west
-
Items
21 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door west
-
-
het lijkt me dus beter om die handel gewoon van de pc te verwijderen en er terug mijn vertouwd prog op te steken.
alvast bedankt iedereen !
ps @ Asus , ik hou je op de hoogte of de verwijdering goed is gelukt .
grts west
-
Ik zit namelijk of liever gezegd heb ik avast internet security
-
dat dacht ik ook dat die te basic is , maar het is de eerste maal dat ik er in contackt me kom dus bij deze de vraag .
ps ;weet er iemand of ik deze ook zo gewoon verwijderen via config of heb ik een uninstaler nodig voor deze a-v
grts west
---------- Post toegevoegd om 17:45 ---------- Vorige post was om 17:43 ----------
ben namelijk ook een Avast gebruiker
-
bedankt voor de reactie , maar wou gewoon eens luisteren of er iemand deze kent en of ie goed is .
heb namelijk de anti-virus test van hier gedaan en hij reageerde meteen .
En wou weten of het veilig genoeg is deze te laten staan.
grts west
-
Hallo iedereen
Bij deze heb ik een vraagje of er iemand is die microsoft security essentials heeft en wat jullie ervaringen er mee zijn als anti-virus prog .
Heb namelijk een nieuwe win 7 versie erop geplaatst en deze staat er namelijk op .
had er eerst geen erg in , tot ik mijn eigen anti-virus prog er wilde opsteken , dan blokkeerde alles .
Zo ben ik het teweten gekomen dat deze er opzit
Alvast bedankt
grts west
-
Alles is terug tiptop in orde heel veel dank !!!
@clarkie hartelijk bedankt !!!!!
-
@clarkie bedankt voor de hulp deze laatste heeft geholpen ,youtube enz.. gaat terug hoop dat het zo blijf als deze middag mijn zoontje een online game speelt .
Alvast bedankt grts west
-
dit zou kunnen helpen , maar telkens ik een site open om dan de instellingen te gaan veranderen zoals vermeld staat loopt deze site al vast.
grts west
---------- Post toegevoegd om 15:02 ---------- Vorige post was om 14:57 ----------
ben nu eens op een andere site gegaan en gedaan wat er stond maar dit help ook niet
-
Hallo
Kan er mij iemand helpen aub , ik zit namelijk met het volgende probleem.
ik werk al jaren met mozilla firefox en onlangs heeft ie een update gedaan van add-on adobe flash player namelijk naar versie 11.1.102.55.
En nu loopt ff steeds vast gelijk op site's als youtube en zo.
Heb al geprobeerd met de nieuwe firefox 9.0.1 te installeren maar dit help niet , ook al geprobeerd om een oudere versie van adobe flash player te downloaden maar dit helpt namelijk ook niet !
weet er iemand hoe ik dit probleem kan verhelpen ?
alvast bedankt grts west
-
Nog steeds niet opgelost , ik krijg nog altijd deze foutmelding : http://img19.imageshack.us/img19/9295/schermedited.jpg
op het einde van de instalatie .
grts west
-
combifix =
ComboFix 09-09-23.02 - steve 09/25/2009 12:34.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.174 [GMT 2:00]
Running from: c:\documents and settings\steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\steve\Desktop\CFScript.txt..txt
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\pxcpyi64.exe"
"c:\windows\system32\pxinsi64.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pxcpyi64.exe
c:\windows\system32\pxinsi64.exe
K:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.
