Erwtje69
-
Items
24 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Erwtje69
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:25, on 2/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8160 bytes
-
Ok ,Fake,
heb alle punten overlopen en met succes uitgevoerd.
Alles ziet er nog goed uit.
Nogmaals bedankt voor uw hulp vanwege Erwtje69.
Ps:
U mag van mij deze discussie als :"opgelost" publiceren,hoor. Bye
-
Ziet er tot nu toe allemaal goed uit,Fake.
Hopelijk blijft deze computer zich nu een tijdje deftig gedragen,he.
Alvast hartelijk dank voor al die spontane hulp.
Eingelijk zou ik dat ook wel willen kunnen ,ik bedoel dat werken met combo-fix ,Hijackthis logjes ontleden,enz.
Maar waar leer je nu zo iets ,he??
Geen idee van.
U wel???
Enfin,nogmaal bedankt,hoor.
Mvg.Erwtje69
-
Fake,
ik heb ontdekt dat wanneer ik beide logjes elk appart op deze site post,dat dat geen problemen geeft.
Wanneer ik ze beiden terzelfdertijd ,dus in één -en dezelfde post, hier post,ik steevast de melding :"de pagina kan niet weergegeven worden" ,krijg ,waarschijnlijk omdat de time -out telkens is verstreken,want het duurt een tijdje alvorens die pagina met die foutmelding op de proppen komt.
Of is er hier een limiet ingesteld qua groote van geposte bestanden??
Alvast bedankt.
Ben al blij dat het mij na drie of vier keer proberen te posten het mij uiteindelijk toch weer gelukt is.
mvg.Erwtje69
-
ComboFix 09-02-21.01 - Erwtje 2009-02-24 13:21:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1503 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Erwtje\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Trend Micro Personal Firewall *disabled*
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat
c:\windows\system32\3AA45Enp.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\wpd99.drv
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2
C:\RECYCLER(3)
c:\recycler(3)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2
c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\wpd99.drv
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))))
.
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue
2009-02-23 21:33 . 2009-02-24 13:19 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software
2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card
2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}
2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys
2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys
2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys
2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys
2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll
2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys
2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM
2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo
2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll
2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator
2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll
2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information
2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP
2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995
2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll
2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll
2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995
2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping
2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft
2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR
2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET
2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll
2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys
2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll
2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll
2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll
2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll
2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll
2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll
2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll
2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File
2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll
2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL
2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak
2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak
2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto
2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie
2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll
2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll
2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll
2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll
2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-23 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys
2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll
2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue
2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo
2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar
2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon
2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-02-19 21:57 --------- d-----w c:\program files\Canon
2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6
2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software
2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 23:08 --------- d-----w c:\program files\MSECache
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView
2009-01-13 14:44 --------- d-----w c:\program files\CCleaner
2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes
2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys
2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll
2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-23_21.50.22.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-23 20:40:02 60,760 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-24 08:52:17 60,760 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-23 20:40:02 79,912 ----a-w c:\windows\system32\perfc013.dat
+ 2009-02-24 08:52:17 79,912 ----a-w c:\windows\system32\perfc013.dat
- 2009-02-23 20:40:02 400,600 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-24 08:52:17 400,600 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-23 20:40:02 465,120 ----a-w c:\windows\system32\perfh013.dat
+ 2009-02-24 08:52:17 465,120 ----a-w c:\windows\system32\perfh013.dat
+ 2009-02-24 08:47:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_618.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.ACDV"= ACDV.dll
"msacm.l3codec"= l3codecp.acm
"vidc.mjpx"= Pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]
path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
f:\digital imaging\\Unload\hpqcmon.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
F:\iTunesHelper.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor]
c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]
--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
f:\hp share-to-web\hpgs2wnd.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=
"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]
R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]
S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmsrvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - nmservice
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - rpcapd
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Uniblue DiskRescue
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - WMP54Gv4SVC
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Inhoud van de 'Gedeelde Taken' map
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-05 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]
2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www.update
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 13:23:56
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,
62,68,66,68,00,00
"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,
6f,62,67,66,00,00
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,
7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,
1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,
7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,
97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,
92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,
a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,
c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,
06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,
16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,
8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,
a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,
ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@DACL=(02 0012)
@Denied: (Full) (Everyone)
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,
00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-24 13:25:43
ComboFix-quarantined-files.txt 2009-02-24 12:25:41
ComboFix2.txt 2009-02-23 21:28:59
ComboFix3.txt 2009-02-23 20:51:35
ComboFix4.txt 2009-02-23 17:43:24
ComboFix5.txt 2009-02-24 12:21:19
Pre-Run: 220.624.482.304 bytes beschikbaar
Post-Run: 220,602,757,120 bytes beschikbaar
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
561 --- E O F --- 2009-02-19 20:49:11
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:55, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - F:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 12424 bytes
-
Dat is geen probleem voor mij,Fake.
