Ga naar inhoud

marianjohn

Lid
  • Items

    31
  • Registratiedatum

  • Laatst bezocht

Over marianjohn

  • Verjaardag 22-08-1963

marianjohn's prestaties

  1. Generated by Piriform Speccy v1.05.183 06 Oct 2010 @ 18:35 Summary Operating System MS Windows XP Home 32-bit SP3 CPU AMD Athlon XP Barton 0.13um Technology RAM 512MB DDR @ 135MHz (2-3-3-6) Motherboard http://www.abit.com.tw/ KV7(VIA KT600-8237) (Socket 7) Graphics Standaardbeeldscherm @ 1024x768 64MB NVIDIA GeForce4 MX 440 with AGP8X (Undefined) Hard Drives 80GB Maxtor Maxtor 6Y080L0 (IDE): 44 °C Optical Drives E-IDE CD -952E/AKV Audio Logitech Microphone (Pro 4000) Operating System MS Windows XP Home 32-bit SP3 Installation Date: 28 December 2008, 14:48 CPU AMD Athlon XP Cores: 1 Threads: 1 Name: AMD Athlon XP Code Name: Barton Package: Socket A (462) Technology: 0.13um Specification: AMD Athlon Family: 6 Extended Family: 7 Model: A Extended Model: A Stepping: 0 Instructions: MMX (+), 3DNow! (+), SSE Bus Speed: 102.4 MHz Rated Bus Speed: 204.9 MHz Caches L1 Data Cache Size: 64 KBytes L1 Instructions Cache Size: 64 KBytes L2 Unified Cache Size: 512 KBytes Core 0 Core Speed: 1177.9 MHz Multiplier: x 11.5 Bus Speed: 102.4 MHz Rated Bus Speed: 204.9 MHz Thread 1 APIC ID: 0 RAM Memory slots Total memory slots: 4 Used memory slots: 1 Free memory slots: 3 Memory Type: DDR Size: 512 MBytes DRAM Frequency: 135.8 MHz CAS# Latency (CL): 2 clocks RAS# to CAS# Delay (tRCD): 3 clocks RAS# Precharge (tRP): 3 clocks Cycle Time (tRAS): 6 clocks SPD Number Of SPD Modules: 1 Slot #1 Type: DDR Size: 512 MBytes Manufacturer: Kingston Max Bandwidth: PC2700 (166 MHz) Part Number: K Serial Number: 6919A95B Week/year: 45 / 01 SPD Ext.: EPP JEDEC #2 Frequency: 166.7 MHz CAS# Latency: 2.5 RAS# To CAS#: 4 RAS# Precharge: 4 tRAS: 8 Voltage: 2.500 V JEDEC #1 Frequency: 133.3 MHz CAS# Latency: 2.0 RAS# To CAS#: 3 RAS# Precharge: 3 tRAS: 6 Voltage: 2.500 V Motherboard Manufacturer: http://www.abit.com.tw/ Model: KV7(VIA KT600-8237) Chipset Vendor:VIA Chipset Model: KT600 Chipset Revision: 80 Southbridge Vendor: VIA Southbridge Model: VT8237 Southbridge Revision: 00 BIOS Brand: Phoenix Technologies, LTD Version: 6.00 PG Date: 08/05/2003 Graphics Monitor Name: Standaardbeeldscherm on NVIDIA GeForce4 MX 440 with AGP8X Current Resolution: 1024x768 pixels Work Resolution: 1024x734 pixels State: enabled, primary, output devices support Monitor Width: 1024 Monitor Height: 768 Monitor BPP: 32 bits per pixel Monitor Frequency: 60 Hz Device: \\.\DISPLAY1\Monitor0 NVIDIA GeForce4 MX 440 with AGP8X GPU: NV18 Device ID: 10DE-0181 Revision: A5 Subvendor: Undefined (0000) Technology: 150 nm Transistors: 29 M Release Date: Oct 2002 DirectX Support: 7.0 OpenGL Support: 1.2 Driver: nv4_disp.dll Driver version: 6.14.1.4351 BIOS Version: 4.18.28.13.00 ROPs: 2 Shaders: Vertex 2/Pixel 2 Memory Type: DDR Memory: 64 MB Bus Width: 128 Bit Hard Drives Maxtor 6Y080L0 Manufacturer: Maxtor Serial Number: Y24GFD9E Interface: IDE Capacity: 80GB Real size: 81.964.302.336 bytes S.M.A.R.T 03 Spin-Up Time: 225 (225 worst) Data 0000002D74 04 Start/Stop Count: 251 (251) Data 00000010CB 05 Reallocated Sectors Count: 158 (158) Data 00000003C4 06 Read Channel Margin: 253 (253) Data 0000000000 07 Seek Error Rate: 253 (251) Data 0000000000 08 Seek Time Performance: 249 (242) Data 000000A5F8 09 Power-On Hours (POH): 213 (213) Data 000000BB1E 0A Spin Retry Count: 253 (252) Data 0000000000 0B Recalibration Retries: 253 (252) Data 0000000000 0C Device Power Cycle Count: 243 (243) Data 00000010E0 63 : 253 (253) Data 0000000000 64 : 253 (253) Data 0000000000 65 : 253 (253) Data 0000000000 80 : 000 (001) Data 000100035B C0 Power-off Retract Count: 253 (253) Data 0000000000 C1 Load/Unload Cycle Count: 253 (253) Data 0000000000 C2 Temperature: 253 (253) Data 000000002C C3 Hardware ECC Recovered: 253 (252) Data 0000000EE8 C4 Reallocation Event Count: 253 (253) Data 0000000000 C5 Current Pending Sector Count: 253 (253) Data 0000000000 C6 Uncorrectable Sector Count: 253 (253) Data 0000000000 C7 UltraDMA CRC