "Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01,00,00,00,04,00,00,00,9e,00, 00,00,00,00,00,00,90,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,\ . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d2,c3,9e,bd,e9,f3,cc,fe,77,cc,2f,70,6c,87,f5,3a,ae,fb,2e,19,73,67,0e, 62,62,db,9d,96,58,ec,e1,0f,43,c9,ed,e5,20,1a,2d,a9,4e,a9,b1,10,0a,1e,78,ab,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:29,09,ae,db,59,de,b6,21,20,69,fe,c2,30,52,05,2a,c1,94,11,6d,42, e4,e1,72,24,f2,86,6f,1e,74,c0,46,34,22,e0,63,a4,08,a0,dc,57,3b,06,8f,42,82,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\.*)ð] @="?_auto_file" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Voltooingstijd: 2013-01-15 11:24:50 ComboFix-quarantined-files.txt 2013-01-15 10:24 ComboFix2.txt 2013-01-13 17:31 . Pre-Run: 66.921.070.592 bytes beschikbaar Post-Run: 66.905.911.296 bytes beschikbaar . - - End Of File - - C9174991147E2C018D17B6B2AF58C963
  6. Exif
    C:\Documents and Settings\Gilles\Mijn documenten\Downloads\6AS0 4h Noël Claudie
  7. Exif
    Hitman Pro vind nu nog 1 trojan (behalve cookies en sporen van Punkbuster). Deze: C:\System Volume Information\_restore{F57DF4C2-5459-458F-9E95-717E95F733E3}\RP1565\A0601515.exe Trojan.Generic.KDZ.4290 (Engine A)
  8. Exif
    ComboFix 13-01-13.01 - Gilles 13/01/2013 18:14:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2011 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gilles\Bureaublad\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents and settings\Gilles\Application Data\inst.exe c:\documents and settings\Gilles\Application Data\PriceGong c:\documents and settings\Gilles\Application Data\PriceGong\Data\1.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\4489.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\6174.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\a.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\b.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\c.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\d.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\e.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\f.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\g.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\h.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\i.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\j.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\k.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\l.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\m.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Gilles\Application Data\PriceGong\Data\n.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\o.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\p.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\q.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\r.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\s.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\t.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\u.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\v.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\w.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\x.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\y.txt c:\documents and settings\Gilles\Application Data\PriceGong\Data\z.txt c:\documents and settings\Gilles\Application Data\vso_ts_preview.xml c:\documents and settings\Gilles\Bureaublad\5. Pollution- la planète en danger c:\documents and settings\Gilles\Bureaublad\5. Pollution- la planète en danger c:\documents and settings\Gilles\Bureaublad\Interview avec Béatrice Delvaux.docx c:\documents and settings\Gilles\Bureaublad\Interview avec Béatrice Delvaux.docx c:\windows\system32\Process.exe c:\windows\system32\regdacl c:\windows\system32\regdacl\doc\RegAudit.GIF c:\windows\system32\regdacl\doc\RegAudit_e.htm c:\windows\system32\regdacl\doc\RegDACL.GIF c:\windows\system32\regdacl\doc\RegDACL_el.htm c:\windows\system32\regdacl\doc\RegDACL_er1.htm c:\windows\system32\regdacl\doc\RegDACL_er2.htm c:\windows\system32\regdacl\doc\RegDACL_er3.htm c:\windows\system32\regdacl\doc\RegDACLe.htm c:\windows\system32\regdacl\doc\RegLast_e.htm c:\windows\system32\regdacl\doc\RegOwner.GIF c:\windows\system32\regdacl\doc\RegOwner_e.htm c:\windows\system32\regdacl\doc\SMWNCV.cmd c:\windows\system32\regdacl\Orderinfo.htm c:\windows\system32\regdacl\RegToolsHelp.htm c:\windows\system32\SET8D.tmp c:\windows\system32\SET92.tmp c:\windows\system32\tmp2EA.tmp c:\windows\system32\tmp2EB.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wininit.ini G:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))) . . 2013-01-13 14:42 . 2013-01-13 14:42 388096 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-13 14:42 . 2013-01-13 14:42 -------- d-----w- c:\program files\Trend Micro 2013-01-13 13:21 . 2013-01-13 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-01-13 11:46 . 2013-01-13 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\B89CDD279E07EFFB0000B89C2490F577 2013-01-10 20:19 . 2013-01-10 09:33 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2013-01-10 20:19 . 2013-01-10 20:19 -------- d-----w- c:\program files\Soluto 2013-01-04 11:01 . 2013-01-04 11:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2013-01-04 11:01 . 2013-01-04 11:01 -------- d-----w- c:\program files\DVDVideoSoft 2013-01-04 00:12 . 2013-01-04 00:12 710504 ----a-w- c:\windows\is-LKOT0.exe 2012-12-30 15:53 . 2013-01-13 17:01 -------- d--h--r- c:\documents and settings\Gilles\Onlangs geopend 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2008-11-16 19:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:05 . 2012-07-18 12:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-13 12:05 . 2012-07-18 12:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 11:55 . 