Erwtje69

Behalve dat dat venster voor systeemconfiguratie hier elke keer op het scherm staat bij het opstarten van deze pc ,is alle ok,Fake. Ook al staat er een vinkje bij :dit scherm de volgend keer niet meer tonen...of zo iets indien aard,toch komt het bij elke opstart te voorschijn,zelfs al is alles aangevinkt om mee op te starten. Dit is namelijk mijn tweede desktop computer die hier op mijn slaapkamer staat. De computer die dmv.uw hulp ,verleden week in orde is gebracht is nog altijd dik in orde,Fake. MVg.Erwtje69

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:25, on 2/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 8160 bytes

Ok ,Fake, heb alle punten overlopen en met succes uitgevoerd. Alles ziet er nog goed uit. Nogmaals bedankt voor uw hulp vanwege Erwtje69. Ps: U mag van mij deze discussie als :"opgelost" publiceren,hoor. Bye

Ziet er tot nu toe allemaal goed uit,Fake. Hopelijk blijft deze computer zich nu een tijdje deftig gedragen,he. Alvast hartelijk dank voor al die spontane hulp. Eingelijk zou ik dat ook wel willen kunnen ,ik bedoel dat werken met combo-fix ,Hijackthis logjes ontleden,enz. Maar waar leer je nu zo iets ,he?? Geen idee van. U wel??? Enfin,nogmaal bedankt,hoor. Mvg.Erwtje69

Fake, ik heb ontdekt dat wanneer ik beide logjes elk appart op deze site post,dat dat geen problemen geeft. Wanneer ik ze beiden terzelfdertijd ,dus in één -en dezelfde post, hier post,ik steevast de melding :"de pagina kan niet weergegeven worden" ,krijg ,waarschijnlijk omdat de time -out telkens is verstreken,want het duurt een tijdje alvorens die pagina met die foutmelding op de proppen komt. Of is er hier een limiet ingesteld qua groote van geposte bestanden?? Alvast bedankt. Ben al blij dat het mij na drie of vier keer proberen te posten het mij uiteindelijk toch weer gelukt is. mvg.Erwtje69