Error Count: 199 (198) Data 0000000001 C8 Write Error Rate / Multi-Zone Error Rate: 253 (252) Data 0000000000 C9 Soft Read Error Rate: 253 (252) Data 000000000A CA Data Address Mark errors: 253 (252) Data 0000000000 CB Run Out Cancel: 253 (252) Data 0000000000 CC Soft ECC Correction: 253 (252) Data 0000000000 CD Thermal Asperity Rate (TAR): 253 (252) Data 0000000000 CF Spin High Current: 253 (252) Data 0000000000 D0 Spin Buzz: 253 (252) Data 0000000000 D1 Offline Seek Performance: 193 (193) Data 0000000000 Temperature: 44 °C Temperature Range: ok (less than 50 °C) Status: Good Partition 0 Partition ID: Disk #0, Partition #0 Disk Letter: C: File System: NTFS Volume Serial Number: 502176C7 Size: 39.1GB Used Space: 9.55GB (25%) Free Space: 29.5GB (75%) Partition 1 Partition ID: Disk #0, Partition #1 Disk Letter: D: File System: NTFS Volume Serial Number: D0377BE8 Size: 37.3GB Used Space: 76MB (1%) Free Space: 37.2GB (99%) Optical Drives E-IDE CD -952E/AKV Media Type: CD-ROM Name: E-IDE CD -952E/AKV Availability: Running/Full Power Capabilities: Random Access, Supports Removable Media Config Manager Error Code: Device is working properly Config Manager User Config: FALSE Drive: F: Media Loaded: FALSE SCSI Bus: 0 SCSI Logical Unit: 0 SCSI Port: 1 SCSI Target Id: 1 Status: OK Audio Sound Cards Logitech Microphone (Pro 4000) VIA AC'97 Enhanced Audio Controller (WDM) Playback Device Logitech Microphone (Pro 4000) Recording Device VIA AC'97 Audio (WAVE) Peripherals Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord Device Kind: Keyboard Device Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord Location: Op toetsenbordpoort aangesloten Driver Date: 7-1-2001 Version: 5.1.2600.1106 File: C:\WINDOWS\system32\DRIVERS\i8042prt.sys File: C:\WINDOWS\system32\DRIVERS\kbdclass.sys HID-compliant muis Device Kind: Mouse Device Name: HID-compliant muis Vendor: Logitech Location: Location 0 Driver Date: 7-1-2001 Version: 5.1.2600.0 File: C:\WINDOWS\system32\DRIVERS\mouclass.sys File: C:\WINDOWS\system32\DRIVERS\mouhid.sys hp deskjet 5600 series Device Kind: Printer Device Name: hp deskjet 5600 series Location: Ondersteuning voor USB-afdrukken Driver Date: 7-29-2003 Version: 9.4.2.0 File: C:\WINDOWS\System32\spool\DRIVERS\COLOR\sRGB Color Space Profile.icm File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzrm309.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzstw09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpfmom09.hlp File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzr3209.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzcon09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpf4bk09.dat File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzcfg09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzeng09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzflt09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzime09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzrer09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzjui09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzpre09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzres09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzstc09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpztbi09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpztbu09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpztbx09.exe File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzvip09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzpm309.