foane
-
Items
5 -
Registratiedatum
-
Laatst bezocht
foane's prestaties
-
virus stability analysis report
foane reageerde op foane's topic in Archief Bestrijding malware & virussen
Het voornoemd probleem blijft nog altijd bestaan, niettegenstaande voorgaande procedure die gevolgd werd. Hier bijgevoegd ook de log. Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 25/01/2012 14:17:24 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 25/01/2012 14:17:56 c:\windows\system32\fonts Ontdekt: Trace.Directory.IamBigBrother!A2 c:\documents and settings\administrator\bureaublad\Check PC For Errors.lnk Ontdekt: Trace.File.Registry Cleaner 4.0!A2 C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\XSandbox\2008.10.18T20.49\Virtual\STUBEXE\@PROGRAMFILES@\Nero 9\Nero Burning ROM\patchToExpress.exe Ontdekt: Riskware.patch.Nero!IK C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\TEMP\01CCD6BA39FCCB12 Ontdekt: Trojan-Downloader.Win32.Karagany!IK C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\TEMP\01CCD6BA3BFFC702 Ontdekt: Trojan-Downloader.Win32.Karagany!IK C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0126406.exe Ontdekt: Trojan.Win32.FakeSysdef!IK C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0126407.exe Ontdekt: Trojan.Win32.FakeSysdef!IK D:\photoshop-cratief2010\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/keygen.exe Ontdekt: Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/CORE10k.EXE Ontdekt: Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\cp corry van iseghem\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/keygen.exe Ontdekt: Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\cp corry van iseghem\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/CORE10k.EXE Ontdekt: Trojan-Downloader.Exchanger!IK D:\programma's\Acronis Disk Director Suite v10.0.0.2089\Keygen.exe Ontdekt: Riskware.Keygen.Acronis!IK D:\programma's\XP_PRO_SP2\$OEM$\$$\System32\cmdow.exe Ontdekt: Riskware.RiskTool.Win32.HideWindows!IK D:\programma's\XP_PRO_SP2\I386\SVCPACK\BASEBALL2525S_WINRAR3.62_ADDON.EXE Ontdekt: Riskware.Crack.WinRAR!IK D:\programma's\[Rs_Dlf] Adobe Creative Suite 3\Adobe CS3 Design Premium Keygen.exe Ontdekt: Riskware.Keygen.Adobe!IK D:\programma's\[Rs_Dlf] Adobe Creative Suite 3\CS3DESIGN_NL\Keygen CS3 NL\Adobe CS3 Design Premium Keygen.exe Ontdekt: Riskware.Keygen.Adobe!IK Gescand Bestanden: 363915 Sporen: 404020 Cookies: 40 Processen: 41 Gevonden Bestanden: 14 Sporen: 2 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 25/01/2012 16:49:58 Scantijd: 2:32:02 D:\programma's\[Rs_Dlf] Adobe Creative Suite 3\Adobe CS3 Design Premium Keygen.exe Verwijderd Riskware.Keygen.Adobe!IK D:\programma's\[Rs_Dlf] Adobe Creative Suite 3\CS3DESIGN_NL\Keygen CS3 NL\Adobe CS3 Design Premium Keygen.exe Verwijderd Riskware.Keygen.Adobe!IK D:\programma's\XP_PRO_SP2\I386\SVCPACK\BASEBALL2525S_WINRAR3.62_ADDON.EXE Verwijderd Riskware.Crack.WinRAR!IK D:\programma's\XP_PRO_SP2\$OEM$\$$\System32\cmdow.exe Verwijderd Riskware.RiskTool.Win32.HideWindows!IK D:\programma's\Acronis Disk Director Suite v10.0.0.2089\Keygen.exe Verwijderd Riskware.Keygen.Acronis!IK D:\photoshop-cratief2010\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/keygen.exe Verwijderd Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/CORE10k.EXE Verwijderd Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\cp corry van iseghem\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/keygen.exe Verwijderd Trojan-Downloader.Exchanger!IK D:\photoshop-cratief2010\cp corry van iseghem\C PROBLEMEN\04 Ruis\ruis filters\reserve\topaz denoise\Topaz.Denoise.5.0.0-Win.rar/CORE10k.EXE Verwijderd Trojan-Downloader.Exchanger!IK C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0126406.exe Verwijderd Trojan.Win32.FakeSysdef!IK C:\System Volume Information\_restore{03FC1E3F-6BED-4081-9D0A-983C1DFF58B7}\RP784\A0126407.exe Verwijderd Trojan.Win32.FakeSysdef!IK C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\TEMP\01CCD6BA39FCCB12 Verwijderd Trojan-Downloader.Win32.Karagany!IK C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\TEMP\01CCD6BA3BFFC702 Verwijderd Trojan-Downloader.Win32.Karagany!IK C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode\XSandbox\2008.10.18T20.49\Virtual\STUBEXE\@PROGRAMFILES@\Nero 9\Nero Burning ROM\patchToExpress.exe Verwijderd Riskware.patch.Nero!IK c:\documents and settings\administrator\bureaublad\Check PC For Errors.lnk Verwijderd Trace.File.Registry Cleaner 4.0!A2 c:\windows\system32\fonts Verwijderd Trace.Directory.IamBigBrother!A2 Verwijderd Bestanden: 14 Sporen: 2 Cookies: 0 -
virus stability analysis report
foane reageerde op foane's topic in Archief Bestrijding malware & virussen
