niorune
-
Items
11 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door niorune
-
Telkens als ik mijn externe harddisk open via verkenner krijg ik de melding This program requires the file advrcntr2.dll, which was not found on this system. Dit komt van Nero Wat moet ik hier aan doen om dit vermijden ? MVG, Patrick
-
Hallo Kape, nogmaals bedankt ! Ik heb er AVG op gezet nu als antivirus. Alleen het probleem met de update blijft een probleem, hij geeft dat nu terug aan om die update te doen ?! Verder werkt de laptop ietsje sneller Mvg, Patrick
-
Hier de logs : Wat het antivirus betreft is er wel Norton maar deze stond erop als ik de laptop kocht. Maar er zijn nergens files van te vinden ? Als ik ComboFix start geeft het dit telkens aan dat Norton nog draait maar kan deze niet uitzetten :s ComboFix 09-03-23.01 - arno 2009-03-25 10:22:06.3 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1258 [GMT 1:00] Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt AV: BitDefender Antivirus *On-access scanning disabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: BitDefender Firewall *disabled* FW: Norton Internet Security *enabled* * Nieuw herstelpunt werd aangemaakt FILE :: c:\users\arno\AppData\Roaming\Microsoft\winlog.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\arno\AppData\Roaming\Microsoft\winlog.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))) . 2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\users\All Users\DVD Shrink 2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\programdata\DVD Shrink 2009-03-24 20:22 . 2009-03-24 20:22 <DIR> d----c--- c:\program files\DVD Shrink 2009-03-24 20:09 . 2009-03-24 20:09 <DIR> d----c--- C:\WTablet 2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp 2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp 2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData 2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro 2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest 2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter 2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll 2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour 2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe 2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC 2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent 2009-03-13 13:10 . 2009-03-24 21:13 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO 2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid 2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon 2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll 2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll 2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax 2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys 2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll 2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat 2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter 2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow 2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL 2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo 2009-02-28 16:05 . 2009-03-24 21:16 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL 2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 08:55 --------- dc----w c:\users\arno\AppData\Roaming\WTablet 2009-03-24 21:37 135,168 -c--a-w c:\windows\Cursors\supdate.exe 2009-03-24 21:19 241,665 -c-ha-w c:\windows\Cursors\lsass.exe 2009-03-24 19:36 --------- dc----w c:\users\arno\AppData\Roaming\Ahead 2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent 2009-03-24 14:02 --------- dc----w c:\programdata\Ahead 2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead 2009-03-24 13:59 --------- dc----w c:\programdata\Nero 2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP 2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware 2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel 2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro 2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys 2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center 2009-03-22 20:25 --------- dc----w c:\program files\Nero 2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer 2009-03-21 11:02 --------- dc----w c:\program files\iTunes 2009-03-21 11:02 --------- dc----w c:\program files\iPod 2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple 2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus 2009-03-12 09:11 --------- dc----w c:\program files\Conduit 2009-03-12 08:23 --------- dc----w c:\program files\Glyph 2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail 2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat 2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss 2009-03-03 09:59 --------- dc----w c:\program files\Opera 2009-02-28 22:00 --------- dc----w c:\programdata\WinZip 2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3 2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader 2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool 2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe 2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems 2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle 2009-02-19 09:27 --------- dc----w c:\programdata\Corel 2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel 2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin 2009-02-18 09:10 --------- dc----w c:\program files\Windows Live 2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems 2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information 2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared 2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0 2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software 2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software 2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker 2009-02-11 10:07 --------- dc----w c:\programdata\Awem 2009-02-11 10:06 --------- dc----w c:\program files\Alawar 2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest 2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia 2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis 2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia 2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU 2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter 2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU 2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU 2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc 2009-02-08 21:45 --------- dc----w c:\program files\Audacity 2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey 2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter 2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com 