Hopelijk kan jij het oplossen .Doe maar rustig aan hoor.
Heb nog een desktop met xp home servicepack 3 en een Dell laptop met vista premium erop in geval van nood.
Nog een goed nacht toegewenst vanwege,
Mvg .erwtje69
-
Ik snap hier echt niks meer van,he Fake.
telkens ik hier het combofix logje wilde publiceren ,ging de webbrowser zo traag dat ik telkens de volgende foutmelding kreeg:"de pagina kan niet weergegeven worden."Ik mocht doen wat ik wilde ik geraakte niet meer op deze discussie,wel op de website,maar het geplakte logje draaide telkens uit op een foutmelding.Nu blijkt dat het hier ettelijke keren toch gepost is???
Nu kan ik niet meer volgen,zulle.Erzit hier ergens een serieuze trojan of zo verscholen volgens mij.Nu is ook plotseling mijn werkbalk dubbel zo groot geworden zonder dat ik ook maar iets gewijzigd heb??
Help!!
-
Amaai,dat verliep hier niet van een leien dakje ,Fake.Ik kon zelfs geen verbinding meer maken hier op deze website.Ik kon wel het logje plakken maar tijdens het doorsturen kreeg ik telkens:"kan de pagina niet weergeven????????
Hopelijk is het nu gelukt
MVG.Erwtje69
ComboFix 09-02-21.01 - Erwtje 2009-02-23 21:47:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1501 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Trend Micro Personal Firewall *disabled*
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Erwtje\Application Data\inst.exe
c:\windows\system32\tmp.reg
L:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))))
.
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software
2009-02-23 21:27 . 2009-02-23 21:33 <DIR> d--hs---- C:\RECYCLER(3)
2009-02-23 21:17 . 2009-02-23 21:33 <DIR> d-------- C:\RECYCLER(2)
2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card
2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}
2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys
2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys
2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys
2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys
2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll
2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys
2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM
2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo
2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll
2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator
2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll
2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information
2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP
2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995
2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll
2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll
2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv
2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995
2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat
2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping
2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft
2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR
2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET
2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll
2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys
2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll
2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll
2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll
2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll
2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll
2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll
2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll
2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File
2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll
2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL
2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak
2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak
2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto
2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie
2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll
2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll
2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll
2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll
2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys
2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll
2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue
2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo
2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar
2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon
2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-02-19 21:57 --------- d-----w c:\program files\Canon
2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6
2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software
2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 23:08 --------- d-----w c:\program files\MSECache
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView
2009-01-13 14:44 --------- d-----w c:\program files\CCleaner
2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes
2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys
2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll
2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.ACDV"= ACDV.dll
"msacm.l3codec"= l3codecp.acm
"vidc.mjpx"= Pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]
path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
f:\digital imaging\\Unload\hpqcmon.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
F:\iTunesHelper.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor]
c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]
--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
f:\hp share-to-web\hpgs2wnd.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=
"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]
R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]
S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmsrvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - nmservice
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - rpcapd
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Uniblue DiskRescue
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - WMP54Gv4SVC
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}]
\Shell\AutoRun\command - H:\ClickMe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Inhoud van de 'Gedeelde Taken' map
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-24 c:\windows\Tasks\At1.job
- c:\windows\system32\3AA45Enp.exe []
2008-10-11 c:\windows\Tasks\At10.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At11.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At12.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At13.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At14.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At15.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At16.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At17.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At18.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At19.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At2.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At20.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At21.job
- c:\windows\system32\3AA45Enp.exe []
2009-02-17 c:\windows\Tasks\At22.job
- c:\windows\system32\3AA45Enp.exe []
2009-02-17 c:\windows\Tasks\At23.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At24.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At3.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At4.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At5.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At6.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At7.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At8.job
- c:\windows\system32\3AA45Enp.exe []
2008-10-11 c:\windows\Tasks\At9.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-05 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]
2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www.update
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
.
