Ga naar inhoud

STEFKE

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    21

  • Registratiedatum

  • Laatst bezocht

Over STEFKE

  • Verjaardag 30-07-1978

STEFKE's prestaties

Leerling

Leerling (3/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. STEFKE
    Euh nee..heb die PC destijds tweedehands gekocht,maar de CD was er niet bij...
  2. STEFKE
    Nee spijtig genoeg niet
  3. STEFKE
    Nogmaals dank,maar situatie blijft onveranderd... ---------- Post toegevoegd om 13:06 ---------- Vorige post was om 13:05 ---------- Nogmaals dank; maar situatie is ongewijzigd...
  4. STEFKE
    Spijtig genoeg is de situatie hetzelfde gebleven... SCREENSHOT1.bmp
  5. STEFKE
    Is deze screenshot voldoende? SCREENSHOT.bmp
  6. STEFKE
    Windows: Microsoft Windows XP Professional, Version 5.1.2600 Service Pack 3 Internet Explorer: 8.0.6001.18702 Memory (RAM): 503 MB CPU Info: Genuine Intel® CPU T2300 @ 1.66GHz CPU Speed: 1664,7 MHz Sound Card: Realtek HD Audio output Display Adapters: Mobile Intel® 945GM Express Chipset Family | Mobile Intel® 945GM Express Chipset Family | NetMeeting driver | RDPDD Chained DD Monitors: 1x; Plug and Play Monitor | Plug and Play Monitor | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport | Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport CD / DVD Drives: G: PHILIPS DVD-RAM SDVD8821 COM Ports: COM3 | COM1 LPT Ports: LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 19,5GB | D: 55,0GB Hard Disks - Free: C: 2,3GB | D: 42,0GB USB Controllers: Not Detected Firewire (1394): 1 host controllers. PCMCIA (Laptops): Not Installed Manufacturer: Acer Product Make: TravelMate 4670 AC Power Status: OnLine BIOS Info: AT/AT COMPATIBLE | 07/11/06 | PTLTD - 6040000 Time Zone: Central Europe Standard Time Battery: High Motherboard: Acer, Inc. Bodensee Modem: HDAUDIO Soft Data Fax Modem with SmartCP : Alvast bedankt ---------- Post toegevoegd om 10:31 ---------- Vorige post was om 10:26 ---------- Windows: Microsoft Windows XP Professional, Version 5.1.2600 Service Pack 3 Internet Explorer: 8.0.6001.18702 Memory (RAM): 503 MB CPU Info: Genuine Intel® CPU T2300 @ 1.66GHz CPU Speed: 1664,7 MHz Sound Card: Realtek HD Audio output Display Adapters: Mobile Intel® 945GM Express Chipset Family | Mobile Intel® 945GM Express Chipset Family | NetMeeting driver | RDPDD Chained DD Monitors: 1x; Plug and Play Monitor | Plug and Play Monitor | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport | Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport CD / DVD Drives: G: PHILIPS DVD-RAM SDVD8821 COM Ports: COM3 | COM1 LPT Ports: LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 19,5GB | D: 55,0GB Hard Disks - Free: C: 2,3GB | D: 42,0GB USB Controllers: Not Detected Firewire (1394): 1 host controllers. PCMCIA (Laptops): Not Installed Manufacturer: Acer Product Make: TravelMate 4670 AC Power Status: OnLine BIOS Info: AT/AT COMPATIBLE | 07/11/06 | PTLTD - 6040000 Time Zone: Central Europe Standard Time Battery: High Motherboard: Acer, Inc. Bodensee Modem: HDAUDIO Soft Data Fax Modem with SmartCP : Hoop dat dit het correcte is Alvast bedankt
  7. STEFKE
    Dank jullie voor al jullie hulp... Zou er iemand mij nu nog willen helpen met mijn USB poorten? Ze lijken totaal niet meer te werken
  8. STEFKE
    JA IDD :rofl::rofl: zal ik dan nu maar een nieuw anti virus installeren? Liefst eentje dat mijn pctje niet zo vertraagd als die F-Secure...Hebben jullie iets in gedachten? Mochten jullie nog tijd en /of goesting hebben , kijken we dan evt naar USB-poorten? alvast heel hard bedankt
  9. STEFKE
    Na de CCleaner gaf het volgende log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:23, on 11/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted Zone: http://*.tucrail.be O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158400324312 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177149438343 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11488 bytes
  10. STEFKE
    ComboFix 10-06-10.02 - Stephanie 11/06/2010 18:40:27.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.140 [GMT 2:00] Running from: d:\mydocuments\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Stephanie\Desktop\CFScript.txt AV: F-Secure Internet Security 2006 6.12 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Internet Security 2006 6.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE" "c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm" "c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys" "c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys" "c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys" "c:\windows\system32\drivers\fsdfw.sys" "c:\windows\system32\drivers\fsndis5.sys" "c:\windows\system32\PavSRK.sys" "c:\windows\system32\PavTPK.