2004-08-04 12:00 1866496 ------w- c:\windows\system32\win32k.sys 2012-11-06 02:00 . 2008-04-14 17:02 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-05 23:15 . 2012-11-05 23:15 90112 ----a-w- c:\windows\system32\regdacl.exe 2012-11-05 23:15 . 2012-11-05 23:15 4096 ----a-w- c:\windows\system32\reboot.exe 2012-11-02 02:03 . 2004-08-04 12:00 375296 ------w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2009-09-12 22:05 . 2013-01-10 22:02 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-12 22:06 . 2013-01-10 22:02 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-12 22:06 . 2013-01-10 22:02 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-12 22:06 . 2013-01-10 22:02 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-12 22:06 . 2013-01-10 22:02 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-12 22:07 . 2013-01-10 22:02 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-12 22:06 . 2013-01-10 22:02 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-12 22:06 . 2013-01-10 22:02 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 12:33 . 2013-01-10 22:02 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-12 22:06 . 2013-01-10 22:02 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2013-01-10 22:02 . 2013-01-10 22:02 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-11-01 1201664] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-5 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Edimax Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Edimax Wireless Utility.lnk backup=c:\windows\pss\Edimax Wireless Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\UPDATE.EXE"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "h:\\Program Files\\FIFA 09\\FIFA09.exe"= "h:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\Fouc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"= "f:\\Program Files\\Steam\\steamapps\\common\\rollercoaster tycoon 3 gold\\RCT3plus.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassins Creed Brotherhood\\ACBSP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [10/01/2013 21:19 51144] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [8/09/2009 18:13 65584] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [9/09/2009 21:01 7936] R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [10/01/2013 11:09 166896] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [10/01/2013 11:09 547312] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/11/2007 17:31 38656] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [22/05/2012 22:02 99856] R3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\drivers\BDA_Capture_225.sys [11/11/2007 16:03 14592] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18/03/2009 23:54 47360] S2 gupdate1c98618c26df836;Google Update Service (gupdate1c98618c26df836);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 17:02 133104] S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\system32\drivers\BDA_Loader_225.sys [11/11/2007 16:03 18944] S3 cpuz130;cpuz130;\??\c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [9/09/2009 21:01 23680] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [19/04/2006 14:13 17280] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/11/2007 10:19 507264] S3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [10/01/2013 10:33 1239552] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2008-06-12 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF205168971.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 00:46] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003Core.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003UA.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Trusted Zone: plantyn.com\interactief TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\ FF - prefs.js: browser.search.selectedEngine - GoogleCOM FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - user.js: browser.search.selectedEngine - GoogleCOM FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . . ------- Bestandsassociaties ------- . .txt= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-01-13 18:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" "a"="WINWORD.EXE" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids] "?_auto_file"=hex(0): . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Ondersteuning] "Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01,00,00,00,04,00,00,00,9e,00, 00,00,00,00,00,00,90,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,\ . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d2,c3,9e,bd,e9,f3,cc,fe,77,cc,2f,70,6c,87,f5,3a,ae,fb,2e,19,73,67,0e, 62,62,db,9d,96,58,ec,e1,0f,43,c9,ed,e5,20,1a,2d,a9,4e,a9,b1,10,0a,1e,78,ab,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:29,09,ae,db,59,de,b6,21,20,69,fe,c2,30,52,05,2a,c1,94,11,6d,42, e4,e1,72,24,f2,86,6f,1e,74,c0,46,34,22,e0,63,a4,08,a0,dc,57,3b,06,8f,42,82,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\.*)ð] @="?_auto_file" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(2880) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2013-01-13 18:31:31 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-13 17:31 . Pre-Run: 66.700.324.864 bytes beschikbaar Post-Run: 67.097.055.232 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - CF7A56A6A7482FA7A49775D8484B6EA1
  9. Exif