------- Bestandsassociaties -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 21:49:46
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,
62,68,66,68,00,00
"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,
6f,62,67,66,00,00
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,
7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,
1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,
7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,
97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,
92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,
a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,
c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,
06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,
16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,
8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,
a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,
ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@DACL=(02 0012)
@Denied: (Full) (Everyone)
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,
00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-23 21:51:34
ComboFix-quarantined-files.txt 2009-02-23 20:51:31
ComboFix2.txt 2009-02-23 17:43:24
ComboFix3.txt 2007-05-22 19:46:20
Pre-Run: 220,685,168,640 bytes beschikbaar
Post-Run: 220,614,356,992 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
570 --- E O F --- 2009-02-19 20:49:11
-
ComboFix 09-02-21.01 - Erwtje 2009-02-23 18:39:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2048.1403 [GMT 1:00]
Gestart vanuit: m:\mijn setup's\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Trend Micro Personal Firewall *disabled*
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Erwtje\Application Data\inst.exe
c:\windows\system32\tmp.reg
L:\Autorun.inf
M:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))))
.
2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\windows\system32\beidpp
2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\program files\Belgium Identity Card
2009-02-23 15:55 . 2009-02-23 17:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend
2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d-------- c:\program files\Uniblue
2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}
2009-02-22 18:32 . 2009-02-22 18:32 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software
2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys
2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys
2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys
2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys
2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll
2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys
2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM
2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo
2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll
2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator
2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll
2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information
2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP
2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995
2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll
2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll
2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv
2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995
2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat
2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping
2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping
2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft
2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR
2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET
2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll
2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll
2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys
2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll
2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll
2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll
2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll
2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll
2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll
2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll
2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File
2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll
2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL
2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak
2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak
2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto
2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie
2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll
2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll
2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll
2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll
2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP
2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys
2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll
2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue
2009-02-22 22:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo
2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar
2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon
2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-02-19 21:57 --------- d-----w c:\program files\Canon
2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6
2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software
2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 23:08 --------- d-----w c:\program files\MSECache
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView
2009-01-13 14:44 --------- d-----w c:\program files\CCleaner
2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes
2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys
2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll
2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll
2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.ACDV"= ACDV.dll
"msacm.l3codec"= l3codecp.acm
"vidc.mjpx"= Pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]
path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]
--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=
"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]
R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]
S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - GTNDIS5
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmsrvc
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - nmservice
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - rpcapd
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Uniblue DiskRescue
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - WMP54Gv4SVC
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}]
\Shell\AutoRun\command - H:\ClickMe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Inhoud van de 'Gedeelde Taken' map
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-24 c:\windows\Tasks\At1.job
- c:\windows\system32\3AA45Enp.exe []
2008-10-11 c:\windows\Tasks\At10.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At11.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At12.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At13.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-23 c:\windows\Tasks\At14.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At15.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At16.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At17.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At18.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At19.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At2.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At20.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At21.job
- c:\windows\system32\3AA45Enp.exe []
2009-02-17 c:\windows\Tasks\At22.job
- c:\windows\system32\3AA45Enp.exe []
2009-02-17 c:\windows\Tasks\At23.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At24.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-25 c:\windows\Tasks\At3.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At4.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-24 c:\windows\Tasks\At5.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At6.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At7.job
- c:\windows\system32\3AA45Enp.exe []
2008-09-06 c:\windows\Tasks\At8.job
- c:\windows\system32\3AA45Enp.exe []
2008-10-11 c:\windows\Tasks\At9.job
- c:\windows\system32\3AA45Enp.exe []
2008-12-05 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]
2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-CamMonitor - f:\digital imaging\\Unload\hpqcmon.exe
MSConfigStartUp-iTunesHelper - F:\iTunesHelper.exe
MSConfigStartUp-PDFtypewriterPrinterMonitor - c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - f:\hp share-to-web\hpgs2wnd.exe
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www.update
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
.