2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN 2009-02-08 13:18 --------- dc----w c:\programdata\Azureus 2009-02-08 13:17 --------- dc----w c:\program files\Vuze 2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent 2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo 2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro 2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3 2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3 2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll 2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys 2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live 2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone 2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames 2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin 2009-02-04 22:24 --------- dc----w c:\program files\Vplaces 2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys 2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys 2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll 2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections 2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc 2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc 2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll 2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll 2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll 2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll 2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom 2009-01-31 19:51 --------- dc----w c:\programdata\Zylom 2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works 2009-01-30 20:47 --------- dc----w c:\program files\Sony 2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games 2009-01-28 08:01 --------- dc----w c:\program files\QuickTime 2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures 2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia 2009-01-26 16:07 --------- dc----w c:\program files\Java 2009-01-26 16:06 --------- dc----w c:\program files\LimeWire . ((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-25 08:57:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-25 08:57:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-25 08:57:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-25 08:57:52 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-25 09:17:18 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-03-25 08:55:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin + 2009-03-25 08:57:13 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin - 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-25 08:57:12 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-25 08:57:11 70,246 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] 2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408] "Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "beid"=c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire "UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire "TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520] R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808] R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}] \shell\AutoRun\command - G:\AutoRunCardDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}] \shell\AutoRun\command - H:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4C494556-4C49-4C49-4C49-4C494556454B}] "c:\windows\Cursors\lsass.exe" /s . Inhoud van de 'Gedeelde Taken' map 2009-03-25 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-25 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 11:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 10:24:30 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'lsass.exe'(1212) c:\program files\Bonjour\mdnsNSP.dll . Voltooingstijd: 2009-03-25 10:26:58 ComboFix-quarantined-files.txt 2009-03-25 09:26:56 ComboFix2.txt 2009-03-24 19:05:16 ComboFix3.txt 2009-03-24 14:58:43 Pre-Run: 16.599.662.592 bytes beschikbaar Post-Run: 16,374,767,616 bytes beschikbaar 349 --- E O F --- 2009-03-24 11:00:51 ______________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:42, on 25/03/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 6951 bytes
-
Scan genomen met online malware scan : Jotti's Scan taken on 24 Mar 2009 21:47:40 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found W32/SelfStarterInternetTrojan!Maximus (probable variant) F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found probably unknown NewHeur_PE (probable variant) Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found Sus/Delf-J (probable variant) VirusBuster Found nothing VBA32 Found Win32 Shadow Socket Open (probable variant)
-
Hallo Kape, hier eerst het Combofix logfile en dan het Hijackthis file : ComboFix 09-03-23.01 - arno 2009-03-24 20:00:33.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1225 [GMT 1:00] Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt AV: BitDefender Antivirus *On-access scanning disabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: BitDefender Firewall *disabled* FW: Norton Internet Security *enabled* * Nieuw herstelpunt werd aangemaakt FILE :: c:\programdata\B9B41EDB68.sys c:\users\All Users\B9B41EDB68.sys c:\windows\System32\avfsae.exe c:\windows\System32\czvevi.exe c:\windows\System32\dmchol.exe c:\windows\system32\drivers\PxHelp20.sys c:\windows\System32\expahz.exe c:\windows\System32\fpzicy.exe c:\windows\System32\ftozew.exe c:\windows\System32\gzpzjq.exe c:\windows\System32\hlskzy.exe c:\windows\System32\igqoaz.exe c:\windows\System32\jcfoqx.exe c:\windows\System32\jgqbtb.exe c:\windows\System32\jripyo.exe c:\windows\System32\niocvi.exe c:\windows\System32\pqpbsi.exe c:\windows\System32\pxcpyi64.exe c:\windows\System32\pxinsi64.exe c:\windows\System32\vampqp.exe c:\windows\System32\wr73716.dll c:\windows\System32\xa15567421.exe c:\windows\System32\xa15567843.exe c:\windows\System32\xa17773140.exe c:\windows\System32\xa17773843.exe c:\windows\System32\xa18274281.exe c:\windows\System32\xa18274578.exe c:\windows\System32\xwr73716.dll c:\windows\System32\zwgmfg.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\B9B41EDB68.sys c:\windows\System32\avfsae.exe c:\windows\System32\czvevi.exe c:\windows\System32\dmchol.exe c:\windows\system32\drivers\PxHelp20.sys c:\windows\System32\expahz.exe c:\windows\System32\fpzicy.exe c:\windows\System32\ftozew.exe c:\windows\System32\gzpzjq.exe c:\windows\System32\hlskzy.exe c:\windows\System32\igqoaz.exe c:\windows\System32\jcfoqx.exe c:\windows\System32\jgqbtb.exe c:\windows\System32\jripyo.exe c:\windows\System32\niocvi.exe c:\windows\System32\pqpbsi.exe c:\windows\System32\pxcpyi64.exe c:\windows\System32\pxinsi64.exe c:\windows\System32\vampqp.exe c:\windows\System32\wr73716.dll c:\windows\System32\xa15567421.exe c:\windows\System32\xa15567843.exe c:\windows\System32\xa17773140.exe c:\windows\System32\xa17773843.exe c:\windows\System32\xa18274281.exe c:\windows\System32\xa18274578.exe c:\windows\System32\xwr73716.dll c:\windows\System32\zwgmfg.