ComboFix 09-02-21.01 - Erwtje 2009-02-24 13:21:49.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1503 [GMT 1:00] Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Erwtje\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated) AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: COMODO Firewall Pro *disabled* FW: Trend Micro Personal Firewall *disabled* * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat c:\windows\system32\3AA45Enp.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\wpd99.drv . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\RECYCLER(2) c:\recycler(2)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2 C:\RECYCLER(3) c:\recycler(3)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2 c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\wpd99.drv . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))) . 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue 2009-02-23 21:33 . 2009-02-24 13:19 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software 2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card 2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE} 2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys 2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys 2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys 2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys 2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys 2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll 2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys 2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM 2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo 2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll 2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator 2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll 2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information 2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP 2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ 2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995 2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll 2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll 2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995 2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping 2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft 2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR 2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET 2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll 2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys 2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll 2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll 2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll 2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll 2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll 2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll 2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll 2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File 2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll 2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL 2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll 2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak 2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak 2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto 2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie 2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll 2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll 2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll 2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll 2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-02-23 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys 2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll 2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue 2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo 2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar 2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon 2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-02-19 21:57 --------- d-----w c:\program files\Canon 2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6 2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe 2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software 2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-11 23:08 --------- d-----w c:\program files\MSECache 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView 2009-01-13 14:44 --------- d-----w c:\program files\CCleaner 2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes 2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys 2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll 2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-23_21.50.22.15 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-23 20:40:02 60,760 ----a-w c:\windows\system32\perfc009.dat + 2009-02-24 08:52:17 60,760 ----a-w c:\windows\system32\perfc009.dat - 2009-02-23 20:40:02 79,912 ----a-w c:\windows\system32\perfc013.dat + 2009-02-24 08:52:17 79,912 ----a-w c:\windows\system32\perfc013.dat - 2009-02-23 20:40:02 400,600 ----a-w c:\windows\system32\perfh009.dat + 2009-02-24 08:52:17 400,600 ----a-w c:\windows\system32\perfh009.dat - 2009-02-23 20:40:02 465,120 ----a-w c:\windows\system32\perfh013.dat + 2009-02-24 08:52:17 465,120 ----a-w c:\windows\system32\perfh013.dat + 2009-02-24 08:47:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_618.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "vidc.mjpx"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk] path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk] backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk] backup=c:\windows\pss\Shrink Pic.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk] backup=c:\windows\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk] backup=c:\windows\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk] backup=c:\windows\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] --a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] --a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray] --a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] f:\digital imaging\\Unload\hpqcmon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go] -----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch] -ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] F:\iTunesHelper.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC] --a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] --a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] --a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor] c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE] --a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] f:\hp share-to-web\hpgs2wnd.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] --------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] --a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] --a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FirebirdServerMAGIXInstance"=3 (0x3) "BsHelpCS"=3 (0x3) "BlueSoleilCS"=2 (0x2) "Apple Mobile Device"=2 (0x2) "a2free"=2 (0x2) "StarWindServiceAE"=2 (0x2) "TapiSrv"=3 (0x3) "Schedule"=2 (0x2) "LVPrcSrv"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\CCleaner\\ccleaner.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Piolet\\Piolet.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"= "c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"= "c:\\Program Files\\PrinterAnywhere\\paConsole.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320] S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] --- Andere Services/Drivers In Geheugen --- *Deregistered* - ImapiService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmsrvc *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NMSAccessU *Deregistered* - nmservice *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - rpcapd *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - SCardSvr *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SoundMAX Agent Service (default) *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Uniblue DiskRescue *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb . Inhoud van de 'Gedeelde Taken' map 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-12-05 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart\RegistrySmart.exe [] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart [] 2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22] 2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\support Trusted Zone: microsoft.com\www.update DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-24 13:23:56 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f, 62,68,66,68,00,00 "haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d, 6f,62,67,66,00,00 [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4, 7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf, 1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5, 7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43, 97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8, 92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05, a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db, c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18, 06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba, 16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59, 8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a, a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65, ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] @DACL=(02 0012) @Denied: (Full) (Everyone) "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00, 00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-02-24 13:25:43 ComboFix-quarantined-files.txt 2009-02-24 12:25:41 ComboFix2.txt 2009-02-23 21:28:59 ComboFix3.txt 2009-02-23 20:51:35 ComboFix4.txt 2009-02-23 17:43:24 ComboFix5.txt 2009-02-24 12:21:19 Pre-Run: 220.624.482.304 bytes beschikbaar Post-Run: 220,602,757,120 bytes beschikbaar Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7 561 --- E O F --- 2009-02-19 20:49:11

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:36:55, on 24/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\WinPcap\rpcapd.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - F:\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 12424 bytes

Dat is geen probleem voor mij,Fake. Hopelijk kan jij het oplossen .Doe maar rustig aan hoor. Heb nog een desktop met xp home servicepack 3 en een Dell laptop met vista premium erop in geval van nood. Nog een goed nacht toegewenst vanwege, Mvg .erwtje69

Ik snap hier echt niks meer van,he Fake. telkens ik hier het combofix logje wilde publiceren ,ging de webbrowser zo traag dat ik telkens de volgende foutmelding kreeg:"de pagina kan niet weergegeven worden."Ik mocht doen wat ik wilde ik geraakte niet meer op deze discussie,wel op de website,maar het geplakte logje draaide telkens uit op een foutmelding.Nu blijkt dat het hier ettelijke keren toch gepost is??? Nu kan ik niet meer volgen,zulle.Erzit hier ergens een serieuze trojan of zo verscholen volgens mij.Nu is ook plotseling mijn werkbalk dubbel zo groot geworden zonder dat ik ook maar iets gewijzigd heb?? Help!!