------- Bestandsassociaties -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 18:41:31
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,
62,68,66,68,00,00
"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,
6f,62,67,66,00,00
[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,
7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,
1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,
7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,
97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,
92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,
a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,
c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,
06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,
16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,
8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,
a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,
ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@DACL=(02 0012)
@Denied: (Full) (Everyone)
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,
00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-23 18:43:23
ComboFix-quarantined-files.txt 2009-02-23 17:43:20
ComboFix2.txt 2007-05-22 19:46:20
Pre-Run: 220.994.686.976 bytes beschikbaar
Post-Run: 220,994,633,728 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
567 --- E O F --- 2009-02-19 20:49:11
-
Beste Kape,
heb vandaag al drie keer meegemaakt dat al mijn icoontjse in de werkbalk onderaan mijn scherm zijn verdwenen.Ook krijg ik dan (soms),de melding :"in explorer.exe is een fout opgetreden en moet worden afgesloten".
Ik moet dan telkens via taakbeheer /nieuwe taak/explorer.exe intikken ,dan komt mijn bureaublad weer tevoorschijn maar mijnicoontjes niet .Ik moet dan manueel de werkbalk :"snelstarten" opnieuw aanvinken en dan zijn de icoontjes daar terug??????
Ps.heb ook nog een externe hd die is aangesloten aan mijn computer.Zou het mogelijk zijn dat vandaar ergens een trojan of ander virus kan optreden???
Raar maar waar??
MVG.Erwtje69
-
Goedemorgen Kape,
behalve dat mijn pc bleef hangen op het xp logo toen ik hem deze morgend opstarte lijkt alles nu wel in orde.Met een druk op de reset knop kwam de computer terug helemaal tot leven.
Doet er wel een tijdje over alvorens hij volledig is opgestart,maar dat is waarschijnlijk te wijten aan de vele geinstalleerde programma's op deze computer.
Misschien een een herinstallatie overwegen van xp of er maar metteen vista er op ploffen misschien,maar kweet niet of twee GB ddr ram genoeg is daarvoor.heb dus nog geen ddr2 of drie in deze computer.Moederbord ondersteund dat trouwens niet .
In ieder geval erg bedankt voor uw hulp.Als er terug problemen zouden opduiken dan weet ik nu waarheen ,he.
Bedankt hoor.
Mvg.erwtje69
-
Eigenaardig,eerst wilde deze pagina niet meer openen ,terwijl ik de logjes hier aan het invoegen was en nu blijken ze plots hier dubbel gepost te zijn?????
Sorry hoor,maar hoe dat nu weerr kan weet ik ook niet meer??
MVg.Erwtje69
-
Hier ben ik dan met de gevraagde logjes .Alvast bedankt voor uw spontane hulp.
Mvg.Erwtje69
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:26, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - F:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 12362 bytes
Hier is dan het logje van malwarebytes
Malwarebytes' Anti-Malware 1.34
Database versie: 1794
Windows 5.1.2600 Service Pack 3
22/02/2009 23:45:54
mbam-log-2009-02-22 (23-45-54).txt
Scan type: Snelle Scan
Objecten gescand: 72526
Verstreken tijd: 3 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 3
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekayxtjcvka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACrdoexwkb.sys (Trojan.Agent) -> Quarantined and deleted successfully.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:32, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: Download.minoc.com : Referer niet correct
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Erwtje\Mijn documenten\Mijn afbeeldingen\Congres Ooostende 2007\2007-09-15 16-07-09_0189.JPG
--
End of file - 11634 bytes
-
Hallo,pancho,
alvast bedankt voor de tip.deze werkt inderdaad goed voor internetpagina's en voor outlook,maar niet voor andere programmavensters.Welke vroeger geen prbleem was.Enig idee??
Alvast hartelijk bedankt voor uw hulp ,he
Mvg.Erwtje69
-
hier ben ik dan met mijn tweede probleempje.heb dit in een niewe discussie gegoten ,maar weet niet of ik daar goed aan gedaan heb?
Dus... wanneer ik gebruik maak van de opdracht msconfig in windows xp home servicepack 3 dan moet je na gebruik je computer normaal opnieuw opstarten en dan verschijnt nogmaals het venster :"hulpprogramma voor systeemconfiguratie".je kan vermijden dat dat zelfde venster bij elke opstart weer opduikt door onderaan dat venster een vinkje te plaatsen voor de tekst met zo iets van :dit venster niet meer tonen .........enz.
vroeger werkte dit perfect,maar plotseling komt dit bij elke opstart weer tevoorschijn ook al staat dat aangevinkt,zelfs al ik alles in msconfig selecteer !!????
Wie weet raad??
