aartje

19 januari 2012

Heel erg bedankt!!!

19 januari 2012

Ja, dat is uitstekend.

19 januari 2012

Vanaf het "welkom" tot het buroblad 35 seconden!

Dan zie ik links onderin beeld Soluto die het buroblad een beetje omvouwt en vertelt wat er nog allemaal opgestart wordt en hoelang dat nog duurt.

Totale opstarttijd was nu: 1:25 seconden!

---------- Post toegevoegd om 09:05 ---------- Vorige post was om 09:02 ----------

1:25 staat voor 1 min en 25 seconden :

19 januari 2012

Ik krijg steeds de volgende berichten:

Ik probeer de vorige test nog een keer.

Combolog:

ComboFix 12-01-09.03 - Henk 19-01-2012 8:13:08.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2840 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Henk\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: C:\Documents and Settings\Henk\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

- VERMINDERDE FUNCTIONALITEIT MODUS -

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-19 to 2012-01-19 ))))))))))))))))))))))))))))))

2012-01-18 15:18:12 . 2012-01-18 15:18:12 -------- d-----w- C:\WINDOWS\system32\drivers\NSS

2012-01-18 15:18:12 . 2012-01-18 15:18:12 -------- d-----w- C:\Program Files\Norton Security Scan

2012-01-18 15:18:08 . 2012-01-18 15:18:08 -------- d-----w- C:\Program Files\NortonInstaller

2012-01-18 14:00:51 . 2012-01-18 14:00:51 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\iolo

2012-01-18 13:18:12 . 2012-01-18 13:18:12 -------- d-----w- C:\WINDOWS\system32\Adobe

2012-01-18 10:28:50 . 2008-04-14 16:35:51 53504 ----a-w- C:\WINDOWS\system32\drivers\i8042prt.sys

2012-01-18 07:52:16 . 2012-01-18 07:52:16 -------- d-----w- C:\Documents and Settings\Henk\Application Data\Malwarebytes

2012-01-18 07:51:49 . 2012-01-18 07:51:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2012-01-18 07:51:46 . 2012-01-18 07:51:53 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-01-18 07:51:46 . 2011-12-10 14:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2012-01-17 14:30:11 . 2012-01-17 14:30:11 388096 ----a-r- C:\Documents and Settings\Henk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-17 13:51:28 . 2012-01-02 16:15:26 51144 ----a-w- C:\WINDOWS\system32\drivers\Soluto.sys

2012-01-17 13:51:20 . 2012-01-17 13:51:33 -------- d-----w- C:\Program Files\Soluto

2012-01-17 13:50:52 . 2012-01-17 14:02:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Soluto

2012-01-16 07:57:29 . 2012-01-19 07:10:47 -------- d--h--r- C:\Documents and Settings\Henk\Onlangs geopend

2012-01-16 07:55:21 . 2012-01-16 07:55:22 -------- d-----w- C:\Program Files\CCleaner

2012-01-10 09:02:34 . 2012-01-10 09:02:34 -------- d-----w- C:\Program Files\Common Files\Java

2012-01-09 09:56:31 . 2012-01-09 09:56:33 -------- d-----w- C:\Documents and Settings\Henk\Local Settings\Application Data\Thunderbird

2012-01-09 09:56:31 . 2012-01-09 09:56:33 -------- d-----w- C:\Documents and Settings\Henk\Application Data\Thunderbird

2012-01-09 09:56:15 . 2012-01-09 09:56:24 -------- d-----w- C:\Program Files\Mozilla Thunderbird

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-25 21:57:58 . 2004-09-13 19:09:46 293888 ----a-w- C:\WINDOWS\system32\winsrv.dll

2011-11-23 14:40:48 . 2011-09-15 12:41:06 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-11-20 06:12:53 . 2004-09-13 19:01:47 60928 ----a-w- C:\WINDOWS\system32\packager.exe

2011-11-16 14:22:18 . 2011-09-15 12:41:06 152064 ----a-w- C:\WINDOWS\system32\schannel.dll

2011-11-16 14:22:18 . 2004-09-13 19:09:36 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll

2011-11-10 04:54:13 . 2010-10-25 13:42:57 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-11-10 02:27:10 . 2011-02-09 07:51:43 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2011-11-08 10:39:08 . 2011-11-04 07:22:24 2078208 ----a-w- C:\WINDOWS\system32\Incinerator32.dll

2011-11-08 10:11:10 . 2011-10-31 07:25:13 29696 ----a-w- C:\WINDOWS\system32\iolobtdfg.exe

2011-11-08 10:11:02 . 2011-10-31 07:25:13 11776 ----a-w- C:\WINDOWS\system32\smrgdf.exe

2011-11-04 19:13:23 . 2004-09-13 19:09:36 916992 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-11-04 19:13:22 . 2004-09-13 18:57:27 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-11-04 19:13:22 . 2004-09-13 18:55:59 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-11-04 11:25:39 . 2004-09-13 18:55:35 385024 ----a-w- C:\WINDOWS\system32\html.iec

2011-11-03 15:29:18 . 2004-09-13 19:02:40 1296384 ----a-w- C:\WINDOWS\system32\quartz.dll

2011-11-03 15:29:18 . 2004-09-13 19:02:36 386560 ----a-w- C:\WINDOWS\system32\qdvd.dll

2011-11-01 16:07:16 . 2004-09-13 19:01:36 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll

2011-10-31 07:22:46 . 2011-10-31 07:22:46 74703 ----a-w- C:\WINDOWS\system32\mfc45.dll

2011-10-28 05:32:20 . 2011-09-15 12:41:07 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll

2011-10-26 10:50:01 . 2011-09-15 12:41:01 2153472 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe

2011-10-26 10:50:01 . 2011-09-15 12:41:01 2031616 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 07:15:42 1461080]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Controller.LNK]

backup=C:\WINDOWS\pss\Controller.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk]

backup=C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

backup=C:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TMMonitor.lnk]

backup=C:\WINDOWS\pss\TMMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Henk^Menu Start^Programma's^Opstarten^Webshots.lnk]

backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37:53 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 14:09:06 63712 -c--a-w- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 03:47:04 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2011-07-07 15:54:00 399312 ----a-w- C:\Program Files\Ask.com\Updater\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 17:03:20 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 20:17:32 49152 -c--a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IR_SERVER]

2007-04-16 10:45:48 139264 -c--a-w- C:\Program Files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2009-05-05 14:06:06 222496 ----a-w- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]

2008-06-06 14:08:40 198184 -c--a-w- C:\Program Files\KPN\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater]

2011-05-20 06:50:30 1979776 ----a-w- C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03:07 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12:58 3872080 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

2008-06-17 14:00:34 1249280 -c--a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2009-04-17 12:33:34 54576 -c--a-w- C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2008-08-11 06:31:54 1124352 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18:00 443968 -c--a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage]

2009-10-19 08:32:36 5592352 ----a-w- C:\Program Files\Nuance\OmniPage17\OmniPage17.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-02-15 17:50:12 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-22 16:20:44 339968 -c--a-w- C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15:04 13351304 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48:33 479232 ----a-w- C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\KPN\\agent\\bin\\bcont.exe"=

"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"C:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"C:\\Documents and Settings\\Henk\\Mijn documenten\\Downloads\\solutoinstaller-Wm56Jed9YG.exe"=

"C:\\Program Files\\Soluto\\Soluto.exe"=

"C:\\Program Files\\Soluto\\SolutoService.exe"=

"C:\\Program Files\\Soluto\\SolutoConsole.exe"=

"C:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Soluto;Soluto;C:\WINDOWS\system32\drivers\Soluto.sys [17-1-2012 14:51:28 51144]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [7-10-2009 8:18:36 35168]

R2 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21:52 249648]

R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16:50 472280]

R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [31-10-2011 8:26:15 722616]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2-1-2012 17:30:20 515104]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\WINDOWS\system32\drivers\aabed2.sys [20-3-2008 3:34:52 21888]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37:50 4640000]

S2 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23:42 196176]

S2 gupdate;Google Updateservice (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28:17 135664]

S3 cpuz135;cpuz135;\??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys --> C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28:17 135664]

S3 NmPar;PCI Parallel Port;C:\WINDOWS\system32\drivers\NmPar.sys [24-12-2008 5:40:12 80256]