    Ik ben kennelijk iets te snel geweest want bij een 2de scan van Hitman Pro doken 2 trojans op die hij daarvoor niet had gevonden. Hierbij het logje: Suspicious files ____________________________________________________________ C:\Documents and Settings\Gilles\Local Settings\Application Data\PunkBuster\BC2\pb\PnkBstrK.sys Size . . . . . . . : 140.024 bytes Age . . . . . . . : 574.2 days (2011-06-19 12:35:41) Entropy . . . . . : 7.8 SHA-256 . . . . . : C2772100225BF76DF9D53773281CD8F492F24824866252123CF2CABA88BD4A04 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Documents and Settings\Gilles\Local Settings\Application Data\PunkBuster\COD4\pb\PnkBstrK.sys Size . . . . . . . : 139.448 bytes Age . . . . . . . : 938.7 days (2010-06-20 00:15:24) Entropy . . . . . : 7.7 SHA-256 . . . . . : 12C5AD34F550D47E3EB507733C21EE5B111B153F5F638D366DB6CD2BFB94F4A3 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Documents and Settings\Gilles\Local Settings\Application Data\PunkBuster\MOH\pb\PnkBstrK.sys Size . . . . . . . : 139.832 bytes Age . . . . . . . : 832.2 days (2010-10-04 13:32:56) Entropy . . . . . : 7.8 SHA-256 . . . . . : 4DA51D1D0A2ECA3357EE2FF80015937CA648D8507F04CA06DE47D59601042F53 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Documents and Settings\Gilles\Local Settings\Application Data\PunkBuster\WAW\pb\PnkBstrK.sys Size . . . . . . . : 137.200 bytes Age . . . . . . . : 1291.8 days (2009-07-01 22:50:45) Entropy . . . . . : 7.7 SHA-256 . . . . . : 33BE72D3E3359305E9381A1E6F561C3C73A2CA0BD5EDF65B61CBD683A5320C04 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\WINDOWS\system32\drivers\PnkBstrK.sys Size . . . . . . . : 139.448 bytes Age . . . . . . . : 1890.8 days (2007-11-10 21:19:15) Entropy . . . . . : 7.7 SHA-256 . . . . . : 12C5AD34F550D47E3EB507733C21EE5B111B153F5F638D366DB6CD2BFB94F4A3 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 26.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Cookies _____________________________________________________________________ C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ad.360yield.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ad.prismamediadigital.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:adbrite.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ads.clicmanager.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ads.creative-serving.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ads.ookla.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ads.pubmatic.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ads.roularta.adhese.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:adtech.de C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:advertstream.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:be.sitestat.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:boursoramabanque.solution.weborama.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:bs.serving-sys.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:clubmedbelgique.solution.weborama.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:eas4.emediate.eu C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ffddela.solution.weborama.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:fr.sitestat.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:invitemedia.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:kaspersky.122.2o7.net C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:media6degrees.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:nl.sitestat.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:questionmarket.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:revsci.net C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ru4.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:server.cpmstar.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:serving-sys.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:smartadserver.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:statoil.solution.weborama.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:track.adform.net C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:tribalfusion.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:weborama.fr C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:ww251.smartadserver.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:www.googleadservices.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:www4.smartadserver.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:xiti.com C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\cookies.sqlite:yieldmanager.net [/code]
  10. Exif
    Super, alles opgelost. Dankjewel.
  11. Exif
    Ok, dank je. Heb die regel verwijderd. Ken je het virus toevallig? Het lijkt vooral gemaakt om een valse antivirus te verkopen, maar kan het ook persoonlijke informatie doorgespeeld hebben naar de makers of is dat risico eerder klein? En wat met het 'gamemon.des' bestand?
  12. Exif
    Hallo, Door simpelweg naar de site van een tuinbouwbedrijf te surfen heb ik het virus 'System Progressive Protection' binnengehaald. Het blokkeerde elk programma dat ik wou opstarten, maar gelukkig heb ik het in veilige modus kunnen verwijderen met MBAM. Doch ben ik niet zeker of nu alle sporen verwijderd zijn en daarom heb ik een HJT logje gemaakt. Voorts gaf een scan met Hitman Pro het volgende bestand: 'gamemon.des' Ik heb het even gegoogled en volgens de ene site is het schadelijke malware en volgens de andere site een false positive. Wat doe ik hiermee? Alvast bedankt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:43:16, on 13/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Soluto\SolutoLauncherService.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O15 - Trusted Zone: Plantyn - Welkom! O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194456877671 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://karesuando.axiscam.net:81/activex/AMC.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.117.186.205/activex/AxisCamControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98618c26df836) (gupdate1c98618c26df836) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10889 bytes
  13. Exif
    Ik heb het gevonden. Het lag aan de vernieuwingsfrequentie v/h scherm. Stond op 60 en nu op 75 gezet. De bieptoon zal ik eens nakijken in de handleiding want ik weet het merk van mijn bios niet meteen.