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpz2ku09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzlnt09.dll File: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpdeskjet_5600f8a2\hpzcoi09.dll File: C:\WINDOWS\system32\hpzcon09.dll File: C:\WINDOWS\system32\hpzcoi09.dll File: C:\WINDOWS\system32\hpzlnt09.dll Logitech QuickCam Pro 4000 Device Kind: Camera/scanner Device Name: Logitech QuickCam Pro 4000 Vendor: Logitech Comment: Logitech QuickCam Pro 4000 Location: USB Device (Location 0) Driver Date: 2-3-2007 Version: 10.5.1.2023 File: C:\WINDOWS\system32\ksuser.dll File: C:\WINDOWS\system32\ksproxy.ax File: C:\WINDOWS\system32\drivers\ks.sys File: C:\WINDOWS\system32\kstvtune.ax File: C:\WINDOWS\system32\ksxbar.ax File: C:\WINDOWS\system32\kswdmcap.ax File: C:\WINDOWS\system32\vidcap.ax File: C:\WINDOWS\system32\vfwwdm32.dll File: C:\WINDOWS\system32\iyuv_32.dll File: C:\WINDOWS\system32\msh263.drv File: C:\WINDOWS\system32\msyuv.dll File: C:\WINDOWS\system32\tsbyuv.dll File: C:\Program Files\Common Files\logishrd\WUApp32.exe File: C:\WINDOWS\system32\drivers\Camdrl.sys File: C:\WINDOWS\system\CamExL20.dll File: C:\WINDOWS\system\msvcr71.dll File: C:\WINDOWS\system\CamExL20.ax File: C:\WINDOWS\TWAIN_32\QuickCam\lvWIAext.dll File: C:\WINDOWS\system32\lvcodec2.dll File: C:\WINDOWS\system32\LVUI2.dll File: C:\WINDOWS\system32\LVUI2RC.dll File: C:\WINDOWS\system32\drivers\LVUSBSta.sys File: C:\WINDOWS\system32\lvci1051.dll File: C:\WINDOWS\system32\lvcoinst.ini File: C:\WINDOWS\system32\Repository.reg CanoScan D660U Device Kind: Camera/scanner Device Name: CanoScan D660U Vendor: Unknown Comment: CanoScan D660U #2 Location: CanoScan (Location 0) Driver Date: 9-22-2000 Version: 5.8.1.0 File: C:\WINDOWS\system32\drivers\usbscan.sys File: C:\WINDOWS\system32\D066UUD.DLL File: C:\WINDOWS\system32\D066UCPL.DLL File: C:\WINDOWS\system32\D066UFW.DLL File: C:\WINDOWS\system32\AGFUNC.DLL File: C:\WINDOWS\system32\D066UUTY.DLL File: C:\WINDOWS\system32\UCS32P.DLL File: C:\WINDOWS\twain_32\D66U\D066UUI.DLL File: C:\WINDOWS\twain_32\D66U\CISDS.DS File: C:\WINDOWS\twain_32\D66U\CANOIT32.EXE File: C:\WINDOWS\twain_32\D66U\LTKRN10N.DLL File: C:\WINDOWS\twain_32\D66U\CSUI.CNT File: C:\WINDOWS\twain_32\D66U\CSUI.DLL File: C:\WINDOWS\twain_32\D66U\CSUI.HLP File: C:\WINDOWS\twain_32\D66U\IMGENH.DLL File: C:\WINDOWS\twain_32\D66U\IOP.DLL File: C:\WINDOWS\twain_32\D66U\ITLIB32.DLL File C:\WINDOWS\twain_32\D66U\SCANINTF.DLL File: C:\WINDOWS\twain_32\D66U\SYSERROR.EXE File: C:\WINDOWS\twain_32\D66U\TPM.DLL File: C:\WINDOWS\twain_32\D66U\README.TXT File: C:\WINDOWS\twain_32\D66U\D066UR.DAT File: C:\WINDOWS\twain_32\D66U\D066UP.DAT File: C:\WINDOWS\twain_32\D66U\D066UN.DAT File: C:\WINDOWS\twain_32\D66U\D066UUTY.EXE File: C:\WINDOWS\system32\spool\drivers\Color\CNS60K.ICC File: C:\WINDOWS\system32\spool\drivers\Color\CNS60L.ICC File: C:\WINDOWS\system32\spool\drivers\Color\CNS60M.ICC File: C:\WINDOWS\system32\spool\drivers\Color\CNZ005.ICC Logitech Microphone (Pro 4000) Device Kind: Audio device Device Name: Logitech Microphone (Pro 4000) Vendor: Logitech Location: USB Device (Location 0) Driver Date: 2-3-2007 Version: 10.5.1.2023 File: C:\WINDOWS\system32\ksuser.dll File: C:\WINDOWS\system32\ksproxy.ax File: C:\WINDOWS\system32\drivers\ks.sys File: C:\WINDOWS\system32\drivers\drmk.sys File: C:\WINDOWS\system32\drivers\portcls.sys File: C:\WINDOWS\system32\drivers\stream.sys File: C:\WINDOWS\system32\wdmaud.drv File: C:\WINDOWS\system32\drivers\USBAUDIO.sys File: C:\Program Files\Common Files\logishrd\WUApp32.exe File: C:\WINDOWS\system32\drivers\LVUSBSta.sys File: C:\WINDOWS\system32\lvci1051.dll File: C:\WINDOWS\system32\lvcoinst.ini File: C:\WINDOWS\system32\Repository.reg Network You are connected to the internet Connected through: Realtek RTL8029(AS) PCI Ethernet Adapter - Pakketplanner-minipoort Adapter Type: Ethernet WinInet Info LAN-verbinding Local system uses a local area network to connect to the Internet Local system has RAS to connect to the Internet goed zo??
  2. Key code Athalon hoe lang het duurt is verschillend soms na 3 sec soms half uur soms om de paar min .en wat ik doe is risetten das ook het enige dat kan voor de rest werkt er niets meer.je kan um ook niet uitzetten,het enige wat ik kan zeggen is dat het beeld op zn moment een beetje strepen trekt.
  3. hi ik kan venster van bios niet vinden. ik denk maar dat we zo ff door blijven modderen, en dan maar eens nieuwe pc moeten kopen.
  4. al geprobeerd haalt niets uit, wel geeft pc bij het afsluiten aan.HPCMPMGRe.x.e