S3 nmserial;PCI Serial Port;C:\WINDOWS\system32\drivers\NmSerial.sys [16-12-2008 6:10:34 70016]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [8-9-2010 8:38:10 137344]

S3 RTL2831UBDA;REALTEK 2831U BDA Driver;C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [6-1-2009 8:33:42 62720]

S3 RTL2831UUSB;REALTEK 2831U USB Driver;C:\WINDOWS\system32\drivers\RTL2831UUSB.sys [6-1-2009 8:33:42 24064]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\ssadbus.sys [12-8-2011 8:28:53 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\system32\drivers\ssadmdfl.sys [12-8-2011 8:28:56 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\system32\drivers\ssadmdm.sys [12-8-2011 8:28:56 136808]

S4 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [22-11-2004 15:15:15 3072]

S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);C:\Program Files\KPN\bin\sprtsvc.exe [6-6-2008 15:08:56 202016]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - BBSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d7b70-bd50-11de-bd4c-00123f77e8e0}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6701bc-683d-11dd-bc0e-00123f77e8e0}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbae58d-c48a-11df-be3c-00123f77e8e0}]

\Shell\AutoRun\command - I:\SanDiskMediaManager.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33e902c-ba27-11de-bd4a-00123f77e8e0}]

\Shell\AutoRun\command - I:\laucher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1356e4-9306-11df-be0d-00123f77e8e0}]

\Shell\AutoRun\command - I:\Install_Nokia_Ovi_Suite.exe

Inhoud van de 'Gedeelde Taken' map

2012-01-19 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28:17 . 2011-12-02 14:28:07]

2012-01-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28:17 . 2011-12-02 14:28:07]

2012-01-18 C:\WINDOWS\Tasks\Norton Security Scan for Henk.job

- C:\PROGRA~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-01-18 15:18:13 . 2011-11-04 07:02:38]

2011-11-18 C:\WINDOWS\Tasks\OGALogon.job

- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 13:07:42 . 2009-08-03 13:07:42]

2012-01-19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{008C2A0D-DC20-4263-AB42-901853D9E996}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 02:31:54]

------- Bijkomende Scan -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://nl.msn.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.2.254

DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab

DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://192.168.2.250:9250/activex/AMC.cab

DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab

Hijack probleempje:

Hijacklog:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:28:44, on 19-1-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Soluto\soluto.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Soluto\SolutoService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375

O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab

O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 7281 bytes

18 januari 2012

Combo log:

ComboFix 12-01-09.03 - Henk 18-01-2012 15:11:51.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2889 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Henk\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Henk\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Henk\Menu Start\Internet Explorer.lnk

C:\Thumbs.db

c:\windows\struct~.ini

c:\windows\system32\muzapp.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-18 to 2012-01-18 ))))))))))))))))))))))))))))))

.

2012-01-18 14:00 . 2012-01-18 14:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo

2012-01-18 13:18 . 2012-01-18 13:18 -------- d-----w- c:\windows\system32\Adobe

2012-01-18 10:28 . 2008-04-14 16:35 53504 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2012-01-18 07:52 . 2012-01-18 07:52 -------- d-----w- c:\documents and settings\Henk\Application Data\Malwarebytes

2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-18 07:51 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-17 14:30 . 2012-01-17 14:30 388096 ----a-r- c:\documents and settings\Henk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-17 13:51 . 2012-01-02 16:15 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-01-17 13:51 . 2012-01-17 13:51 -------- d-----w- c:\program files\Soluto

2012-01-17 13:50 . 2012-01-17 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2012-01-16 07:57 . 2012-01-18 13:37 -------- d--h--r- c:\documents and settings\Henk\Onlangs geopend

2012-01-16 07:55 . 2012-01-16 07:55 -------- d-----w- c:\program files\CCleaner

2012-01-10 09:02 . 2012-01-10 09:02 -------- d-----w- c:\program files\Common Files\Java

2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Local Settings\Application Data\Thunderbird

2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Application Data\Thunderbird

2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\program files\Mozilla Thunderbird