Amaai,dat verliep hier niet van een leien dakje ,Fake.Ik kon zelfs geen verbinding meer maken hier op deze website.Ik kon wel het logje plakken maar tijdens het doorsturen kreeg ik telkens:"kan de pagina niet weergeven???????? Hopelijk is het nu gelukt MVG.Erwtje69 ComboFix 09-02-21.01 - Erwtje 2009-02-23 21:47:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1501 [GMT 1:00] Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated) AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: COMODO Firewall Pro *disabled* FW: Trend Micro Personal Firewall *disabled* . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Erwtje\Application Data\inst.exe c:\windows\system32\tmp.reg L:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))) . 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend 2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software 2009-02-23 21:27 . 2009-02-23 21:33 <DIR> d--hs---- C:\RECYCLER(3) 2009-02-23 21:17 . 2009-02-23 21:33 <DIR> d-------- C:\RECYCLER(2) 2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card 2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE} 2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys 2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys 2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys 2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys 2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys 2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll 2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys 2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM 2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo 2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll 2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator 2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll 2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information 2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP 2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ 2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995 2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll 2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll 2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv 2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995 2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat 2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping 2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft 2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR 2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET 2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll 2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys 2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll 2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll 2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll 2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll 2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll 2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll 2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll 2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File 2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll 2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL 2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll 2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak 2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak 2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto 2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie 2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll 2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll 2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll 2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll 2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys 2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll 2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue 2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo 2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar 2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon 2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-02-19 21:57 --------- d-----w c:\program files\Canon 2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6 2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe 2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software 2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-11 23:08 --------- d-----w c:\program files\MSECache 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView 2009-01-13 14:44 --------- d-----w c:\program files\CCleaner 2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes 2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys 2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll 2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "vidc.mjpx"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk] path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk] backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk] backup=c:\windows\pss\Shrink Pic.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk] backup=c:\windows\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk] backup=c:\windows\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk] backup=c:\windows\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] --a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] --a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray] --a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] f:\digital imaging\\Unload\hpqcmon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go] -----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch] -ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] F:\iTunesHelper.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC] --a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] --a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] --a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor] c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE] --a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] f:\hp share-to-web\hpgs2wnd.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] --------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] --a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] --a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FirebirdServerMAGIXInstance"=3 (0x3) "BsHelpCS"=3 (0x3) "BlueSoleilCS"=2 (0x2) "Apple Mobile Device"=2 (0x2) "a2free"=2 (0x2) "StarWindServiceAE"=2 (0x2) "TapiSrv"=3 (0x3) "Schedule"=2 (0x2) "LVPrcSrv"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\CCleaner\\ccleaner.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Piolet\\Piolet.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"= "c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"= "c:\\Program Files\\PrinterAnywhere\\paConsole.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320] S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] --- Andere Services/Drivers In Geheugen --- *Deregistered* - ImapiService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmsrvc *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NMSAccessU *Deregistered* - nmservice *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - rpcapd *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - SCardSvr *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SoundMAX Agent Service (default) *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Uniblue DiskRescue *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}] \Shell\AutoRun\command - H:\ClickMe.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb . Inhoud van de 'Gedeelde Taken' map 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-12-24 c:\windows\Tasks\At1.job - c:\windows\system32\3AA45Enp.exe [] 2008-10-11 c:\windows\Tasks\At10.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At11.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At12.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At13.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At14.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At15.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At16.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At17.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At18.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At19.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At2.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At20.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At21.job - c:\windows\system32\3AA45Enp.exe [] 2009-02-17 c:\windows\Tasks\At22.job - c:\windows\system32\3AA45Enp.exe [] 2009-02-17 c:\windows\Tasks\At23.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At24.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At3.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At4.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At5.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At6.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At7.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At8.job - c:\windows\system32\3AA45Enp.exe [] 2008-10-11 c:\windows\Tasks\At9.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-05 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart\RegistrySmart.exe [] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart [] 2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22] 2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\support Trusted Zone: microsoft.com\www.update DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . . ------- Bestandsassociaties ------- . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-23 21:49:46 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f, 62,68,66,68,00,00 "haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d, 6f,62,67,66,00,00 [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4, 7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf, 1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5, 7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43, 97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8, 92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05, a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db, c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18, 06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba, 16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59, 8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a, a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65, ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] @DACL=(02 0012) @Denied: (Full) (Everyone) "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00, 00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-02-23 21:51:34 ComboFix-quarantined-files.txt 2009-02-23 20:51:31 ComboFix2.txt 2009-02-23 17:43:24 ComboFix3.txt 2007-05-22 19:46:20 Pre-Run: 220,685,168,640 bytes beschikbaar Post-Run: 220,614,356,992 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7 570 --- E O F --- 2009-02-19 20:49:11

