niorune
-
Items
11 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door niorune
-
-
Hallo Kape, nogmaals bedankt !
Ik heb er AVG op gezet nu als antivirus.
Alleen het probleem met de update blijft een probleem, hij geeft dat nu terug aan om die update te doen ?!
Verder werkt de laptop ietsje sneller
Mvg, Patrick
-
Hier de logs :
Wat het antivirus betreft is er wel Norton maar deze stond erop als ik de laptop kocht.
Maar er zijn nergens files van te vinden ? Als ik ComboFix start geeft het dit telkens aan dat Norton nog draait maar kan deze niet uitzetten :s
ComboFix 09-03-23.01 - arno 2009-03-25 10:22:06.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1258 [GMT 1:00]
Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: BitDefender Firewall *disabled*
FW: Norton Internet Security *enabled*
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\users\arno\AppData\Roaming\Microsoft\winlog.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\arno\AppData\Roaming\Microsoft\winlog.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))))
.
2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\users\All Users\DVD Shrink
2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\programdata\DVD Shrink
2009-03-24 20:22 . 2009-03-24 20:22 <DIR> d----c--- c:\program files\DVD Shrink
2009-03-24 20:09 . 2009-03-24 20:09 <DIR> d----c--- C:\WTablet
2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp
2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp
2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData
2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro
2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest
2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter
2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll
2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour
2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe
2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC
2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent
2009-03-13 13:10 . 2009-03-24 21:13 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO
2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid
2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon
2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll
2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll
2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax
2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys
2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll
2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat
2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter
2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow
2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL
2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo
2009-02-28 16:05 . 2009-03-24 21:16 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL
2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 08:55 --------- dc----w c:\users\arno\AppData\Roaming\WTablet
2009-03-24 21:37 135,168 -c--a-w c:\windows\Cursors\supdate.exe
2009-03-24 21:19 241,665 -c-ha-w c:\windows\Cursors\lsass.exe
2009-03-24 19:36 --------- dc----w c:\users\arno\AppData\Roaming\Ahead
2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent
2009-03-24 14:02 --------- dc----w c:\programdata\Ahead
2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead
2009-03-24 13:59 --------- dc----w c:\programdata\Nero
2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP
2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel
2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro
2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys
2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center
2009-03-22 20:25 --------- dc----w c:\program files\Nero
2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer
2009-03-21 11:02 --------- dc----w c:\program files\iTunes
2009-03-21 11:02 --------- dc----w c:\program files\iPod
2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple
2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus
2009-03-12 09:11 --------- dc----w c:\program files\Conduit
2009-03-12 08:23 --------- dc----w c:\program files\Glyph
2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail
2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat
2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss
2009-03-03 09:59 --------- dc----w c:\program files\Opera
2009-02-28 22:00 --------- dc----w c:\programdata\WinZip
2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight
2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3
2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader
2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool
2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe
2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems
2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle
2009-02-19 09:27 --------- dc----w c:\programdata\Corel
2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel
2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin
2009-02-18 09:10 --------- dc----w c:\program files\Windows Live
2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems
2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared
2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0
2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software
2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software
2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker
2009-02-11 10:07 --------- dc----w c:\programdata\Awem
2009-02-11 10:06 --------- dc----w c:\program files\Alawar
2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest
2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia
2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis
2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia
2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU
2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter
2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU
2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU
2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc
2009-02-08 21:45 --------- dc----w c:\program files\Audacity
2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey
2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter
2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com
2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN
2009-02-08 13:18 --------- dc----w c:\programdata\Azureus
2009-02-08 13:17 --------- dc----w c:\program files\Vuze
2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent
2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo
2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro
2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3
2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3
2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll
2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live
2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone
2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames
2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin
2009-02-04 22:24 --------- dc----w c:\program files\Vplaces
2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys
2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys
2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll
2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections
2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc
2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc
2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll
2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll
2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll
2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll
2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom
2009-01-31 19:51 --------- dc----w c:\programdata\Zylom
2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works
2009-01-30 20:47 --------- dc----w c:\program files\Sony
2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games
2009-01-28 08:01 --------- dc----w c:\program files\QuickTime
2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures
2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia
2009-01-26 16:07 --------- dc----w c:\program files\Java
2009-01-26 16:06 --------- dc----w c:\program files\LimeWire
.
((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-25 08:57:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-25 08:57:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-25 08:57:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-25 08:57:52 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-25 09:17:18 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-03-25 08:55:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin
+ 2009-03-25 08:57:13 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin
- 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-25 08:57:12 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-25 08:57:11 70,246 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]
"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"beid"=c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire
"UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire
"TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}]
\shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}]
\shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4C494556-4C49-4C49-4C49-4C494556454B}]
"c:\windows\Cursors\lsass.exe" /s
.
Inhoud van de 'Gedeelde Taken' map
2009-03-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-03-25 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 10:24:30
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'lsass.exe'(1212)
c:\program files\Bonjour\mdnsNSP.dll
.
Voltooingstijd: 2009-03-25 10:26:58
ComboFix-quarantined-files.txt 2009-03-25 09:26:56
ComboFix2.txt 2009-03-24 19:05:16
ComboFix3.txt 2009-03-24 14:58:43
Pre-Run: 16.599.662.592 bytes beschikbaar
Post-Run: 16,374,767,616 bytes beschikbaar
349 --- E O F --- 2009-03-24 11:00:51
______________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:42, on 25/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 6951 bytes
-
Scan genomen met online malware scan : Jotti's
Scan taken on 24 Mar 2009 21:47:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/SelfStarterInternetTrojan!Maximus (probable variant)
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found Sus/Delf-J (probable variant)
VirusBuster Found nothing
VBA32 Found Win32 Shadow Socket Open (probable variant)
-
Hallo Kape,
hier eerst het Combofix logfile en dan het Hijackthis file :
ComboFix 09-03-23.01 - arno 2009-03-24 20:00:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1225 [GMT 1:00]
Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: BitDefender Firewall *disabled*
FW: Norton Internet Security *enabled*
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\programdata\B9B41EDB68.sys
c:\users\All Users\B9B41EDB68.sys
c:\windows\System32\avfsae.exe
c:\windows\System32\czvevi.exe
c:\windows\System32\dmchol.exe
c:\windows\system32\drivers\PxHelp20.sys
c:\windows\System32\expahz.exe
c:\windows\System32\fpzicy.exe
c:\windows\System32\ftozew.exe
c:\windows\System32\gzpzjq.exe
c:\windows\System32\hlskzy.exe
c:\windows\System32\igqoaz.exe
c:\windows\System32\jcfoqx.exe
c:\windows\System32\jgqbtb.exe
c:\windows\System32\jripyo.exe
c:\windows\System32\niocvi.exe
c:\windows\System32\pqpbsi.exe
c:\windows\System32\pxcpyi64.exe
c:\windows\System32\pxinsi64.exe
c:\windows\System32\vampqp.exe
c:\windows\System32\wr73716.dll
c:\windows\System32\xa15567421.exe
c:\windows\System32\xa15567843.exe
c:\windows\System32\xa17773140.exe
c:\windows\System32\xa17773843.exe
c:\windows\System32\xa18274281.exe
c:\windows\System32\xa18274578.exe
c:\windows\System32\xwr73716.dll
c:\windows\System32\zwgmfg.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\B9B41EDB68.sys
c:\windows\System32\avfsae.exe
c:\windows\System32\czvevi.exe
c:\windows\System32\dmchol.exe
c:\windows\system32\drivers\PxHelp20.sys
c:\windows\System32\expahz.exe
c:\windows\System32\fpzicy.exe
c:\windows\System32\ftozew.exe
c:\windows\System32\gzpzjq.exe
c:\windows\System32\hlskzy.exe
c:\windows\System32\igqoaz.exe
c:\windows\System32\jcfoqx.exe
c:\windows\System32\jgqbtb.exe
c:\windows\System32\jripyo.exe
c:\windows\System32\niocvi.exe
c:\windows\System32\pqpbsi.exe
c:\windows\System32\pxcpyi64.exe
c:\windows\System32\pxinsi64.exe
c:\windows\System32\vampqp.exe
c:\windows\System32\wr73716.dll
c:\windows\System32\xa15567421.exe
c:\windows\System32\xa15567843.exe
c:\windows\System32\xa17773140.exe
c:\windows\System32\xa17773843.exe
c:\windows\System32\xa18274281.exe
c:\windows\System32\xa18274578.exe
c:\windows\System32\xwr73716.dll
c:\windows\System32\zwgmfg.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))
.
2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp
2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp
2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData
2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro
2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest
2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter
2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll
2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour
2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe
2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC
2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent
2009-03-13 13:10 . 2009-03-13 13:16 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO
2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid
2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon
2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll
2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll
2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax
2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys
2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll
2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat
2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter
2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow
2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL
2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo
2009-02-28 16:05 . 2009-02-28 16:06 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL
2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 18:17 --------- dc----w c:\users\arno\AppData\Roaming\WTablet
2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent
2009-03-24 14:03 --------- dc----w c:\users\arno\AppData\Roaming\Ahead
2009-03-24 14:02 --------- dc----w c:\programdata\Ahead
2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead
2009-03-24 13:59 --------- dc----w c:\programdata\Nero
2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP
2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel
2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro
2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys
2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center
2009-03-22 20:25 --------- dc----w c:\program files\Nero
2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer
2009-03-21 11:02 --------- dc----w c:\program files\iTunes
2009-03-21 11:02 --------- dc----w c:\program files\iPod
2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple
2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus
2009-03-12 09:11 --------- dc----w c:\program files\Conduit
2009-03-12 08:23 --------- dc----w c:\program files\Glyph
2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail
2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat
2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss
2009-03-03 09:59 --------- dc----w c:\program files\Opera
2009-02-28 22:00 --------- dc----w c:\programdata\WinZip
2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight
2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3
2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader
2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool
2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe
2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems
2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle
2009-02-19 09:27 --------- dc----w c:\programdata\Corel
2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel
2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin
2009-02-18 09:10 --------- dc----w c:\program files\Windows Live
2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems
2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared
2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0
2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software
2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software
2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker
2009-02-11 10:07 --------- dc----w c:\programdata\Awem
2009-02-11 10:06 --------- dc----w c:\program files\Alawar
2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest
2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia
2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis
2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia
2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU
2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter
2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU
2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU
2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc
2009-02-08 21:45 --------- dc----w c:\program files\Audacity
2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey
2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter
2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com
2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN
2009-02-08 13:18 --------- dc----w c:\programdata\Azureus
2009-02-08 13:17 --------- dc----w c:\program files\Vuze
2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent
2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo
2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro
2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3
2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3
2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll
2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live
2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone
2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames
2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin
2009-02-04 22:24 --------- dc----w c:\program files\Vplaces
2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys
2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys
2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll
2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections
2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc
2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc
2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll
2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll
2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll
2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll
2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom
2009-01-31 19:51 --------- dc----w c:\programdata\Zylom
2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works
2009-01-30 20:47 --------- dc----w c:\program files\Sony
2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games
2009-01-28 08:01 --------- dc----w c:\program files\QuickTime
2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures
2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia
2009-01-26 16:07 --------- dc----w c:\program files\Java
2009-01-26 16:06 --------- dc----w c:\program files\LimeWire
2009-01-26 14:05 --------- dc----w c:\program files\Secunia
2009-01-25 22:15 --------- dc----w c:\program files\Spyware Doctor
.
((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-24 18:19:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-24 18:19:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-24 18:18:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-24 18:57:42 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-03-24 16:01:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin
+ 2009-03-24 18:19:11 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin
- 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-24 18:19:11 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-24 15:05:41 69,558 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]
"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]
"winlog.exe"="c:\users\arno\AppData\Roaming\Microsoft\winlog.exe" [2009-03-24 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"beid"=c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire
"UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire
"TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}]
\shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}]
\shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-03-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 20:02:44
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-03-24 20:05:15
ComboFix-quarantined-files.txt 2009-03-24 19:05:13
ComboFix2.txt 2009-03-24 14:58:43
Pre-Run: 14.837.702.656 bytes beschikbaar
Post-Run: 17,057,345,536 bytes beschikbaar
393 --- E O F --- 2009-03-24 11:00:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:06, on 24/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKCU\..\Run: [winlog.exe] C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 7086 bytes
-
Nu krijg ik geen melding meer dat het beveiligingscentrum niet werkt !
Maar deze download blijft zich ook al maanden herhalen, ik mag deze downloaden maar enkele dagen nadien geeft hij deze weer als eccentiele download :
KB954430: Beveiligingsupdate voor Microsoft XML Core Services 4.0 Service Pack 2
Downloadgrootte: 5,4 MB
U moet de computer mogelijk opnieuw opstarten om deze update van kracht te laten worden.
Type update: Belangrijk
Er is een beveiligingsprobleem vastgesteld in Microsoft XML Core Services (MSXML) waardoor een kwaadwillende gebruiker uw Windows-systeem kan beschadigen en beheer over het systeem kan krijgen. U kunt uw computer hiertegen beveiligen door deze update van Microsoft te installeren. Wanneer u deze update hebt geïnstalleerd, moet u de computer mogelijk opnieuw opstarten. Deze update kan na installatie niet worden verwijderd.
Meer informatie:
Help en ondersteuning:
Hier het logfile van Combofix :
ComboFix 09-03-23.01 - arno 2009-03-24 15:48:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1041 [GMT 1:00]
Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: BitDefender Firewall *disabled*
FW: Norton Internet Security *enabled*
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\winvi
c:\program files\winvi\dsktp\AC_RunActiveContent.js
c:\program files\winvi\dsktp\desktop.html
c:\program files\winvi\dsktp\internetDetection.swf
c:\program files\winvi\dsktp\settings.sol
c:\program files\winvi\version.ini
c:\users\arno\AppData\Roaming\020000006fa68c43530C.manifest
c:\users\arno\AppData\Roaming\020000006fa68c43530O.manifest
c:\users\arno\AppData\Roaming\020000006fa68c43530P.manifest
c:\users\arno\AppData\Roaming\020000006fa68c43530S.manifest
c:\users\arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\arno\FAVORI~1\Videos.url
c:\users\arno\Favorites\Videos.url
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\mdm.exe
D:\install.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))
.
2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp
2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp
2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData
2009-03-24 10:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\igqoaz.exe
2009-03-24 10:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\fpzicy.exe
2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro
2009-03-24 09:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\vampqp.exe
2009-03-24 09:15 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\niocvi.exe
2009-03-23 22:14 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\pqpbsi.exe
2009-03-23 22:14 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\czvevi.exe
2009-03-23 20:44 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\gzpzjq.exe
2009-03-23 20:44 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\dmchol.exe
2009-03-23 20:21 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\avfsae.exe
2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest
2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter
2009-03-23 08:09 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\ftozew.exe
2009-03-22 21:25 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\hlskzy.exe
2009-03-22 10:20 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jripyo.exe
2009-03-22 10:20 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\expahz.exe
2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll
2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour
2009-03-21 11:08 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jgqbtb.exe
2009-03-21 11:08 . 2008-10-29 07:20 499,764 -r-hsc--- c:\windows\System32\jcfoqx.exe
2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe
2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC
2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent
2009-03-13 13:10 . 2009-03-13 13:16 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO
2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid
2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon
2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon
2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll
2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll
2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax
2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys
2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll
2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat
2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter
2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow
2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL
2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx
2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo
2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo
2009-02-28 16:05 . 2009-02-28 16:06 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL
2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 14:03 --------- dc----w c:\users\arno\AppData\Roaming\Ahead
2009-03-24 14:02 --------- dc----w c:\programdata\Ahead
2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead
2009-03-24 13:59 --------- dc----w c:\programdata\Nero
2009-03-24 13:46 --------- dc----w c:\users\arno\AppData\Roaming\WTablet
2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP
2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-03-24 09:01 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent
2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel
2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro
2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys
2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center
2009-03-22 20:25 --------- dc----w c:\program files\Nero
2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer
2009-03-21 11:02 --------- dc----w c:\program files\iTunes
2009-03-21 11:02 --------- dc----w c:\program files\iPod
2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple
2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus
2009-03-12 09:11 --------- dc----w c:\program files\Conduit
2009-03-12 08:23 --------- dc----w c:\program files\Glyph
2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail
2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat
2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss
2009-03-03 09:59 --------- dc----w c:\program files\Opera
2009-02-28 22:00 --------- dc----w c:\programdata\WinZip
2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight
2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3
2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader
2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool
2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe
2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems
2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle
2009-02-19 09:27 --------- dc----w c:\programdata\Corel
2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel
2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin
2009-02-18 09:10 --------- dc----w c:\program files\Windows Live
2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems
2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-02-16 17:21 20,640 -c----w c:\windows\system32\drivers\PxHelp20.sys
2009-02-16 17:21 109,568 -c----w c:\windows\System32\pxinsi64.exe
2009-02-16 17:21 108,544 -c----w c:\windows\System32\pxcpyi64.exe
2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared
2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0
2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software
2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software
2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker
2009-02-11 10:07 --------- dc----w c:\programdata\Awem
2009-02-11 10:06 --------- dc----w c:\program files\Alawar
2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest
2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia
2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis
2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia
2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia
2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU
2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter
2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU
2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU
2009-02-10 13:43 1,679,360 -c--a-w c:\windows\System32\xa18274578.exe
2009-02-10 13:43 1,679,360 -c--a-w c:\windows\System32\xa18274281.exe
2009-02-10 13:35 1,679,360 -c--a-w c:\windows\System32\xa17773843.exe
2009-02-10 13:35 1,679,360 -c--a-w c:\windows\System32\xa17773140.exe
2009-02-10 12:58 172,032 -c--a-w c:\windows\System32\xwr73716.dll
2009-02-10 12:58 172,032 -c--a-w c:\windows\System32\wr73716.dll
2009-02-10 12:58 1,679,360 -c--a-w c:\windows\System32\xa15567843.exe
2009-02-10 12:58 1,679,360 -c--a-w c:\windows\System32\xa15567421.exe
2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc
2009-02-08 21:45 --------- dc----w c:\program files\Audacity
2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey
2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter
2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com
2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN
2009-02-08 13:18 --------- dc----w c:\programdata\Azureus
2009-02-08 13:17 --------- dc----w c:\program files\Vuze
2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent
2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo
2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro
2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3
2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3
2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll
2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live
2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone
2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames
2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin
2009-02-04 22:24 --------- dc----w c:\program files\Vplaces
2009-02-04 22:21 88 -csh--r c:\users\All Users\B9B41EDB68.sys
2009-02-04 22:21 88 -csh--r c:\programdata\B9B41EDB68.sys
2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys
2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys
2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll
2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections
2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc
2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc
2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll
2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll
2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\avfsae.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\czvevi.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\dmchol.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\expahz.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\fpzicy.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\ftozew.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\gzpzjq.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\hlskzy.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\igqoaz.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jcfoqx.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jgqbtb.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\jripyo.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\niocvi.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\pqpbsi.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\vampqp.exe
2008-10-29 06:20 499,764 -csh--r c:\windows\System32\zwgmfg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]
"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"beid"=c:\program files\Belgium Identity Card\beid35gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"recinfo839"=c:\recinfo\RecInfo.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire
"UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire
"TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire
"{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}]
\shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}]
\shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-03-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- Bestandsassociaties -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 15:54:29
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-03-24 15:58:42
ComboFix-quarantined-files.txt 2009-03-24 14:58:40
Pre-Run: 15.351.271.424 bytes beschikbaar
Post-Run: 17,468,178,432 bytes beschikbaar
367 --- E O F --- 2009-03-24 11:00:51
-
Prima, flink wat rommel opgeruimd. Hoe staat het nu met die foutmelding ?
Dank je wel Kape !
Geen foutmelding meer nu.
Hetgene waar ik nu alleen nog mee zit is dat het beveiligingscentrum al geruime tijd uit geschakeld is en krijg dit niet ingeschakeld...
Hoe kan ik dit dan wel doen werken ?
mvg,
-
LOGFILE VAN MALWAREBYTES & HIJACKTHIS :
Malwarebytes' Anti-Malware 1.34
Database versie: 1890
Windows 6.0.6000
24/03/2009 10:33:33
mbam-log-2009-03-24 (10-33-33).txt
Scan type: Snelle Scan
Objecten gescand: 61987
Verstreken tijd: 3 minute(s), 43 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 18
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Windows\System32\LocalService32 (Worm.P2P) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Windows\System32\274D.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\39.music.mp3 (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\39.music.mp3.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\41.crack.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\41.crack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\42.keymaker.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\42.keymaker.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\43.setup.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\43.setup.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\44.unpack.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\44.unpack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\45.keygen.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\45.keygen.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\46.serial.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\46.serial.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\47.music.snd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Windows\System32\LocalService32\47.music.snd.kwd (Worm.P2P) -> Quarantined and deleted successfully.
C:\Program Files\KB29966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:39, on 24/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 7213 bytes
-
Inderdaad, dit lijkt sterk op een besmetting.
Download HiJackThis
Dubbelklik op HJTInstall.exe
Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.
NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
Hallo Kape,
hier mijn logfile :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:26, on 24/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\vampqp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] vampqp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] vampqp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] vampqp.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\Windows\System32\dmime32.dll
O20 - Winlogon Notify: 64992ecf530 - C:\Windows\System32\dmime32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 8061 bytes
-
Wanneer ik mijn laptop opstart komt er steeds een venstertje van beveiliging met een bestand dat in Windows/system32/czvevi.exe
Ik blijf dit wel blokkeren maar weet ook niet wat dit bestand is en weet ook niet of dit veilig is !
Kan me iemand zeggen wat dit bestand is ?
Ik denk een soort Trojan???
Wat kan ik er tegen doen ?
Mvg, Patrick
-
Hallo,
wie kan me hiermee helpen ? (lees onderaan wat ik gecopieerd heb)
Ik krijg al ruim een week de melding van deze windows update en het lukt blijkbaar niet om deze geinstalleerd te krijgen.
Wanneer ik op installeren klik doet hij dit wel maar de update blijft staan op het scherm als nog te doen .
Heropstarten is noodzakelijk na deze update maar dan geeft hij na enkele uren weer de melding dat deze update moet gebeurd ?
Hoe kan dat en wat moet ik hiermee doen.
Graag een oplossing voor deze.
Met vriendelijke groeten,
Patrick
KB954430: Beveiligingsupdate voor Microsoft XML Core Services 4.0 Service Pack 2
Downloadgrootte: 5,4 MB
U moet de computer mogelijk opnieuw opstarten om deze update van kracht te laten worden.
Type update: Belangrijk
Er is een beveiligingsprobleem vastgesteld in Microsoft XML Core Services (MSXML) waardoor een kwaadwillende gebruiker uw Windows-systeem kan beschadigen en beheer over het systeem kan krijgen. U kunt uw computer hiertegen beveiligen door deze update van Microsoft te installeren. Wanneer u deze update hebt geïnstalleerd, moet u de computer mogelijk opnieuw opstarten. Deze update kan na installatie niet worden verwijderd.
Meer informatie:
Help en ondersteuning:
advrcntr2.dll
in Archief Windows Algemeen
Geplaatst:
Telkens als ik mijn externe harddisk open via verkenner krijg ik de melding
This program requires the file advrcntr2.dll, which was not found on this system.
Dit komt van Nero
Wat moet ik hier aan doen om dit vermijden ?
MVG, Patrick