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2004-09-13 19:09 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2011-09-15 12:41 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2004-09-13 19:01 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-10 04:54 . 2010-10-25 13:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2011-02-09 07:51 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-08 10:39 . 2011-11-04 07:22 2078208 ----a-w- c:\windows\system32\Incinerator32.dll

2011-11-08 10:11 . 2011-10-31 07:25 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-11-08 10:11 . 2011-10-31 07:25 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-11-04 19:13 . 2004-09-13 19:09 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2004-09-13 18:57 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2004-09-13 18:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2004-09-13 18:55 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2004-09-13 19:02 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-03 15:29 . 2004-09-13 19:02 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-01 16:07 . 2004-09-13 19:01 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 07:22 . 2011-10-31 07:22 74703 ----a-w- c:\windows\system32\mfc45.dll

2011-10-28 05:32 . 2011-09-15 12:41 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2011-09-15 12:41 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2011-09-15 12:41 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymInstallStub"="c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe" [2012-01-18 294328]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit,"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Controller.LNK]

backup=c:\windows\pss\Controller.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk]

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TMMonitor.lnk]

backup=c:\windows\pss\TMMonitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Henk^Menu Start^Programma's^Opstarten^Webshots.lnk]

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 14:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2011-07-07 15:54 399312 ----a-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 20:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IR_SERVER]

2007-04-16 10:45 139264 -c--a-w- c:\program files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2009-05-05 14:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]

2008-06-06 14:08 198184 -c--a-w- c:\program files\KPN\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater]

2011-05-20 06:50 1979776 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

2008-06-17 14:00 1249280 -c--a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2009-04-17 12:33 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2008-08-11 06:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage]

2009-10-19 08:32 5592352 ----a-w- c:\program files\Nuance\OmniPage17\OmniPage17.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-22 16:20 339968 -c--a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\rundll32.exe"=

"c:\\Program Files\\KPN\\agent\\bin\\bcont.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Documents and Settings\\Henk\\Mijn documenten\\Downloads\\solutoinstaller-Wm56Jed9YG.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [17-1-2012 14:51 51144]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 8:18 35168]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16 472280]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [31-10-2011 8:26 722616]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2-1-2012 17:30 515104]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [20-3-2008 3:34 21888]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664]

S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24-12-2008 5:40 80256]

S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16-12-2008 6:10 70016]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8-9-2010 8:38 137344]

S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [6-1-2009 8:33 62720]

S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [6-1-2009 8:33 24064]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12-8-2011 8:28 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12-8-2011 8:28 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12-8-2011 8:28 136808]

S4 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [22-11-2004 15:15 3072]

S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [6-6-2008 15:08 202016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d7b70-bd50-11de-bd4c-00123f77e8e0}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6701bc-683d-11dd-bc0e-00123f77e8e0}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbae58d-c48a-11df-be3c-00123f77e8e0}]

\Shell\AutoRun\command - I:\SanDiskMediaManager.EXE

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33e902c-ba27-11de-bd4a-00123f77e8e0}]

\Shell\AutoRun\command - I:\laucher.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1356e4-9306-11df-be0d-00123f77e8e0}]

\Shell\AutoRun\command - I:\Install_Nokia_Ovi_Suite.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28]

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28]

.

2011-11-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

2012-01-18 c:\windows\Tasks\SymInstallStub.job

- c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe [2012-01-18 13:18]

.

2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{008C2A0D-DC20-4263-AB42-901853D9E996}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://nl.msn.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.2.254

DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab

DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://192.168.2.250:9250/activex/AMC.cab

DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-18 15:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}*]

"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,

5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,0d,b0,b2,

ed,74,50,00,3a,71,36,12,90,07,fb,e8,eb,3d,4f,9b,01,a7,c7,93,02,ae,f2,66,90,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2012-01-18 15:16:29

ComboFix-quarantined-files.txt 2012-01-18 14:16

ComboFix2.txt 2012-01-18 10:37

.

Pre-Run: 113.226.334.208 bytes beschikbaar

Post-Run: 113.218.392.064 bytes beschikbaar

.

- - End Of File - - 5CCE0036E59CCAE150F081BFFA057D5E

Hijack log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:17:15, on 18-1-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Soluto\soluto.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Soluto\SolutoService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl