Ga naar inhoud

Moneyman_5th

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    65

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Moneyman_5th

  1. Moneyman_5th
    Hey, merci nog is voor de hulp é Hier zijn de logjes ComboFix 09-06-19.01 - The Kids 20/06/2009 14:23.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.69 [GMT 2:00] Gestart vanuit: c:\documents and settings\The Kids\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\The Kids\Bureaublad\CFScript.txt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\NortonInstaller c:\recycler\S-1-5-21-1211209215-2863673219-2217861040-1003 c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2009-13h44m04s\SymNRT-06-16-2009-13h44m04s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\06-16-2009-13h44m04s\SymNRT.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))) . 2009-06-20 12:45 . 2009-06-20 12:45 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-06-20 12:45 . 2009-06-20 12:45 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-06-20 10:48 . 2009-06-20 10:48 -------- d-sh--w- c:\documents and settings\The Kids\IETldCache 2009-06-20 09:59 . 2009-04-30 21:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-20 09:59 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-20 09:59 . 2009-06-20 10:01 -------- d-----w- c:\windows\ie8updates 2009-06-20 09:57 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-20 09:53 . 2009-06-20 09:57 -------- dc-h--w- c:\windows\ie8 2009-06-16 11:12 . 2009-06-20 12:15 -------- d--h--r- c:\documents and settings\The Kids\Onlangs geopend 2009-06-10 21:24 . 2009-06-10 21:24 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000001200002i\PPCNVCOM.EXE 2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\The Kids\Application Data\Malwarebytes 2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-04 14:17 . 2009-06-04 14:17 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000700002i\Wordconv.exe 2009-06-04 14:16 . 2009-06-04 14:16 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000e800002i\WgaTray.exe 2009-06-03 17:03 . 2009-06-03 17:03 -------- d-----w- c:\program files\Trend Micro 2009-06-01 23:08 . 2009-06-01 23:08 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\rundll32.exe 2009-06-01 19:19 . 2009-06-01 19:19 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000003100002i\WISPTIS.EXE 2009-05-31 22:48 . 2009-05-31 22:48 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000001600002i\msiexec.exe 2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\l2schemas 2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\system32\nl 2009-05-30 13:16 . 2009-05-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-05-28 19:40 . 2009-05-28 19:40 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\verclsid.exe 2009-05-25 22:22 . 2009-05-25 22:22 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\3000000062300002i\POWERPNT.EXE 2009-05-25 21:12 . 2009-05-25 21:12 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000600002i\ctfmon.exe 2009-05-23 22:04 . 2009-05-23 22:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\30000000bee00002i\WINWORD.EXE 2009-05-23 21:44 . 2009-05-23 21:44 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009c00002i\IEXPLORE.EXE 2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000004d00002i\mdm.exe 2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000600002i\svchost.exe 2009-05-23 06:06 . 2009-05-23 06:06 -------- d-----w- c:\program files\MSXML 4.0 2009-05-22 15:39 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll 2009-05-22 15:39 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll 2009-05-22 15:39 . 2008-04-14 17:02 712704 ------w- c:\windows\system32\windowscodecs.dll 2009-05-22 15:39 . 2008-04-14 17:02 346112 ------w- c:\windows\system32\windowscodecsext.dll 2009-05-22 15:39 . 2008-04-14 17:02 50688 ------w- c:\windows\system32\tspkg.dll 2009-05-22 15:39 . 2008-04-14 17:02 53248 ------w- c:\windows\system32\tsgqec.dll 2009-05-22 15:38 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2009-05-22 15:38 . 2008-04-14 17:03 32768 ------w- c:\windows\system32\setupn.exe 2009-05-22 15:38 . 