Alles zoals gevraagd met unhide.exe nog eens laten lopen. Ik kreeg ook de voorgaande melding, er stond echter bij als bij Start > programma's alles onzichtbaar bleef, ik alles nog eens moest overdoen maar dan met de antivirus uitgeschakeld. Dus nog eens overgedaan op die wijze, maar er is geen verandering merkbaar. Zijn er nog andere mogelijkheden ? -
virus stability analysis report
foane reageerde op foane's topic in Archief Bestrijding malware & virussen
Beste Kape, ondertussen ook combofix laten lopen. Het is wel nog altijd zo dat onder start > programma's , heel wat mappen (leeg) staan. Zie voorbeeld dat ik meerstuur. Als ik vb naar start > programma's > Bureau-accessoires > systeemwerkset ga staan alle deelmappen als (leeg). Ik kan dus niet via de logische weg een schijfdefragmentatie doen. ComboFix 12-01-23.02 - Administrator 24/01/2012 17:51:03.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3567.3134 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe C:\Thumbs.db c:\windows\iun6002.exe c:\windows\system32\SET4C.tmp c:\windows\system32\SET4E.tmp c:\windows\system32\SET5A.tmp c:\windows\system32\Thumbs.db c:\windows\system32\UNWISE.EXE c:\windows\$NtUninstallKB12803$\883095202 . . . . konden niet verwijderd worden . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_.cdrom . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))) . . 2012-01-23 21:46 . 2012-01-24 16:27 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2012-01-23 21:10 . 2012-01-23 21:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-01-23 21:09 . 2012-01-23 21:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-23 21:09 . 2012-01-23 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-23 21:09 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-23 18:15 . 2012-01-23 18:15 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-23 18:15 . 2012-01-23 18:15 -------- d-----w- c:\program files\Trend Micro 2012-01-19 22:23 . 2012-01-19 22:23 -------- d-----w- c:\windows\system32\GroupPolicy . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-11-16 17:12 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2008-10-22 18:21 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-06-16 15:57 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2008-10-22 18:21 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2008-10-22 18:21 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2008-10-22 18:21 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2008-10-22 18:21 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2008-10-22 18:21 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2008-10-22 18:21 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2008-10-22 18:21 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2004-08-04 08:03 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2004-08-04 07:56 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-08-04 08:03 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-03 15:29 . 2004-08-04 08:03 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2004-08-04 08:03 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2004-08-04 08:03 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:37 . 2004-08-04 08:03 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:37 . 2004-08-04 08:03 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:37 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:37 . 2004-08-04 08:03 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:32 . 2004-08-04 08:03 33280 ----a-w- c:\windows\system32\csrsrv.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408] "RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2010-11-19 2562944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8466432] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-12-27 1544099] "TrueImageMonitor.exe"="c:\program files\Easy Computing\True Image\TrueImageMonitor.exe" [2006-02-08 1009390] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-02-08 118784] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ExtraFilmManager"="c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/01/2009 17:43 717296] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/06/2011 16:57 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/10/2008 19:21 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/10/2008 19:21 20568] R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 20:18 36864] R2 Porttalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [13/06/2007 11:41 3567] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [15/02/2009 15:44 2749224] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2008 14:53 36608] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15/02/2009 15:44 15656] S2 gupdate1ca2be2d7a3974a;Google Updateservice (gupdate1ca2be2d7a3974a);c:\program files\Google\Update\GoogleUpdate.exe [2/09/2009 16:34 133104] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/09/2009 16:34 133104] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-CAD1-Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-22 01:44] . 2012-01-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 11:48] . 2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 15:34] . 2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 15:34] . 2012-01-24 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ig?hl=nl uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=smb&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 192.168.123.1 DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-AdobeBridge - (no file) AddRemove-3D Shadow by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE AddRemove-ISPMonitor - c:\windows\iun6002.exe AddRemove-FoxTab PDF Creator - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-24 18:21 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3413962157-3143466078-2184835557-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F00E8027-7F06-635B-4780-F5CF3A89A7BE}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iapfinbbmajmkolahb"=hex:6b,61,6c,6b,6b,6c,6a,67,69,63,6e,6a,6a,6c,6a,63,70,68, 6e,66,63,6a,00,00 "hafhocomcofilile"=hex:6b,61,6c,6b,66,6b,69,6e,6f,62,66,70,64,61,66,65,6d,6b, 6b,69,63,67,00,00 "haeonmlkpgpjigmo"=hex:61,63,66,6c,65,70,68,68,68,63,70,6d,63,6b,66,63,6c,65, 64,62,6a,6f,68,6c,6e,66,6a,70,61,65,6f,69,68,63,70,6b,61,6c,62,62,6d,66,6b,\ . [HKEY_USERS\S-1-5-21-3413962157-3143466078-2184835557-500\Software\SecuROM\License information*] "datasecu"=hex:c6,02,df,94,cf,b7,95,e4,5b,bd,69,3a,07,cb,21,6f,66,35,34,2e,d6, 49,41,2d,9d,c0,d6,7c,cd,29,37,61,df,47,24,56,32,48,17,b9,62,28,f3,05,2b,aa,\ "rkeysecu"=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F00E8027-7F06-635B-4780-F5CF3A89A7BE}\InProcServer32*] "jajfnclejhlcpmiclpip"=hex:6b,61,6c,6b,6b,6c,6a,67,69,63,6e,6a,6a,6c,6a,63,70, 68,6e,66,63,6a,00,00 "iajfdnnnojgfgefaep"=hex:6b,61,6c,6b,66,6b,69,6e,6f,62,66,70,64,61,66,65,6d,6b, 6b,69,63,67,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(980) c:\windows\system32\relog_ap.dll . - - - - - - - > 'explorer.exe'(2644) c:\program files\ScanSoft\OmniPageSE\ophook32.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\WTablet\Wacom_TabletUser.exe c:\program files\Canon\CAL\CALMAIN.exe . ************************************************************************** . Voltooingstijd: 2012-01-24 18:28:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-24 17:28 . Pre-Run: 225.192.288.256 bytes beschikbaar Post-Run: 225.781.411.840 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - C3D8EB4E1ACD760E96DA381995EDFFEA
-
virus stability analysis report
foane reageerde op foane's topic in Archief Bestrijding malware & virussen
Bedankt Kape, er verscheen inderdaad een venster met "your files should now be visible". Als ik kijk onder Start > Programma's , dan zijn al die programma's als het ware verdwenen. Hieronder nog een mbam log en een hjt log. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.23.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Administrator :: CAD1 [administrator] 23/01/2012 22:11:28 mbam-log-2012-01-23 (22-11-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 183807 Time elapsed: 8 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 3 C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:23:02, on 23/01/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP | MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232874092953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232874080453 O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1ca2be2d7a3974a) (gupdate1ca2be2d7a3974a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe -- End of file - 11524 bytes -
Geachte, 2 dagen geleden een virus binnengehaald, via antivirus grotendeels hersteld. Toch nog enkele vervelende zaken, zoals bepaalde mappen die onzichtbaar staan. Ik kan ook niet meer aan systeemherstel, alle snelkoppelingen op bureaublad verdwenen....etc. Ik post een hjt-log, misschien kan ik geholpen worden. Dank, foane Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:18:48, on 23/01/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP | MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Easy Computing\True Image\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232874092953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232874080453 O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1ca2be2d7a3974a) (gupdate1ca2be2d7a3974a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe -- End of file - 11768 bytes