  5. de pc loopt gewoon vast ,zonder foutmelding en blijft gewoon in het scherm staan waar je op dat moment bent. en nee heb xp niet opnieuw geinstaleerd.maar als i vast staat kun je dus ook niets meer doen.
  6. hi bij het minste of geringste loopt onze pc vast. systeem herstel lukt ook niet, wie kan ons hierbij helpen?? groetjes johnny.
  7. heeeeeeee,...... eindelijk gelukt oude eraf nieuwe erop, heel erg bedankt en tot later weer doei doei groetjes johnny en marian
  8. dit zijn de gevraagde screens groetjes johnny
  9. hi,... het spijt me te moeten zeggen, maar alles is nog precies zo het was in het configuratie scherm geeft i nog steeds aan nod 32 daar staat alleen bij wijzigen,probeer je dit dan geeft i een foutmelding van verkeerd netwerk,..... hoe nu verder. groetjes johnny
  10. ComboFix 10-09-29.03 - johnny 30-09-2010 10:19:38.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.305 [GMT 2:00] Gestart vanuit: c:\documents and settings\johnny\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\johnny\Bureaublad\CFScript.txt..txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\windows\system32\DRIVERS\ehdrv.sys" "c:\windows\system32\DRIVERS\epfwtdir.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EHDRV -------\Legacy_EPFWTDIR -------\Service_ehdrv -------\Service_epfwtdir (((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))) . 2010-09-29 12:40 . 2010-09-29 12:40 -------- d-----w- c:\documents and settings\johnny\Application Data\Malwarebytes 2010-09-29 12:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-29 12:39 . 2010-09-29 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-29 12:39 . 2010-09-29 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-29 12:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-29 09:15 . 2010-09-30 08:16 -------- d--h--r- c:\documents and settings\johnny\Onlangs geopend 2010-09-28 21:24 . 2010-09-29 12:08 388096 ----a-r- c:\documents and settings\johnny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-28 21:24 . 2010-09-28 21:24 -------- d-----w- c:\program files\Trend Micro 2010-09-28 11:35 . 2010-09-28 11:35 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\IECompatCache 2010-09-28 11:29 . 2010-09-28 11:29 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\PrivacIE 2010-09-28 11:28 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2010-09-28 11:12 . 2010-09-28 11:12 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\IETldCache 2010-09-28 11:11 . 2010-09-29 08:51 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC\Local Settings\Application Data\Microsoft 2010-09-28 11:11 . 2010-09-29 08:51 -------- d--h--w- c:\documents and settings\Administrator.JOHNNY-PC\Sjablonen 2010-09-28 11:11 . 2010-09-28 11:29 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC\Favorieten 2010-09-28 11:11 . 2010-09-29 08:51 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC 2010-09-25 21:41 . 2010-09-25 21:41 12536 ----a-w- c:\windows\system32\avgrsstx(2).dll 2010-09-25 21:41 . 2010-09-25 21:41 -------- d-----w- c:\windows\system32\drivers\Avg(2) 2010-09-25 21:34 . 2010-09-29 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-09-25 20:34 . 2010-09-29 09:11 -------- dc-h--w- c:\windows\ie8 2010-09-25 19:01 . 2010-09-25 19:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-09-25 19:00 . 2010-09-29 09:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-09-25 19:00 . 2010-09-29 09:11 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen 2010-09-25 19:00 . 2010-09-29 09:07 -------- d-----w- c:\documents and settings\Administrator 2010-09-10 13:25 . 2010-09-10 13:26 -------- d-----w- c:\windows\system32\NtmsData 2010-09-08 12:11 . 2010-09-08 12:11 -------- d-----w- c:\program files\Microsoft.NET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-29 16:17 . 2009-12-03 08:44 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-29 12:20 . 2010-01-30 17:28 -------- d-----w- c:\documents and settings\johnny\Application Data\Download Manager 2010-09-29 09:11 . 2009-09-10 18:59 -------- d-----w- c:\program files\QuickTime 2010-09-29 08:51 . 2009-02-09 15:41 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-28 23:03 . 