2008-04-14 17:02 290304 ------w- c:\windows\system32\rhttpaa.dll 2009-05-22 15:38 . 2008-04-14 17:02 61952 ------w- c:\windows\system32\rasqec.dll 2009-05-22 15:38 . 2008-04-14 17:02 76800 ------w- c:\windows\system32\qutil.dll 2009-05-22 15:38 . 2008-04-14 17:02 62464 ------w- c:\windows\system32\qcliprov.dll 2009-05-22 15:38 . 2008-04-14 17:02 292864 ------w- c:\windows\system32\qagentrt.dll 2009-05-22 15:38 . 2008-04-14 17:02 150528 ------w- c:\windows\system32\qagent.dll 2009-05-22 15:38 . 2008-04-14 17:02 412160 ------w- c:\windows\system32\photometadatahandler.dll 2009-05-22 15:38 . 2008-04-14 17:02 144896 ------w- c:\windows\system32\onex.dll 2009-05-22 15:37 . 2008-04-14 17:03 176640 ------w- c:\windows\system32\napstat.exe 2009-05-22 15:37 . 2008-04-14 17:02 30208 ------w- c:\windows\system32\napipsec.dll 2009-05-22 15:37 . 2008-04-14 17:02 196608 ------w- c:\windows\system32\napmontr.dll 2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\msxml6r.dll 2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll 2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\msxml6.dll 2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll 2009-05-22 15:37 . 2008-04-14 17:02 155136 ------w- c:\windows\system32\mssha.dll 2009-05-22 15:37 . 2008-04-14 16:38 78336 ------w- c:\windows\system32\msshavmsg.dll 2009-05-22 15:37 . 2008-04-14 17:03 33792 ------w- c:\windows\system32\mmcperf.exe 2009-05-22 15:36 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll 2009-05-22 15:36 . 2008-04-14 17:02 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll 2009-05-22 15:36 . 2008-04-14 17:02 106496 ------w- c:\windows\system32\mmcfxcommon.dll 2009-05-22 15:36 . 2008-04-14 17:02 37376 ------w- c:\windows\system32\l2gpstore.dll 2009-05-22 15:36 . 2008-04-14 17:02 61440 ------w- c:\windows\system32\kmsvc.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdpash.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdnepr.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdiultn.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdbhc.dll 2009-05-22 15:34 . 2008-04-14 17:02 7168 ------w- c:\windows\system32\bitsprx4.dll 2009-05-22 15:34 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll 2009-05-22 15:34 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll 2009-05-22 15:09 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2009-05-22 15:04 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 15:04 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2009-05-22 14:28 . 2008-04-21 21:16 218624 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000003400002i\dwwin.exe 2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003c00002i\FlashUtil10b.exe 2009-05-22 12:03 . 2009-05-22 12:03 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003b00002i\FP_AX_CAB_INSTALLER.exe 2009-05-22 11:56 . 2009-05-22 11:56 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009b00002i\IEXPLORE.EXE 2009-05-22 11:51 . 2009-05-22 11:51 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe 2009-05-22 11:37 . 2009-05-22 11:37 -------- d-----w- c:\documents and settings\The Kids\Application Data\Thinstall . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 12:58 . 2007-06-06 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-20 12:43 . 2008-12-15 08:06 942112 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-20 12:43 . 2008-12-15 08:06 42140 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-20 12:43 . 2008-12-15 08:06 278492 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-20 12:43 . 2008-12-15 08:06 20713760 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-19 22:00 . 2008-09-18 14:15 -------- d-----w- c:\program files\PokerStars 2009-06-16 11:03 . 2008-07-13 19:18 -------- d-----w- c:\program files\Call of Duty 2009-06-04 16:53 . 2007-11-03 13:23 -------- d-----w- c:\program files\Common Files\Teleca Shared 2009-06-04 16:46 . 2007-11-21 20:29 -------- d-----w- c:\program files\NCH Software 2009-06-04 16:42 . 2008-12-23 14:48 -------- d-----w- c:\program files\BearShare Pro 2009-06-03 14:40 . 2007-04-29 11:04 -------- d-----w- c:\program files\Google 2009-05-31 16:39 . 2003-01-29 13:46 84432 ----a-w- c:\windows\system32\perfc013.dat 2009-05-31 16:39 . 