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp 2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp 2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData 2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro 2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest 2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter 2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll 2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour 2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe 2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC 2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent 2009-03-13 13:10 . 2009-03-13 13:16 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO 2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid 2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon 2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll 2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll 2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax 2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys 2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll 2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat 2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter 2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow 2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL 2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo 2009-02-28 16:05 . 2009-02-28 16:06 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL 2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 18:17 --------- dc----w c:\users\arno\AppData\Roaming\WTablet 2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent 2009-03-24 14:03 --------- dc----w c:\users\arno\AppData\Roaming\Ahead 2009-03-24 14:02 --------- dc----w c:\programdata\Ahead 2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead 2009-03-24 13:59 --------- dc----w c:\programdata\Nero 2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP 2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware 2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel 2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro 2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys 2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center 2009-03-22 20:25 --------- dc----w c:\program files\Nero 2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer 2009-03-21 11:02 --------- dc----w c:\program files\iTunes 2009-03-21 11:02 --------- dc----w c:\program files\iPod 2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple 2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus 2009-03-12 09:11 --------- dc----w c:\program files\Conduit 2009-03-12 08:23 --------- dc----w c:\program files\Glyph 2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail 2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat 2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss 2009-03-03 09:59 --------- dc----w c:\program files\Opera 2009-02-28 22:00 --------- dc----w c:\programdata\WinZip 2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3 2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader 2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool 2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe 2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems 2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle 2009-02-19 09:27 --------- dc----w c:\programdata\Corel 2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel 2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin 2009-02-18 09:10 --------- dc----w c:\program files\Windows Live 2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems 2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information 2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared 2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0 2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software 2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software 2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker 2009-02-11 10:07 --------- dc----w c:\programdata\Awem 2009-02-11 10:06 --------- dc----w c:\program files\Alawar 2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest 2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia 2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis 2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia 2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU 2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter 2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU 2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU 2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc 2009-02-08 21:45 --------- dc----w c:\program files\Audacity 2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey 2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter 2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com 2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN 2009-02-08 13:18 --------- dc----w c:\programdata\Azureus 2009-02-08 13:17 --------- dc----w c:\program files\Vuze 2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent 2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo 2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro 2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3 2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3 2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll 2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys 2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live 2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone 2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames 2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin 2009-02-04 22:24 --------- dc----w c:\program files\Vplaces 2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys 2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys 2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll 2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections 2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc 2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc 2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll 2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll 2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll 2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll 2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom 2009-01-31 19:51 --------- dc----w c:\programdata\Zylom 2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works 2009-01-30 20:47 --------- dc----w c:\program files\Sony 2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games 2009-01-28 08:01 --------- dc----w c:\program files\QuickTime 2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures 2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia 2009-01-26 16:07 --------- dc----w c:\program files\Java 2009-01-26 16:06 --------- dc----w c:\program files\LimeWire 2009-01-26 14:05 --------- dc----w c:\program files\Secunia 2009-01-25 22:15 --------- dc----w c:\program files\Spyware Doctor . ((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-24 18:19:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-24 18:19:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-24 18:18:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-24 18:57:42 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-03-24 16:01:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin + 2009-03-24 18:19:11 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin - 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-24 18:19:11 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-24 15:05:41 69,558 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] 2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408] "Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264] "winlog.exe"="c:\users\arno\AppData\Roaming\Microsoft\winlog.exe" [2009-03-24 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "beid"=c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire "UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire "TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520] R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808] R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}] \shell\AutoRun\command - G:\AutoRunCardDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}] \shell\AutoRun\command - H:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-03-24 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 11:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 20:02:44 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-24 20:05:15 ComboFix-quarantined-files.txt 2009-03-24 19:05:13 ComboFix2.txt 2009-03-24 14:58:43 Pre-Run: 14.837.702.656 bytes beschikbaar Post-Run: 17,057,345,536 bytes beschikbaar 393 --- E O F --- 2009-03-24 11:00:51 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:06, on 24/03/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe O4 - HKCU\..\Run: [winlog.exe] C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 7086 bytes
-
Nu krijg ik geen melding meer dat het beveiligingscentrum niet werkt ! Maar deze download blijft zich ook al maanden herhalen, ik mag deze downloaden maar enkele dagen nadien geeft hij deze weer als eccentiele download : KB954430: Beveiligingsupdate voor Microsoft XML Core Services 4.0 Service Pack 2 Downloadgrootte: 5,4 MB U moet de computer mogelijk opnieuw opstarten om deze update van kracht te laten worden. Type update: Belangrijk Er is een beveiligingsprobleem vastgesteld in Microsoft XML Core Services (MSXML) waardoor een kwaadwillende gebruiker uw Windows-systeem kan beschadigen en beheer over het systeem kan krijgen. U kunt uw computer hiertegen beveiligen door deze update van Microsoft te installeren. Wanneer u deze update hebt geïnstalleerd, moet u de computer mogelijk opnieuw opstarten. Deze update kan na installatie niet worden verwijderd. Meer informatie: Microsoft Security Bulletin MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) Help en ondersteuning: Microsoft Help and Support Hier het logfile van Combofix : ComboFix 09-03-23.01 - arno 2009-03-24 15:48:07.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1041 [GMT 1:00] Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: BitDefender Firewall *disabled* FW: Norton Internet Security *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\winvi c:\program files\winvi\dsktp\AC_RunActiveContent.js c:\program files\winvi\dsktp\desktop.html c:\program files\winvi\dsktp\internetDetection.swf c:\program files\winvi\dsktp\settings.sol c:\program files\winvi\version.ini c:\users\arno\AppData\Roaming\020000006fa68c43530C.manifest c:\users\arno\AppData\Roaming\020000006fa68c43530O.manifest c:\users\arno\AppData\Roaming\020000006fa68c43530P.manifest c:\users\arno\AppData\Roaming\020000006fa68c43530S.manifest c:\users\arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url c:\users\arno\FAVORI~1\Videos.url c:\users\arno\Favorites\Videos.url c:\windows\system32\GroupPolicy000.dat c:\windows\system32\mdm.exe D:\install.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp 2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp 2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData 2009-03-24 10:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\igqoaz.exe 2009-03-24 10:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\fpzicy.exe 2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro 2009-03-24 09:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\vampqp.exe 2009-03-24 09:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\niocvi.exe 2009-03-23 22:14 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\pqpbsi.exe 2009-03-23 22:14 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\czvevi.exe 2009-03-23 20:44 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\gzpzjq.exe 2009-03-23 20:44 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\dmchol.exe 2009-03-23 20:21 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\avfsae.exe 2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest 2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter 2009-03-23 08:09 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\ftozew.exe 2009-03-22 21:25 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\hlskzy.exe 2009-03-22 10:20 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jripyo.exe 2009-03-22 10:20 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\expahz.exe 2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll 2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour 2009-03-21 11:08 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jgqbtb.exe 2009-03-21 11:08 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jcfoqx.exe 2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe 2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC 2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent 2009-03-13 13:10 . 