2003-04-08 12:00 686178 ----a-w- c:\windows\system32\perfh013.dat 2010-09-28 23:03 . 2003-04-08 12:00 149360 ----a-w- c:\windows\system32\perfc013.dat 2010-09-28 22:24 . 2008-12-29 13:49 53616 ----a-w- c:\documents and settings\johnny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-21 19:54 . 2009-02-07 17:20 -------- d-----w- c:\documents and settings\johnny\Application Data\MSN6 2010-08-17 13:17 . 2008-12-29 15:55 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-22 15:46 . 2008-12-29 15:55 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152] "NVIEW"="nview.dll" [2003-04-02 831557] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192] "nwiz"="nwiz.exe" [2003-04-02 323584] "PrnSys Executable"="c:\program files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [2002-08-01 36864] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [28-12-2008 15:55 79588] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-2-2010 19:50 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [29-12-2008 17:55 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map 2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:50] 2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:50] 2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{354B81F0-AC07-431F-A181-98876B8D2962}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.zeelandnet.nl/ uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-30 10:27 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1120) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\SearchIndexer.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe . ************************************************************************** . Voltooingstijd: 2010-09-30 10:31:05 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-30 08:31 ComboFix2.txt 2010-09-30 07:41 ComboFix3.txt 2010-09-29 20:34 Pre-Run: 29.100.335.104 bytes beschikbaar Post-Run: 29.091.299.328 bytes beschikbaar - - End Of File - - EDC022BC4E036D8C990D316115618AF6 Hoihoi weer een deel, en nu?? groetjes johnny
  11. ComboFix 10-09-28.03 - johnny 29-09-2010 22:23:06.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.199 [GMT 2:00] Gestart vanuit: c:\documents and settings\johnny\Bureaublad\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))) . 2010-09-29 12:40 . 2010-09-29 12:40 -------- d-----w- c:\documents and settings\johnny\Application Data\Malwarebytes 2010-09-29 12:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-29 12:39 . 2010-09-29 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-29 12:39 . 2010-09-29 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-29 12:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-29 09:15 . 2010-09-29 12:18 -------- d--h--r- c:\documents and settings\johnny\Onlangs geopend 2010-09-28 21:24 . 2010-09-29 12:08 388096 ----a-r- c:\documents and settings\johnny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-28 21:24 . 2010-09-28 21:24 -------- d-----w- c:\program files\Trend Micro 2010-09-28 11:35 . 2010-09-28 11:35 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\IECompatCache 2010-09-28 11:29 . 2010-09-28 11:29 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\PrivacIE 2010-09-28 11:28 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2010-09-28 11:12 . 2010-09-28 11:12 -------- d-sh--w- c:\documents and settings\Administrator.JOHNNY-PC\IETldCache 2010-09-28 11:11 . 2010-09-29 08:51 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC\Local Settings\Application Data\Microsoft 2010-09-28 11:11 . 2010-09-29 08:51 -------- d--h--w- c:\documents and settings\Administrator.JOHNNY-PC\Sjablonen 2010-09-28 11:11 . 2010-09-28 11:29 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC\Favorieten 2010-09-28 11:11 . 2010-09-29 08:51 -------- d-----w- c:\documents and settings\Administrator.JOHNNY-PC 2010-09-25 21:41 . 2010-09-25 21:41 12536 ----a-w- c:\windows\system32\avgrsstx(2).dll 2010-09-25 21:41 . 2010-09-25 21:41 -------- d-----w- c:\windows\system32\drivers\Avg(2) 2010-09-25 21:34 . 