ComboFix 09-02-21.01 - Erwtje 2009-02-23 18:39:51.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2048.1403 [GMT 1:00] Gestart vanuit: m:\mijn setup's\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated) AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: COMODO Firewall Pro *disabled* FW: Trend Micro Personal Firewall *disabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Erwtje\Application Data\inst.exe c:\windows\system32\tmp.reg L:\Autorun.inf M:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))) . 2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\windows\system32\beidpp 2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\program files\Belgium Identity Card 2009-02-23 15:55 . 2009-02-23 17:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend 2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d-------- c:\program files\Uniblue 2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE} 2009-02-22 18:32 . 2009-02-22 18:32 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software 2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys 2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys 2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys 2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys 2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys 2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll 2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys 2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM 2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo 2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll 2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator 2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll 2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information 2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP 2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ 2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995 2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll 2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll 2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv 2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995 2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat 2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping 2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping 2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft 2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR 2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET 2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll 2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll 2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys 2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll 2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll 2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll 2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll 2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll 2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll 2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll 2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File 2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll 2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL 2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll 2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak 2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak 2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto 2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie 2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll 2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll 2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll 2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll 2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll 2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll 2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP 2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys 2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll 2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue 2009-02-22 22:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo 2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar 2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon 2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-02-19 21:57 --------- d-----w c:\program files\Canon 2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6 2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe 2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software 2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-11 23:08 --------- d-----w c:\program files\MSECache 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView 2009-01-13 14:44 --------- d-----w c:\program files\CCleaner 2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes 2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys 2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll 2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll 2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "vidc.mjpx"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk] path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk] backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk] backup=c:\windows\pss\Shrink Pic.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk] backup=c:\windows\pss\TransBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk] backup=c:\windows\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk] backup=c:\windows\pss\Y'z Shadow.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] --a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] --a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray] --a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go] -----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch] -ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC] --a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] --a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI] --a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE] --a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] --------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] --a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] --a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "LVCOMSer"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "FirebirdServerMAGIXInstance"=3 (0x3) "BsHelpCS"=3 (0x3) "BlueSoleilCS"=2 (0x2) "Apple Mobile Device"=2 (0x2) "a2free"=2 (0x2) "StarWindServiceAE"=2 (0x2) "TapiSrv"=3 (0x3) "Schedule"=2 (0x2) "LVPrcSrv"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\CCleaner\\ccleaner.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Piolet\\Piolet.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"= "c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"= "c:\\Program Files\\PrinterAnywhere\\paConsole.exe"= "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320] S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - GTNDIS5 *Deregistered* - ImapiService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmsrvc *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NMSAccessU *Deregistered* - nmservice *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - rpcapd *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - SCardSvr *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SoundMAX Agent Service (default) *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Uniblue DiskRescue *Deregistered* - WebClient *Deregistered* - WinDefend *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}] \Shell\AutoRun\command - H:\ClickMe.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb . Inhoud van de 'Gedeelde Taken' map 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-12-24 c:\windows\Tasks\At1.job - c:\windows\system32\3AA45Enp.exe [] 2008-10-11 c:\windows\Tasks\At10.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At11.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At12.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At13.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-23 c:\windows\Tasks\At14.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At15.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At16.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At17.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At18.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At19.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At2.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At20.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At21.job - c:\windows\system32\3AA45Enp.exe [] 2009-02-17 c:\windows\Tasks\At22.job - c:\windows\system32\3AA45Enp.exe [] 2009-02-17 c:\windows\Tasks\At23.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At24.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-25 c:\windows\Tasks\At3.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At4.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-24 c:\windows\Tasks\At5.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At6.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At7.job - c:\windows\system32\3AA45Enp.exe [] 2008-09-06 c:\windows\Tasks\At8.job - c:\windows\system32\3AA45Enp.exe [] 2008-10-11 c:\windows\Tasks\At9.job - c:\windows\system32\3AA45Enp.exe [] 2008-12-05 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart\RegistrySmart.exe [] 2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job - c:\program files\RegistrySmart [] 2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22] 2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-CamMonitor - f:\digital imaging\\Unload\hpqcmon.exe MSConfigStartUp-iTunesHelper - F:\iTunesHelper.exe MSConfigStartUp-PDFtypewriterPrinterMonitor - c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe MSConfigStartUp-Share-to-Web Namespace Daemon - f:\hp share-to-web\hpgs2wnd.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\support Trusted Zone: microsoft.com\www.update DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - . . ------- Bestandsassociaties ------- . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-23 18:41:31 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f, 62,68,66,68,00,00 "haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d, 6f,62,67,66,00,00 [HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4, 7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf, 1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5, 7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43, 97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8, 92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05, a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db, c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18, 06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba, 16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59, 8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a, a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65, ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] @DACL=(02 0012) @Denied: (Full) (Everyone) "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00, 00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-02-23 18:43:23 ComboFix-quarantined-files.txt 2009-02-23 17:43:20 ComboFix2.txt 2007-05-22 19:46:20 Pre-Run: 220.994.686.976 bytes beschikbaar Post-Run: 220,994,633,728 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7 567 --- E O F --- 2009-02-19 20:49:11