  14. Exif
    Drivers geïnstalleerd en de schokkende bewegingen bij het slepen zijn weg, maar ik heb nog wel de indruk dat de tekst op mijn bureaublad en in de browsers nog onscherp/wazig is. De resolutie op mijn 19 inch scherm staat ingesteld op 1280 x 1024. Heb al wat zitten spelen met de instellingen maar zonder resultaat. Daarnaast start de pc normaal op, maar in het begin geeft hij wel telkens één korte piep. Is dat goed of slecht?
  15. Exif
    Ai nee sorry, Windows XP nog...
  16. Exif
    Asus HD 6450 Silent 512 MB
  17. Exif
    Dat van die tijd is opgelost, ik had die zelf nog niet juist genoeg gezet om te synchroniseren. Nu heb ik wel weeral een ander probleem :s De drivers voor mijn grafische kaart downloaden van de officiële Asus site lukt niet. Windows zegt dat de gecomprimeerde map beschadigd is en kan de map niet uitpakken omdat er niets in zit. Paar keer geprobeerd, steeds hetzelfde. Dan geprobeerd om de drivers direct van AMD te downloaden, maar daar krijg ik een downloadfout als ik het bestand wil opslaan. En de drivers zijn wel nodig want als ik bv. een bestand of icoon sleep over het bureablad maakt het zo van die schokkende bewegingen. Of ligt dat aan iets anders?
  18. Exif
    Ja ik ga erzo eentje kopen, kost bij alternate 2,5 euro. Toch vind ik het maar minnetjes dat dat niet standaard bij een Cooler Master voeding zit. Je krijgt een hoop extra kabels waar je niets mee bent behalve die ene dan. Tot zolang ga ik die 8 pin wel in die 4 pin laten steken want heb mijn pc dringend terug nodig. ---------- Post toegevoegd om 19:55 ---------- Vorige post was om 19:44 ---------- Datum en tijd staan wel fout in Windows en automatisch laten synchroniseren via het internet gaat niet: er is een fout opgetreden enz...
  19. Exif
    Ok, PC heeft zichzelf terug opgestart na F10 en de error lijkt weg. Schermresolutie klopt wel nog niet want ik heb ook mijn grafische kaart moeten vervangen. Het beste is zeker om nu de oude drivers te deleten en dan de nieuwe te downloaden? Wat die kabel betreft, die foto klopt niet helemaal. Ik heb de linkse kabel op de onderstaande foto:
  20. Exif
    Ok F1 en dan? Wat die nota betreft, zal me dan wel een verloopstekker van 8 naar 4 kopen want die kabel in twee breken zie ik niet echt zitten.
  21. Exif
    Ik heb de 8 pin gewoon in de 4 pin connector gestoken. Volgens wat opzoekwerk op het net zou dat geen kwaad kunnen. Heb nu mijn pc eens opgestart, maar de problemen zijn nog niet voorbij: hij geeft een piep en dan de error: CMOS Checksum Bad Press F1 to Run SETUP Press F2 to load default values and continue help
  22. Exif
    Dat gaat niet, het is één stekker van 8 pins. Je kunt er niet 2x4 pins van maken.
  23. Exif
    Wacht, zal het even duidelijker maken. --> 24 pin kabel is aangesloten op het moederbord De 4 pin connector op het moederbord voor de CPU moet nog aangesloten worden, maar bij de voeding zit enkel 2x8 pin voor de CPU (staat ook zo op de doos). Mijn vraag is eigenlijk: kan ik zo'n 8 pin kabel gewoon aansluiten op een 4 pin connector (er worden dan 4 pins niet gebruikt) of moet ik een verloopkabel gaan zoeken?
  24. Exif
    ja, de sata kabels enzo maar die heb ik al aangesloten. Enkel het moederbord nog.
  25. Exif
    Ongeveer, die moederboard connector heeft er 24 bij mij ipv 20. Op mijn moederbod (P5K) heb ik: een ATX 12v slot van 4 en een EATX power slot van 24. Uit mijn PSU komen er drie kabels: 2x 8-pin (en dus niet 4+4) en 1x 24-pin. Welke moet ik nu nog aansluiten?
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.