2009-09-24 06:50 . 2009-09-24 06:50 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\MiTAC_International_Corpo
2009-09-24 06:42 . 2009-09-24 06:42 -------- d-----w- c:\program files\Mio Technology
2009-09-24 06:40 . 2009-09-24 06:40 -------- d-----w- c:\documents and settings\steve\Application Data\InstallShield
2009-09-22 18:33 . 2009-09-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-09-22 15:52 . 2009-09-22 15:52 -------- d-----w- c:\documents and settings\steve\Application Data\Bandoo
2009-09-22 15:51 . 2009-09-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2009-09-22 15:50 . 2009-09-22 15:51 -------- d-----w- c:\program files\Bandoo
2009-09-22 11:34 . 2009-09-22 11:34 -------- d-----w- c:\program files\Corel
2009-09-12 05:52 . 2009-09-12 05:52 -------- d-----w- c:\documents and settings\steve\Application Data\Ahead
2009-09-12 05:51 . 2009-09-12 05:51 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Ahead
2009-09-12 05:42 . 2004-10-13 12:28 2277376 ------w- c:\windows\UNNMP.exe
2009-09-12 05:40 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-09-12 05:40 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-09-12 05:39 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-09-12 05:33 . 2004-10-22 15:12 2293760 ------w- c:\windows\UNNeroVision.exe
2009-09-12 05:33 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-09-12 05:32 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-09-12 05:32 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-09-12 05:32 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-09-12 05:32 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-09-12 05:32 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-09-12 05:32 . 2001-06-26 05:15 38912 ------w- c:\windows\system32\picn20.dll
2009-09-12 05:32 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-09-12 05:32 . 2009-09-12 05:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-12 05:32 . 2009-09-12 05:41 -------- d-----w- c:\program files\Ahead
2009-09-09 11:36 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-27 17:25 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 06:42 . 2009-07-19 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:01 . 2009-07-19 10:22 -------- d-----w- c:\documents and settings\steve\Application Data\Skype
2009-09-22 22:01 . 2009-07-19 10:27 -------- d-----w- c:\documents and settings\steve\Application Data\skypePM
2009-09-22 17:09 . 2009-07-19 16:30 -------- d-----w- c:\documents and settings\steve\Application Data\vlc
2009-09-22 15:53 . 2009-07-18 20:14 72000 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 13:54 . 2009-07-19 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 15:15 . 2009-07-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-23 11:07 . 2009-08-23 11:07 -------- d-----w- c:\program files\Alwil Software
2009-08-23 10:42 . 2009-07-19 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-17 16:10 . 2009-08-23 11:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-23 11:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-23 11:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-23 11:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-23 11:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-23 11:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-23 11:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-23 11:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-23 11:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 18:58 . 2009-07-21 19:14 -------- d-----w- c:\documents and settings\steve\Application Data\dvdcss
2009-08-13 08:53 . 2009-08-13 08:53 -------- d-----w- c:\program files\Microsoft Works
2009-08-13 08:53 . 2009-07-18 19:39 -------- d-----w- c:\program files\MSBuild
2009-08-13 08:52 . 2009-08-13 08:52 -------- d-----w- c:\program files\Microsoft.NET
2009-08-13 08:49 . 2009-08-13 08:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\steve\Application Data\Uniblue
2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-09 16:04 . 2009-07-19 10:42 -------- d-----w- c:\program files\Uniblue
2009-08-06 15:36 . 2009-08-06 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-08-06 15:31 . 2009-08-06 15:31 -------- d-----w- c:\program files\IVT Corporation
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 09:35 . 2009-08-02 09:35 -------- d-----w- c:\program files\GPLGS
2009-08-02 09:27 . 2009-08-02 09:27 -------- d-----w- c:\program files\Acro Software
2009-08-02 08:13 . 2009-08-02 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 16:33 . 2009-07-21 16:33 164 ----a-w- c:\windows\install.dat
2009-07-21 15:46 . 2009-07-21 15:33 104676 ----a-w- c:\windows\hpoins04.dat
2009-07-19 10:39 . 2009-07-19 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-19 10:29 . 2009-07-19 10:29 128 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\fusioncache.dat
2009-07-19 10:27 . 2009-07-19 10:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-19 07:49 . 2009-07-19 07:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-07-19 07:37 . 2009-07-19 07:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 20:21 . 2009-07-18 20:21 0 ----a-w- c:\windows\nsreg.dat
2009-07-18 20:20 . 2009-07-18 20:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-18 19:45 . 2009-09-22 11:10 71680 ----a-w- c:\documents and settings\Administrator\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 20:12 71680 ----a-w- c:\documents and settings\steve\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 20:07 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 19:45 71680 ----a-w- c:\documents and settings\Default User\GLB2ABB.tmp
2009-07-18 19:24 . 2009-07-18 19:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-07-30 19:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:23 . 2008-07-30 19:29 828928 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2008-07-30 19:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2008-07-30 19:28 17408 ----a-w- c:\windows\system32\corpol.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1277440]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]
c:\documents and settings\steve\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\steve\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-7-18 15086]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/23/2009 1:07 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2009 1:07 PM 20560]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/21/2009 6:36 PM 1205760]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{747EFB34-D356-4DC9-BF68-5700ED1A0A45}.job
- c:\windows\system32\msfeedssync.exe [2009-07-18 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\jizk43nh.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-25 12:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-25 12:40
ComboFix-quarantined-files.txt 2009-09-25 10:40
ComboFix2.txt 2009-09-25 09:13
Pre-Run: 167,946,702,848 bytes free
Post-Run: 167,943,512,064 bytes free
199 --- E O F --- 2009-09-25 05:47
Hijackthis =
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:13 PM, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [incrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Bandoo\BndHook.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 7445 bytes
-
hier is het log van combofix .