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\f-secure c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_revoke_hq.acl c:\documents and settings\All Users\Application Data\f-secure\Daas2\acl\fsc_root.acl c:\documents and settings\All Users\Application Data\f-secure\Daas2\cert\fsc (revoke hq).crl c:\documents and settings\All Users\Application Data\f-secure\logs\custom\custinstall.log c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\DAAS2INS.LOG c:\documents and settings\All Users\Application Data\f-secure\logs\DAAS2\Daas2Uni.LOG c:\documents and settings\All Users\Application Data\f-secure\logs\FSFW\action.log c:\documents and settings\All Users\Application Data\f-secure\logs\FSMA\fsma.log c:\documents and settings\All Users\Application Data\f-secure\logs\ilaunchr.log c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\ORSPINST.LOG c:\documents and settings\All Users\Application Data\f-secure\logs\ORSP Client\OrspUnin.LOG c:\documents and settings\All Users\Application Data\f-secure\setup\ih8.cfg c:\program files\F-Secure Internet Security c:\program files\F-Secure Internet Security\Common\fpshx.dll c:\program files\F-Secure Internet Security\Common\FSMA32.DLL c:\program files\F-Secure Internet Security\Common\FSPMAPI.DLL c:\windows\system32\drivers\fsdfw.sys c:\windows\system32\drivers\fsndis5.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BACKWEB_PLUG-IN_-_4476822 -------\Legacy_F-SECURE_FILTER -------\Legacy_F-SECURE_GATEKEEPER -------\Legacy_F-SECURE_RECOGNIZER -------\Legacy_FSFW -------\Legacy_PAVSRK.SYS -------\Legacy_PAVTPK.SYS -------\Service_BackWeb Plug-in - 4476822 -------\Service_F-Secure Filter -------\Service_F-Secure Gatekeeper -------\Service_F-Secure Recognizer -------\Service_FSFW -------\Service_PavSRK.sys -------\Service_PavTPK.sys -------\Legacy_FSDFWD -------\Legacy_fshttps -------\Legacy_FSMA -------\Service_FSDFWD -------\Service_fshttps -------\Service_FSMA ((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 ))))))))))))))))))))))))))))))) . 2010-06-09 21:32 . 2010-06-09 21:32 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Bonjour 2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Frontura 2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\program files\LimeWire 2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\documents and settings\Stephanie\Application Data\LimeWire 2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\uTorrent 2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\LimeWire Plus 2010-06-09 19:39 . 2010-06-10 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 18:59 . 2010-06-09 19:37 -------- d-----w- c:\program files\RegistryBooster 2010-06-09 18:30 . 2010-06-09 18:30 552 ----a-w- c:\windows\system32\d3d8caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-11 16:54 . 2009-06-05 17:43 -------- d-----w- c:\documents and settings\Stephanie\Application Data\uTorrent 2010-06-10 18:03 . 2009-06-10 10:15 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HPAppData 2010-06-09 19:42 . 2010-03-20 06:31 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-09 19:42 . 2009-12-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 12:23 . 2008-08-18 15:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-12 16:38 . 2010-05-12 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\ispnews 2010-05-12 14:18 . 2010-05-12 14:18 1187840 ----a-w- c:\windows\system32\winsflt.dll 2010-05-12 14:14 . 2010-05-12 14:14 118842 ------r- c:\windows\bwUnin-6.3.2.123-4476822L.exe 2010-05-05 06:55 . 2009-09-02 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HpUpdate 2010-04-29 13:39 . 2009-05-20 11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-05-20 11:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 16:51 . 2010-04-19 16:48 23113 ----a-w- c:\windows\hpqins15.dat 2010-04-19 08:15 . 2009-06-10 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-04-19 08:15 . 2010-04-19 08:14 77378 ----a-w- c:\windows\hpqins05.dat 2010-03-26 08:33 . 2010-04-29 04:51 1496064 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-04-29 04:51 43008 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-04-29 04:51 339456 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-04-29 04:51 346112 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-20 06:44 . 2010-03-20 06:44 152576 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-20 06:43 . 2010-03-20 06:43 79488 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-05-13 12:55 . 2009-05-13 12:58 64852304 ----a-w- c:\program files\avg_free_stf_en_85_329a1515.exe . ((((((((((((((((((((((((((((( SnapShot@2010-06-10_20.16.04 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-11 16:49 . 2010-06-11 16:49 16384 c:\windows\temp\Perflib_Perfdata_304.dat + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe + 2009-06-10 09:18 . 2010-06-10 20:23 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe - 2009-06-10 09:18 . 2009-06-10 09:18 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-06 319280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\helpdesk.TRAINING-02\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-29 118784] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Dutch /KBD:2 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2006-05-09 09:54 352256 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\JAlbum7.1\\JAlbumWin.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "427:UDP"= 427:UDP:SLP_Port(427) S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/11/2007 22:22 34064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local>;*.local IE: &Deze pop-up blokkeren - c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 LSP: winsflt.dll Trusted Zone: intranet Trusted Zone: tucrail.be Trusted Zone: tucrail.be\extranet FF - ProfilePath - c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.ftp - proxy FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 2 FF - component: c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-11 18:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(976) c:\windows\system32\winsflt.dll - - - - - - - > 'explorer.exe'(4052) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\Empowering Technology\admServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2010-06-11 18:58:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-11 16:58 ComboFix2.txt 2010-06-10 20:19 Pre-Run: 3.142.766.592 bytes free Post-Run: 2.989.854.720 bytes free - - End Of File - - A7B1D04EEAD99643D516254D7447AE8B Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02:03, on 11/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted Zone: http://*.tucrail.be O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158400324312 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177149438343 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11521 bytes Alvast bedankt
  11. STEFKE
    ComboFix 10-06-10.02 - Stephanie 10/06/2010 22:10:20.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.202 [GMT 2:00] Running from: d:\mydocuments\Downloads\ComboFix.exe AV: F-Secure Internet Security 2006 6.12 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Internet Security 2006 6.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))) . 2010-06-09 21:32 . 2010-06-09 21:32 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Bonjour 2010-06-09 19:46 . 2010-06-09 19:46 -------- d-----w- c:\program files\Frontura 2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\program files\LimeWire 2010-06-09 19:45 . 2010-06-09 19:46 -------- d-----w- c:\documents and settings\Stephanie\Application Data\LimeWire 2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\uTorrent 2010-06-09 19:42 . 2010-06-09 19:42 -------- d-----w- c:\program files\LimeWire Plus 2010-06-09 19:39 . 2010-06-10 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 18:59 . 2010-06-09 19:37 -------- d-----w- c:\program files\RegistryBooster 2010-06-09 18:30 . 2010-06-09 18:30 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-12 16:38 . 2010-05-12 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\ispnews 2010-05-12 14:19 . 2005-11-18 15:04 70896 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2010-05-12 14:19 . 2005-11-18 15:04 33584 ----a-w- c:\windows\system32\drivers\fsndis5.sys 2010-05-12 14:18 . 2010-05-12 14:18 -------- d-----w- c:\windows\rnapxs 2010-05-12 14:18 . 2010-05-12 14:18 1187840 ----a-w- c:\windows\system32\winsflt.dll 2010-05-12 14:18 . 2005-11-08 04:47 1716224 ----a-w- c:\windows\system32\winsflte.dll 2010-05-12 14:18 . 2005-11-08 04:46 1236992 ----a-w- c:\windows\system32\cfgmig32.dll 2010-05-12 14:14 . 2010-05-12 14:14 118842 ------r- c:\windows\bwUnin-6.3.2.123-4476822L.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 20:02 . 2009-06-05 17:43 -------- d-----w- c:\documents and settings\Stephanie\Application Data\uTorrent 2010-06-10 18:03 . 2009-06-10 10:15 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HPAppData 2010-06-10 17:43 . 2009-05-20 07:37 -------- d-----w- c:\program files\F-Secure Internet Security 2010-06-09 19:42 . 2010-03-20 06:31 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-09 19:42 . 2009-12-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 12:23 . 2008-08-18 15:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-12 14:18 . 2009-05-20 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure 2010-05-05 06:55 . 2009-09-02 16:38 -------- d-----w- c:\documents and settings\Stephanie\Application Data\HpUpdate 2010-04-29 13:39 . 2009-05-20 11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-05-20 11:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 16:51 . 2010-04-19 16:48 23113 ----a-w- c:\windows\hpqins15.dat 2010-04-19 08:15 . 2009-06-10 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-04-19 08:15 . 2010-04-19 08:14 77378 ----a-w- c:\windows\hpqins05.dat 2010-03-26 08:33 . 2010-04-29 04:51 1496064 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-04-29 04:51 43008 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-04-29 04:51 339456 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-04-29 04:51 346112 ----a-w- c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-20 06:44 . 2010-03-20 06:44 152576 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-20 06:43 . 2010-03-20 06:43 79488 ----a-w- c:\documents and settings\Stephanie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-05-13 12:55 . 2009-05-13 12:58 64852304 ----a-w- c:\program files\avg_free_stf_en_85_329a1515.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-06 319280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\helpdesk.TRAINING-02\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-29 118784] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Dutch /KBD:2 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2006-05-09 09:54 352256 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\JAlbum7.1\\JAlbumWin.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "427:UDP"= 427:UDP:SLP_Port(427) R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [12/05/2010 16:19 70896] S2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [?] S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [?] S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/11/2007 22:22 34064] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S4 BackWeb Plug-in - 4476822;F-Secure 2006;c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE --> c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - MDMXSDK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local>;*.local IE: &Deze pop-up blokkeren - c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 LSP: winsflt.dll Trusted Zone: intranet Trusted Zone: tucrail.be Trusted Zone: tucrail.be\extranet FF - ProfilePath - c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.ftp - proxy FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 2 FF - component: c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\7nq0pe1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-hpqSRMon - (no file) HKLM-Run-News Service - c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe AddRemove-F-Secure Anti-Spyware - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Anti-Spyware Scanner - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Anti-Virus - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Anti-Virus Client Security Installer - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure DAAS - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Diagnostics - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure E-mail Scanning - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure FWES - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure GUI - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Help - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Internet Shield - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Management Agent - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Spam Control - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Spam Scanner - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure TNB - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-F-Secure Web Filter - c:\program files\F-Secure Internet Security\fsuninst.exe AddRemove-News Service - c:\program files\F-Secure Internet Security\fsuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-10 22:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1488) c:\windows\system32\WININET.dll . Completion time: 2010-06-10 22:19:00 ComboFix-quarantined-files.txt 2010-06-10 20:18 Pre-Run: 2.863.300.608 bytes free Post-Run: 3.526.397.952 bytes free - - End Of File - - 0248F09C4E4D454FBFB3851E3B784FA3 Goh ik hoop dat jullie er aan uit kunnen, dit was dus in Safe Mode met netwerk, maar tijdens test heeft hij toch het netwerk afgezet... Enfin nog maar eens bedankt hé
  12. STEFKE
    Voor ik iets verkeerd doe 1)heb je het over de commando's intikken in veilge mode en dan normaal en opnieuw combofix downloaden. 2) veilige mode met netwerk heb ik nog nooit gedaan en kan ik dan zo opnieuw downloaden? Uit veiligheid wacht ik op bevestiging:stupid:
  13. STEFKE
    heb al 3 keer opnieuw de commando's ingevoerd en combofix gedownload,maar iedere keer komt Fsecure terug... Probeer ik hem toch te laten scannen? Ik weet echt niet hoe ik die.dll files kan verwijderen... Echt waar sorry,ik begrijp het als jullie het opgeven hoor
  14. STEFKE
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:55:23, on 10/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, video, sport, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted Zone: http://*.tucrail.be O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158400324312 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177149438343 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11685 bytes Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/06/2010 21:03:55 mbam-log-2010-06-10 (21-03-55).txt Scantype: Snelle scan Objecten gescand: 127339 Verstreken tijd: 7 minuut/minuten, 14 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  15. STEFKE
    :D:D heb net gedaan...niet zonder problemen ,ben via de Safe mode moeten gaan,maar volgende bestandjes blijven:C/programfiles/F-Secure internet security/Common/ffpshx.dll,FSMA32.dll;FSPMAPI.dll Desondanks had ik toch AVG geinstalleerd;maar geraakte niet meer op internet,dus nu vrees ik dat ik momenteel niets heb...
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.