Beste Kape, heb vandaag al drie keer meegemaakt dat al mijn icoontjse in de werkbalk onderaan mijn scherm zijn verdwenen.Ook krijg ik dan (soms),de melding :"in explorer.exe is een fout opgetreden en moet worden afgesloten". Ik moet dan telkens via taakbeheer /nieuwe taak/explorer.exe intikken ,dan komt mijn bureaublad weer tevoorschijn maar mijnicoontjes niet .Ik moet dan manueel de werkbalk :"snelstarten" opnieuw aanvinken en dan zijn de icoontjes daar terug?????? Ps.heb ook nog een externe hd die is aangesloten aan mijn computer.Zou het mogelijk zijn dat vandaar ergens een trojan of ander virus kan optreden??? Raar maar waar?? MVG.Erwtje69

Goedemorgen Kape, behalve dat mijn pc bleef hangen op het xp logo toen ik hem deze morgend opstarte lijkt alles nu wel in orde.Met een druk op de reset knop kwam de computer terug helemaal tot leven. Doet er wel een tijdje over alvorens hij volledig is opgestart,maar dat is waarschijnlijk te wijten aan de vele geinstalleerde programma's op deze computer. Misschien een een herinstallatie overwegen van xp of er maar metteen vista er op ploffen misschien,maar kweet niet of twee GB ddr ram genoeg is daarvoor.heb dus nog geen ddr2 of drie in deze computer.Moederbord ondersteund dat trouwens niet . In ieder geval erg bedankt voor uw hulp.Als er terug problemen zouden opduiken dan weet ik nu waarheen ,he. Bedankt hoor. Mvg.erwtje69

Eigenaardig,eerst wilde deze pagina niet meer openen ,terwijl ik de logjes hier aan het invoegen was en nu blijken ze plots hier dubbel gepost te zijn????? Sorry hoor,maar hoe dat nu weerr kan weet ik ook niet meer?? MVg.Erwtje69

Hier ben ik dan met de gevraagde logjes .Alvast bedankt voor uw spontane hulp. Mvg.Erwtje69 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:51:26, on 22/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\WinPcap\rpcapd.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - F:\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 12362 bytes Hier is dan het logje van malwarebytes Malwarebytes' Anti-Malware 1.34 Database versie: 1794 Windows 5.1.2600 Service Pack 3 22/02/2009 23:45:54 mbam-log-2009-02-22 (23-45-54).txt Scan type: Snelle Scan Objecten gescand: 72526 Verstreken tijd: 3 minute(s), 37 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekayxtjcvka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACrdoexwkb.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:32, on 21/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: Download.minoc.com : Referer niet correct O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Erwtje\Mijn documenten\Mijn afbeeldingen\Congres Ooostende 2007\2007-09-15 16-07-09_0189.JPG -- End of file - 11634 bytes