ComboFix 09-09-23.02 - steve 09/25/2009 11:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.102 [GMT 2:00]
Running from: c:\documents and settings\steve\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\Installer\a7e09.msi
.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.
2009-09-24 06:50 . 2009-09-24 06:50 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\MiTAC_International_Corpo
2009-09-24 06:42 . 2009-09-24 06:42 -------- d-----w- c:\program files\Mio Technology
2009-09-24 06:40 . 2009-09-24 06:40 -------- d-----w- c:\documents and settings\steve\Application Data\InstallShield
2009-09-22 18:33 . 2009-09-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-09-22 15:52 . 2009-09-22 15:52 -------- d-----w- c:\documents and settings\steve\Application Data\Bandoo
2009-09-22 15:51 . 2009-09-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2009-09-22 15:50 . 2009-09-22 15:51 -------- d-----w- c:\program files\Bandoo
2009-09-22 13:46 . 2009-09-22 13:46 108544 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-22 13:46 . 2009-09-22 13:46 109568 ------w- c:\windows\system32\pxinsi64.exe
2009-09-22 11:34 . 2009-09-22 11:34 -------- d-----w- c:\program files\Corel
2009-09-12 05:52 . 2009-09-12 05:52 -------- d-----w- c:\documents and settings\steve\Application Data\Ahead
2009-09-12 05:51 . 2009-09-12 05:51 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Ahead
2009-09-12 05:42 . 2004-10-13 12:28 2277376 ------w- c:\windows\UNNMP.exe
2009-09-12 05:40 . 2004-03-02 14:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-09-12 05:40 . 2004-03-02 14:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-09-12 05:39 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-09-12 05:33 . 2004-10-22 15:12 2293760 ------w- c:\windows\UNNeroVision.exe
2009-09-12 05:33 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-09-12 05:32 . 2009-09-12 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-09-12 05:32 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-09-12 05:32 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-09-12 05:32 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-09-12 05:32 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-09-12 05:32 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-09-12 05:32 . 2001-06-26 05:15 38912 ------w- c:\windows\system32\picn20.dll
2009-09-12 05:32 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-09-12 05:32 . 2009-09-12 05:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-12 05:32 . 2009-09-12 05:41 -------- d-----w- c:\program files\Ahead
2009-09-09 11:36 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-27 17:25 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 06:42 . 2009-07-19 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:01 . 2009-07-19 10:22 -------- d-----w- c:\documents and settings\steve\Application Data\Skype
2009-09-22 22:01 . 2009-07-19 10:27 -------- d-----w- c:\documents and settings\steve\Application Data\skypePM
2009-09-22 17:09 . 2009-07-19 16:30 -------- d-----w- c:\documents and settings\steve\Application Data\vlc
2009-09-22 15:53 . 2009-07-18 20:14 72000 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 13:54 . 2009-07-19 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 15:15 . 2009-07-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-23 11:07 . 2009-08-23 11:07 -------- d-----w- c:\program files\Alwil Software
2009-08-23 10:42 . 2009-07-19 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-17 16:10 . 2009-08-23 11:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-23 11:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-23 11:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-23 11:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-23 11:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-23 11:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-23 11:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-23 11:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-23 11:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 18:58 . 2009-07-21 19:14 -------- d-----w- c:\documents and settings\steve\Application Data\dvdcss
2009-08-13 08:53 . 2009-08-13 08:53 -------- d-----w- c:\program files\Microsoft Works
2009-08-13 08:53 . 2009-07-18 19:39 -------- d-----w- c:\program files\MSBuild
2009-08-13 08:52 . 2009-08-13 08:52 -------- d-----w- c:\program files\Microsoft.NET
2009-08-13 08:49 . 2009-08-13 08:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\steve\Application Data\Uniblue
2009-08-09 16:05 . 2009-07-19 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-09 16:04 . 2009-07-19 10:42 -------- d-----w- c:\program files\Uniblue
2009-08-06 15:36 . 2009-08-06 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-08-06 15:31 . 2009-08-06 15:31 -------- d-----w- c:\program files\IVT Corporation
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 09:35 . 2009-08-02 09:35 -------- d-----w- c:\program files\GPLGS