2003-01-29 13:46 475216 ----a-w- c:\windows\system32\perfh013.dat 2009-05-31 15:35 . 2003-01-29 14:06 77179 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-23 07:09 . 2008-03-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-14 08:55 . 2004-10-02 08:46 95888 ----a-w- c:\documents and settings\The Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-13 05:06 . 2004-02-06 16:09 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:34 . 2003-01-29 13:45 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-03 10:04 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-03 10:02 . 2009-05-03 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe 2009-05-03 10:02 . 2009-05-03 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2009-05-03 10:02 . 2009-05-03 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2009-05-03 09:39 . 2006-06-16 14:09 -------- d-----w- c:\program files\Kaspersky Lab 2009-04-26 16:55 . 2009-04-26 16:55 -------- d-----w- c:\program files\Common Files\DirectX 2009-04-19 19:51 . 2003-01-29 13:46 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2004-04-15 15:10 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-08 13:55 . 2005-07-30 15:53 92000 ----a-w- c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-05-17 03:55 . 2006-05-17 03:55 618496 ----a-r- c:\program files\EReg.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-16_12.49.02 ))))))))))))))))))))))))))))))))))))))))) . + 2004-10-01 15:18 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe + 2006-11-29 13:01 . 2009-01-07 16:21 18464 c:\windows\system32\spmsg.dll + 2003-01-29 13:46 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll + 2006-06-29 07:05 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll - 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll - 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll + 2006-06-28 16:59 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll + 2003-01-29 13:45 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll - 2003-01-29 13:45 . 2006-10-17 10:28 48128 c:\windows\system32\mshtmler.dll + 2003-01-29 13:45 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll - 2003-01-29 13:45 . 2006-10-17 10:56 45568 c:\windows\system32\mshta.exe + 2003-01-29 13:45 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe + 2006-10-17 10:58 . 2009-03-08 02:31 13312 c:\windows\system32\msfeedssync.exe + 2006-11-07 20:03 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll + 2003-01-29 13:45 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll + 2003-01-29 13:45 . 2009-04-30 21:17 25600 c:\windows\system32\jsproxy.dll + 2003-01-29 13:45 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll + 2003-01-29 13:45 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll + 2006-11-07 02:26 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe + 2003-01-29 13:45 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll + 2003-01-29 13:45 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll - 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll + 2006-06-29 07:05 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll + 2006-10-17 10:58 . 2009-03-08 02:31 59904 c:\windows\system32\icardie.dll + 2006-05-10 05:25 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll + 2006-10-17 10:28 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll - 2006-10-17 10:28 . 2006-10-17 10:28 48128 c:\windows\system32\dllcache\mshtmler.dll + 2003-01-29 13:45 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll - 2006-10-17 10:56 . 2006-10-17 10:56 45568 c:\windows\system32\dllcache\mshta.exe + 2006-10-17 10:56 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe + 2007-05-10 14:20 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2006-10-17 11:05 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll + 2003-01-29 13:45 . 2009-04-30 21:17 25600 c:\windows\system32\dllcache\jsproxy.dll + 2006-05-10 05:25 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll + 2006-10-17 10:57 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll + 2006-11-07 02:26 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll + 2006-11-07 02:26 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll + 2007-08-20 10:02 . 