Hallo,pancho, alvast bedankt voor de tip.deze werkt inderdaad goed voor internetpagina's en voor outlook,maar niet voor andere programmavensters.Welke vroeger geen prbleem was.Enig idee?? Alvast hartelijk bedankt voor uw hulp ,he Mvg.Erwtje69

hier ben ik dan met mijn tweede probleempje.heb dit in een niewe discussie gegoten ,maar weet niet of ik daar goed aan gedaan heb? Dus... wanneer ik gebruik maak van de opdracht msconfig in windows xp home servicepack 3 dan moet je na gebruik je computer normaal opnieuw opstarten en dan verschijnt nogmaals het venster :"hulpprogramma voor systeemconfiguratie".je kan vermijden dat dat zelfde venster bij elke opstart weer opduikt door onderaan dat venster een vinkje te plaatsen voor de tekst met zo iets van :dit venster niet meer tonen .........enz. vroeger werkte dit perfect,maar plotseling komt dit bij elke opstart weer tevoorschijn ook al staat dat aangevinkt,zelfs al ik alles in msconfig selecteer !!???? Wie weet raad?? Ps.dit gebeurt op mijn tweede computer met eveneens xp home servicepack3(maar deze staat op mijn slaapkamer,de andere in de living). 't is maar dat je na verloop van tijd zou gaan denken dat ik met een trojan opgezadeld zit. Mvg.Erwtje69

goedenavond,het is inderdaad een tijdje geleden dat ik hier nog eens iets gepost heb,maar nu heb ik plotseling twee probleempjes met mijn computer waarop xp home servicepack 3 is geinstalleerd. probleem 1: normaal kan je de venstergroote in windows bevriezen door linksboven in, gelijk welke pagina of softwareprogramma ,zoals Word of mijn emailprogramma,op het pictogram te klikken met rechts en tergelijkertijd de ctrl-toets in te drukken. Wanneer je dan de volgende keer het desbetreffende programma opnieuw opende ,onthoude windows die instelling. Nu doet ie dat helaas niet meer?? Waarom??iemand een idee?Kan ik dit oplossen via een registerinstelling? MVG.Erwtje69

heb dat bestand via beide aanbevoeln website's verstuurd ,maar krijg telkens zo iets van 0 byter received. Heb het nu nog eens via de mailfunctie verstuurd van virustotal.Dus effkes afwachten,zeker? Heb we even mijn firewall en virusscanner uitgeschakeld omdat ik dacht dat die het bestand tegenhouden omdat het een executable bestand is (.exe)en het missschien zo als virus word aaanzien Mvg .Erwtje69

beste Kape, Hier is eerst het logje van MBAM: En verder onderaan vindt je dan nog eens het hijackthis logje,ok? Malwarebytes' Anti-Malware 1.31 Database versie: 1577 Windows 5.1.2600 Service Pack 3 30/12/2008 14:38:57 mbam-log-2008-12-30 (14-38-57).txt Scan type: Snelle Scan Objecten gescand: 57479 Verstreken tijd: 9 minute(s), 49 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 6 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE\vbase.tmp (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227095313234.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081228160155968.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081229131121687.log (Rogue.Multiple) -> Quarantined and deleted successfully. Hijackthislogje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:09:52, on 30/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+ O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 8525 bytes Vraagje ?zie hier verwijzingen staan naar mijn nieuwe printer van Hp precisionscan . is dat bestand dan ook al besmet? T'is nog maar nen nieuwe (ongeveer één maand oud?? In ieder geval heel erg bedankt voor de reeds verkregen hulp van u,hoor. Hopelijk is er alles af wat er niet mocht op staan?? MVG.Erwtje69

nogmaals bedankt voor je snelle hulp,Kape. Ik stuur u zo snel mogelijk het gevraagde door. Mvg.Erwtje69

Goedenavond ,Erwtje69 hier voor de eeste keer . Ik heb hier een computerke dat nogal vreemd begint te doen en duidelijker trager is geworden ook. Ik vermoed dat er hier of daar ergens beestjes verscholen zitten Zijn er hier specilakisten die dit logje even kunnen evolueren en een passende oplossing kunnen vinden daarvoor?? Dank u wel. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:16:54, on 28/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+ O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7628 bytes

Geachte, Heb je dit al even geprobeerd?? Internet explorer afsluiten. Effe de stekker van je modem uit het stopkontakt halen voor minstens één minuutje. Stekker weer in stopkontakt pluggen en Internet explorer weer opstarten. Dit kan ,(soms ) ,je probleem verhelpen.Hopelijk veel succes. Mvg.Erwtje69