2009-08-02 09:27 . 2009-08-02 09:27 -------- d-----w- c:\program files\Acro Software
2009-08-02 08:13 . 2009-08-02 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 16:33 . 2009-07-21 16:33 164 ----a-w- c:\windows\install.dat
2009-07-21 15:46 . 2009-07-21 15:33 104676 ----a-w- c:\windows\hpoins04.dat
2009-07-19 10:39 . 2009-07-19 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-19 10:29 . 2009-07-19 10:29 128 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\fusioncache.dat
2009-07-19 10:27 . 2009-07-19 10:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-19 07:49 . 2009-07-19 07:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-07-19 07:37 . 2009-07-19 07:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 20:21 . 2009-07-18 20:21 0 ----a-w- c:\windows\nsreg.dat
2009-07-18 20:20 . 2009-07-18 20:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-18 19:45 . 2009-09-22 11:10 71680 ----a-w- c:\documents and settings\Administrator\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 20:12 71680 ----a-w- c:\documents and settings\steve\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 20:07 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB2ABB.tmp
2009-07-18 19:45 . 2009-07-18 19:45 71680 ----a-w- c:\documents and settings\Default User\GLB2ABB.tmp
2009-07-18 19:24 . 2009-07-18 19:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-07-30 19:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:23 . 2008-07-30 19:29 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2008-07-30 19:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2008-07-30 19:28 17408 ----a-w- c:\windows\system32\corpol.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1277440]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]
c:\documents and settings\steve\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\steve\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-7-18 15086]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/23/2009 1:07 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2009 1:07 PM 20560]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/21/2009 6:36 PM 1205760]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{747EFB34-D356-4DC9-BF68-5700ED1A0A45}.job
- c:\windows\system32\msfeedssync.exe [2009-07-18 16:36]
2009-09-20 c:\windows\Tasks\wrSpySweeper_L61CD07705F6244FDA5B685D41125D4D1.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-21 13:40]
2009-09-20 c:\windows\Tasks\wrSpySweeper_L61CD07705F6244FDA5B685D41125D4D1.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-21 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\jizk43nh.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Resource Hacker 3.4.0 - c:\windows\Resource Hacker 3.4.0\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-25 11:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-25 11:13
ComboFix-quarantined-files.txt 2009-09-25 09:13
Pre-Run: 167,689,723,904 bytes free
Post-Run: 167,668,944,896 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
213 --- E O F --- 2009-09-25 05:47
-
ok bedankt
grts west
-
Hoi hier is het logje dat je gevraagd hebt .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:56 AM, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [incrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 8513 bytes
grts west
-
Hoi , heb die patche ge instaleerd maar zo lukt het ook niet , krijg nog steeds het prog. er niet op hij blijf steeds de zelfde fout aangeven .
grts west
-
neen zelfs dan lukt het niet zelfs al eens geprobeerd onder veilige modus en daar ook niks grts west
-
heb zitten zoeken en ik ben aangemeld als administrater .
dus verder weet ik het ook niet meer .
grts west
-
Heb nijn anti-virus + spysweeper uit geschakeld en doet het nog steeds niet , bij mijn weten is er geen administrater op mijn pc .
en bij setup kan k niet op de rechter muisknop duwen
grts west
-
Hallo
Ik wil namelijk mijn paint shop pro XI instaleren maar telkens hij bijna klaar is met de instalatie krijg ik het volgende op mijn scherm ( zie link ) http://img19.imageshack.us/img19/9295/schermedited.jpg
Zou het kunnen door dat ik nu sp3 heb in plaats van nen sp2.
Kan er mij iemand helpen .
alvast bedankt
grts west
-
Hallo iedereen.
Ik ben nieuw hier en heb namelijk een probleem met mijn S-video uitgang.
Heb deze vroeger al gebruikt om mijn films die op pc staan af te spelen op tv.
Maar heb onlangs nen format c gedaan en sinds dien krijg ik deze niet meer aan de praat .
kan er mij iemand helpen hoe ik kan zien welke kaart er in zit , het enige dat ik kan zien is ( SPDIFO S-video ) .
Ik denk dat ik de driver kwijt ben door die format te doen .
Alvast bedankt .
Grts west
microsoft security essentials
in Archief Bestrijding malware & virussen
Geplaatst:
zal ik zekers doen. maar deze zal voor morgen zijn vrees ik . hou jullie zekers op de hoogte.
grts west