2009-03-08 02:31 59904 c:\windows\system32\dllcache\icardie.dll + 2006-10-17 10:44 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll + 2009-03-08 02:33 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll + 2006-11-07 02:26 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll + 2003-01-29 13:44 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll + 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2003-01-29 14:11 . 2009-06-16 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2003-01-29 14:11 . 2009-06-16 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2003-01-29 14:11 . 2009-06-20 12:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2003-01-29 14:11 . 2009-06-16 12:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2003-01-29 14:11 . 2009-06-20 12:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2003-01-29 13:44 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll + 2009-06-20 10:01 . 2009-03-08 02:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll + 2009-06-20 10:01 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll + 2009-06-20 09:54 . 2009-03-08 14:32 58448 c:\windows\ie8\spuninst\iecustom.dll + 2009-06-20 09:53 . 2009-04-29 04:49 44544 c:\windows\ie8\pngfilt.dll + 2009-06-20 09:53 . 2006-10-17 10:28 48128 c:\windows\ie8\mshtmler.dll + 2009-06-20 09:53 . 2006-10-17 10:56 45568 c:\windows\ie8\mshta.exe + 2009-06-20 09:53 . 2006-10-17 10:58 12288 c:\windows\ie8\msfeedssync.exe + 2009-06-20 09:53 . 2009-04-29 04:49 52224 c:\windows\ie8\msfeedsbs.dll + 2009-06-20 09:53 . 2006-10-17 11:05 40960 c:\windows\ie8\licmgr10.dll + 2009-06-20 09:53 . 2009-04-29 04:49 27648 c:\windows\ie8\jsproxy.dll + 2009-06-20 09:53 . 2006-11-07 02:26 92672 c:\windows\ie8\inseng.dll + 2009-06-20 09:53 . 2006-10-17 10:57 36352 c:\windows\ie8\imgutil.dll + 2009-06-20 09:53 . 2006-11-07 02:26 55296 c:\windows\ie8\iesetup.dll + 2009-06-20 09:53 . 2009-04-29 04:49 44544 c:\windows\ie8\iernonce.dll + 2009-06-20 09:53 . 2009-04-29 04:49 78336 c:\windows\ie8\ieencode.dll + 2009-06-20 09:53 . 2009-04-28 09:07 70656 c:\windows\ie8\ie4uinit.exe + 2009-06-20 09:53 . 2009-04-29 04:49 63488 c:\windows\ie8\icardie.dll + 2009-06-20 09:53 . 2006-10-17 10:44 60416 c:\windows\ie8\hmmapi.dll + 2009-06-20 09:53 . 2008-04-14 17:02 35328 c:\windows\ie8\corpol.dll + 2009-06-20 09:53 . 2006-11-07 02:26 71680 c:\windows\ie8\admparse.dll + 2009-06-20 09:59 . 2009-03-08 02:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll - 2007-01-03 10:30 . 2008-04-14 17:02 121856 c:\windows\system32\xmllite.dll + 2007-01-03 10:30 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll + 2006-10-17 11:05 . 2009-03-08 02:34 208384 c:\windows\system32\WinFXDocObj.exe + 2003-01-29 13:46 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll + 2003-01-29 13:46 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll + 2003-01-29 13:46 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll - 2003-01-29 13:46 . 2009-04-29 04:49 105984 c:\windows\system32\url.dll + 2003-01-29 13:45 . 2009-03-08 02:34 109568 c:\windows\system32\occache.dll + 2003-01-29 13:45 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll + 2003-01-29 13:45 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll + 2003-01-29 13:45 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll - 2003-01-29 13:45 . 2006-11-07 20:03 156160 c:\windows\system32\msls31.dll + 2006-11-07 20:03 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll + 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll + 2003-01-13 12:57 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll + 2006-11-07 20:03 . 2009-03-08 02:22 164352 c:\windows\system32\ieui.dll + 2003-01-29 13:45 . 2009-03-08 02:31 183808 c:\windows\system32\iepeers.dll + 2003-01-29 13:45 . 2009-04-30 21:17 385536 c:\windows\system32\iedkcs32.dll + 2006-10-17 10:27 . 2009-03-08 02:11 445952 c:\windows\system32\ieapfltr.dll + 2003-01-29 13:45 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll + 2003-01-29 13:45 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll + 2003-01-29 13:45 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll + 2003-01-29 13:45 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe + 2003-01-29 13:45 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll + 2003-01-29 13:45 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll + 2004-02-06 16:09 . 