2009-03-13 13:16 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO 2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid 2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon 2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon 2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll 2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll 2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax 2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys 2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll 2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat 2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter 2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow 2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL 2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx 2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo 2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo 2009-02-28 16:05 . 2009-02-28 16:06 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL 2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 14:03 --------- dc----w c:\users\arno\AppData\Roaming\Ahead 2009-03-24 14:02 --------- dc----w c:\programdata\Ahead 2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead 2009-03-24 13:59 --------- dc----w c:\programdata\Nero 2009-03-24 13:46 --------- dc----w c:\users\arno\AppData\Roaming\WTablet 2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP 2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware 2009-03-24 09:01 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent 2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel 2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro 2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys 2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center 2009-03-22 20:25 --------- dc----w c:\program files\Nero 2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer 2009-03-21 11:02 --------- dc----w c:\program files\iTunes 2009-03-21 11:02 --------- dc----w c:\program files\iPod 2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple 2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus 2009-03-12 09:11 --------- dc----w c:\program files\Conduit 2009-03-12 08:23 --------- dc----w c:\program files\Glyph 2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail 2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat 2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss 2009-03-03 09:59 --------- dc----w c:\program files\Opera 2009-02-28 22:00 --------- dc----w c:\programdata\WinZip 2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight 2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3 2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader 2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool 2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe 2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems 2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle 2009-02-19 09:27 --------- dc----w c:\programdata\Corel 2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel 2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin 2009-02-18 09:10 --------- dc----w c:\program files\Windows Live 2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems 2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information 2009-02-16 17:21 20,640 -c----w c:\windows\system32\drivers\PxHelp20.sys 2009-02-16 17:21 109,568 -c----w c:\windows\System32\pxinsi64.exe 2009-02-16 17:21 108,544 -c----w c:\windows\System32\pxcpyi64.exe 2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared 2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0 2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software 2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software 2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker 2009-02-11 10:07 --------- dc----w c:\programdata\Awem 2009-02-11 10:06 --------- dc----w c:\program files\Alawar 2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest 2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia 2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis 2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia 2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia 2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU 2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter 2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU 2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU 2009-02-10 13:43 1,679,360 -c--a-w c:\windows\System32\xa18274578.exe 2009-02-10 13:43 1,679,360 -c--a-w c:\windows\System32\xa18274281.exe 2009-02-10 13:35 1,679,360 -c--a-w c:\windows\System32\xa17773843.exe 2009-02-10 13:35 1,679,360 -c--a-w c:\windows\System32\xa17773140.exe 2009-02-10 12:58 172,032 -c--a-w c:\windows\System32\xwr73716.dll 2009-02-10 12:58 172,032 -c--a-w c:\windows\System32\wr73716.dll 2009-02-10 12:58 1,679,360 -c--a-w c:\windows\System32\xa15567843.exe 2009-02-10 12:58 1,679,360 -c--a-w c:\windows\System32\xa15567421.exe 2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc 2009-02-08 21:45 --------- dc----w c:\program files\Audacity 2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey 2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter 2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com 2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN 2009-02-08 13:18 --------- dc----w c:\programdata\Azureus 2009-02-08 13:17 --------- dc----w c:\program files\Vuze 2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent 2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo 2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro 2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3 2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3 2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll 2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys 2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live 2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone 2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames 2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin 2009-02-04 22:24 --------- dc----w c:\program files\Vplaces 2009-02-04 22:21 88 -csh--r c:\users\All Users\B9B41EDB68.sys 2009-02-04 22:21 88 -csh--r c:\programdata\B9B41EDB68.sys 2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys 2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys 2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll 2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections 2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc 2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc 2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll 2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll 2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\avfsae.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\czvevi.