Ps.dit gebeurt op mijn tweede computer met eveneens xp home servicepack3(maar deze staat op mijn slaapkamer,de andere in de living).
't is maar dat je na verloop van tijd zou gaan denken dat ik met een trojan opgezadeld zit.
Mvg.Erwtje69
-
goedenavond,het is inderdaad een tijdje geleden dat ik hier nog eens iets gepost heb,maar nu heb ik plotseling twee probleempjes met mijn computer waarop xp home servicepack 3 is geinstalleerd.
probleem 1:
normaal kan je de venstergroote in windows bevriezen door linksboven in, gelijk welke pagina of softwareprogramma ,zoals Word of mijn emailprogramma,op het pictogram te klikken met rechts en tergelijkertijd de ctrl-toets in te drukken.
Wanneer je dan de volgende keer het desbetreffende programma opnieuw opende ,onthoude windows die instelling.
Nu doet ie dat helaas niet meer??
Waarom??iemand een idee?Kan ik dit oplossen via een registerinstelling?
MVG.Erwtje69
-
heb dat bestand via beide aanbevoeln website's verstuurd ,maar krijg telkens zo iets van 0 byter received.
Heb het nu nog eens via de mailfunctie verstuurd van virustotal.Dus effkes afwachten,zeker?
Heb we even mijn firewall en virusscanner uitgeschakeld omdat ik dacht dat die het bestand tegenhouden omdat het een executable bestand is (.exe)en het missschien zo als virus word aaanzien
Mvg .Erwtje69
-
beste Kape,
Hier is eerst het logje van MBAM:
En verder onderaan vindt je dan nog eens het hijackthis logje,ok?
Malwarebytes' Anti-Malware 1.31
Database versie: 1577
Windows 5.1.2600 Service Pack 3
30/12/2008 14:38:57
mbam-log-2008-12-30 (14-38-57).txt
Scan type: Snelle Scan
Objecten gescand: 57479
Verstreken tijd: 9 minute(s), 49 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 6
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE\vbase.tmp (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227095313234.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081228160155968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081229131121687.log (Rogue.Multiple) -> Quarantined and deleted successfully.
Hijackthislogje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:52, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 8525 bytes
Vraagje ?zie hier verwijzingen staan naar mijn nieuwe printer van Hp precisionscan .
is dat bestand dan ook al besmet? T'is nog maar nen nieuwe (ongeveer één maand oud??
In ieder geval heel erg bedankt voor de reeds verkregen hulp van u,hoor.
Hopelijk is er alles af wat er niet mocht op staan??
MVG.Erwtje69
-
nogmaals bedankt voor je snelle hulp,Kape.
Ik stuur u zo snel mogelijk het gevraagde door.
Mvg.Erwtje69
-
Goedenavond ,Erwtje69 hier voor de eeste keer .
Ik heb hier een computerke dat nogal vreemd begint te doen en duidelijker trager is geworden ook.
Ik vermoed dat er hier of daar ergens beestjes verscholen zitten
Zijn er hier specilakisten die dit logje even kunnen evolueren en een passende oplossing kunnen vinden daarvoor??
Dank u wel.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:54, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita portaal | Nieuws | Entertainment | Lifestyle | Fun | Business
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [update 3400C] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 3400C+
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%20Twist/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7628 bytes
-
Geachte,
Heb je dit al even geprobeerd??
Internet explorer afsluiten.
Effe de stekker van je modem uit het stopkontakt halen voor minstens één minuutje.
Stekker weer in stopkontakt pluggen en Internet explorer weer opstarten.
Dit kan ,(soms ) ,je probleem verhelpen.Hopelijk veel succes.
Mvg.Erwtje69
[OPGELOST] Kan er iemand op dit forum even mijn hijackthis logje onder de loep nemen
in Archief Bestrijding malware & virussen
Geplaatst:
Behalve dat dat venster voor systeemconfiguratie hier elke keer op het scherm staat bij het opstarten van deze pc ,is alle ok,Fake.
Ook al staat er een vinkje bij :dit scherm de volgend keer niet meer tonen...of zo iets indien aard,toch komt het bij elke opstart te voorschijn,zelfs al is alles aangevinkt om mee op te starten.
Dit is namelijk mijn tweede desktop computer die hier op mijn slaapkamer staat.
De computer die dmv.uw hulp ,verleden week in orde is gebracht is nog altijd dik in orde,Fake.
MVg.Erwtje69