2010-09-29 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-09-25 20:34 . 2010-09-29 09:11 -------- dc-h--w- c:\windows\ie8 2010-09-25 19:01 . 2010-09-25 19:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-09-25 19:00 . 2010-09-29 09:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-09-25 19:00 . 2010-09-29 09:11 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen 2010-09-25 19:00 . 2010-09-29 09:07 -------- d-----w- c:\documents and settings\Administrator 2010-09-10 13:25 . 2010-09-10 13:26 -------- d-----w- c:\windows\system32\NtmsData 2010-09-08 12:11 . 2010-09-08 12:11 -------- d-----w- c:\program files\Microsoft.NET . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-29 16:17 . 2009-12-03 08:44 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-29 12:20 . 2010-01-30 17:28 -------- d-----w- c:\documents and settings\johnny\Application Data\Download Manager 2010-09-29 09:11 . 2009-09-10 18:59 -------- d-----w- c:\program files\QuickTime 2010-09-29 08:51 . 2009-02-09 15:41 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-28 23:03 . 2003-04-08 12:00 686178 ----a-w- c:\windows\system32\perfh013.dat 2010-09-28 23:03 . 2003-04-08 12:00 149360 ----a-w- c:\windows\system32\perfc013.dat 2010-09-28 22:24 . 2008-12-29 13:49 53616 ----a-w- c:\documents and settings\johnny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-21 19:54 . 2009-02-07 17:20 -------- d-----w- c:\documents and settings\johnny\Application Data\MSN6 2010-08-17 13:17 . 2008-12-29 15:55 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-22 15:46 . 2008-12-29 15:55 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152] "NVIEW"="nview.dll" [2003-04-02 831557] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192] "nwiz"="nwiz.exe" [2003-04-02 323584] "PrnSys Executable"="c:\program files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [2002-08-01 36864] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [28-12-2008 15:55 79588] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-2-2010 19:50 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [29-12-2008 17:55 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map 2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:50] 2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:50] 2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{354B81F0-AC07-431F-A181-98876B8D2962}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.zeelandnet.nl/ uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-NWEReboot - (no file) HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - c:\program files\Eset\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-29 22:30 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\ATL.DLL - - - - - - - > 'explorer.exe'(3744) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\SearchIndexer.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe . ************************************************************************** . Voltooingstijd: 2010-09-29 22:34:34 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-29 20:34 Pre-Run: 28.581.236.736 bytes beschikbaar Post-Run: 29.081.804.800 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 923FFB98AA6045B4DEDEA0959F165B62 hi weer een deel,....... en nu??
  12. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4715 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29-9-2010 14:53:07 mbam-log-2010-09-29 (14-53-07).txt Scantype: Snelle scan Objecten gescand: 149338 Verstreken tijd: 11 minuut/minuten, 8 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 4 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Documents and Settings\johnny\Favorieten\Free **** - Adult Videos.url (Rogue.Link) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:01:43, on 29-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ZeelandNet, startpagina van Zeeland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230561941171 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7350 bytes he he we zijn er weer,..... wat nu groetjes johnny.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.