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\dmchol.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\expahz.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\fpzicy.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\ftozew.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\gzpzjq.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\hlskzy.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\igqoaz.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jcfoqx.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jgqbtb.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jripyo.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\niocvi.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\pqpbsi.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\vampqp.exe 2008-10-29 06:20 499,764 -csh--r c:\windows\System32\zwgmfg.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] 2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480] [HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408] "Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "beid"=c:\program files\Belgium Identity Card\beid35gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "recinfo839"=c:\recinfo\RecInfo.exe "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire "UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire "TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad "TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire "{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520] R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808] R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}] \shell\AutoRun\command - G:\AutoRunCardDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}] \shell\AutoRun\command - H:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-03-24 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job - c:\windows\system32\msfeedssync.exe [2009-01-15 11:01] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . . ------- Bestandsassociaties ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 15:54:29 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-24 15:58:42 ComboFix-quarantined-files.txt 2009-03-24 14:58:40 Pre-Run: 15.351.271.424 bytes beschikbaar Post-Run: 17,468,178,432 bytes beschikbaar 367 --- E O F --- 2009-03-24 11:00:51
-
Dank je wel Kape ! Geen foutmelding meer nu. Hetgene waar ik nu alleen nog mee zit is dat het beveiligingscentrum al geruime tijd uit geschakeld is en krijg dit niet ingeschakeld... Hoe kan ik dit dan wel doen werken ? mvg,
-
LOGFILE VAN MALWAREBYTES & HIJACKTHIS : Malwarebytes' Anti-Malware 1.34 Database versie: 1890 Windows 6.0.6000 24/03/2009 10:33:33 mbam-log-2009-03-24 (10-33-33).txt Scan type: Snelle Scan Objecten gescand: 61987 Verstreken tijd: 3 minute(s), 43 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 18 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Windows\System32\LocalService32 (Worm.P2P) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Windows\System32\274D.tmp (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\39.music.mp3 (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\39.music.mp3.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\41.crack.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\41.crack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\42.keymaker.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\42.keymaker.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\43.setup.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\43.setup.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\44.unpack.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\44.unpack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\45.keygen.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\45.keygen.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\46.serial.zip (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\46.serial.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\47.music.snd (Worm.P2P) -> Quarantined and deleted successfully. C:\Windows\System32\LocalService32\47.music.snd.kwd (Worm.P2P) -> Quarantined and deleted successfully. C:\Program Files\KB29966.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:39, on 24/03/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Secunia\PSI\psi.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 7213 bytes
-
Hallo Kape, hier mijn logfile : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:26, on 24/03/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\vampqp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Update Machine] vampqp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [Microsoft Update Machine] vampqp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Microsoft Update Machine] vampqp.exe O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O20 - AppInit_DLLs: C:\Windows\System32\dmime32.dll O20 - Winlogon Notify: 64992ecf530 - C:\Windows\System32\dmime32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 8061 bytes
-
Wanneer ik mijn laptop opstart komt er steeds een venstertje van beveiliging met een bestand dat in Windows/system32/czvevi.exe Ik blijf dit wel blokkeren maar weet ook niet wat dit bestand is en weet ook niet of dit veilig is ! Kan me iemand zeggen wat dit bestand is ? Ik denk een soort Trojan??? Wat kan ik er tegen doen ? Mvg, Patrick
-
Hallo, wie kan me hiermee helpen ? (lees onderaan wat ik gecopieerd heb) Ik krijg al ruim een week de melding van deze windows update en het lukt blijkbaar niet om deze geinstalleerd te krijgen. Wanneer ik op installeren klik doet hij dit wel maar de update blijft staan op het scherm als nog te doen . Heropstarten is noodzakelijk na deze update maar dan geeft hij na enkele uren weer de melding dat deze update moet gebeurd ? Hoe kan dat en wat moet ik hiermee doen. Graag een oplossing voor deze. Met vriendelijke groeten, Patrick KB954430: Beveiligingsupdate voor Microsoft XML Core Services 4.0 Service Pack 2 Downloadgrootte: 5,4 MB U moet de computer mogelijk opnieuw opstarten om deze update van kracht te laten worden. Type update: Belangrijk Er is een beveiligingsprobleem vastgesteld in Microsoft XML Core Services (MSXML) waardoor een kwaadwillende gebruiker uw Windows-systeem kan beschadigen en beheer over het systeem kan krijgen. U kunt uw computer hiertegen beveiligen door deze update van Microsoft te installeren. Wanneer u deze update hebt geïnstalleerd, moet u de computer mogelijk opnieuw opstarten. Deze update kan na installatie niet worden verwijderd. Meer informatie: Microsoft Security Bulletin MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) Help en ondersteuning: Microsoft Help and Support