2009-05-13 05:06 915456 c:\windows\system32\dllcache\wininet.dll + 2006-11-07 20:03 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll + 2006-09-18 14:16 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll + 2008-05-09 10:56 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll - 2003-01-29 13:46 . 2009-04-29 04:49 105984 c:\windows\system32\dllcache\url.dll + 2003-01-29 13:46 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll + 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll + 2009-01-07 16:21 . 2009-01-07 16:21 474624 c:\windows\system32\dllcache\shlwapi.dll + 2006-10-17 11:04 . 2009-03-08 02:34 109568 c:\windows\system32\dllcache\occache.dll + 2006-05-10 05:25 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll + 2006-05-10 05:25 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll - 2003-01-29 13:45 . 2006-11-07 20:03 156160 c:\windows\system32\dllcache\msls31.dll + 2003-01-29 13:45 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll + 2007-05-10 14:20 . 2009-03-08 02:32 594432 c:\windows\system32\dllcache\msfeeds.dll + 2008-05-09 10:56 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll + 2003-01-29 14:03 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe + 2003-01-29 13:45 . 2009-03-08 02:31 183808 c:\windows\system32\dllcache\iepeers.dll + 2006-11-07 02:27 . 2009-04-30 21:17 385536 c:\windows\system32\dllcache\iedkcs32.dll + 2007-05-10 14:20 . 2009-03-08 02:11 445952 c:\windows\system32\dllcache\ieapfltr.dll + 2006-11-07 02:25 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll + 2006-11-07 02:27 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll + 2006-11-07 02:26 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll + 2006-11-07 02:26 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2006-05-10 05:25 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll + 2006-05-10 05:25 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll + 2006-11-07 02:26 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll + 2003-01-29 13:44 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll + 2009-06-20 09:59 . 2007-11-30 12:39 401272 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll + 2009-06-20 09:59 . 2007-11-30 12:39 234872 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe + 2009-06-20 10:01 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll + 2009-06-20 10:01 . 2008-07-09 07:44 401272 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll + 2009-06-20 10:01 . 2007-11-30 12:39 234872 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe + 2009-06-20 10:01 . 2009-03-08 02:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll + 2009-06-20 10:01 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll + 2009-06-20 10:01 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe + 2009-06-20 09:53 . 2009-04-29 04:49 827392 c:\windows\ie8\wininet.dll + 2009-06-20 09:53 . 2006-10-17 11:05 206336 c:\windows\ie8\winfxdocobj.exe + 2009-06-20 09:53 . 2009-04-29 04:49 233472 c:\windows\ie8\webcheck.dll + 2009-06-20 09:53 . 2007-07-12 23:32 765952 c:\windows\ie8\vgx.dll + 2009-06-20 09:53 . 2008-05-09 10:56 430080 c:\windows\ie8\vbscript.dll + 2009-06-20 09:53 . 2009-04-29 04:49 105984 c:\windows\ie8\url.dll + 2009-06-20 09:54 . 2009-01-07 16:21 400928 c:\windows\ie8\spuninst\updspapi.dll + 2009-06-20 09:54 . 2009-01-07 16:21 235040 c:\windows\ie8\spuninst\spuninst.exe + 2009-06-20 09:53 . 2006-09-06 15:43 216800 c:\windows\ie8\spuninst.exe + 2009-06-20 09:53 . 2009-04-29 04:49 102912 c:\windows\ie8\occache.dll + 2009-06-20 09:53 . 2009-04-29 04:49 671232 c:\windows\ie8\mstime.dll + 2009-06-20 09:53 . 2009-04-29 04:49 193024 c:\windows\ie8\msrating.dll + 2009-06-20 09:53 . 2006-11-07 20:03 156160 c:\windows\ie8\msls31.dll + 2009-06-20 09:53 . 2009-04-29 04:49 477696 c:\windows\ie8\mshtmled.dll + 2009-06-20 09:53 . 2009-04-29 04:49 459264 c:\windows\ie8\msfeeds.dll + 2009-06-20 09:53 . 2008-05-09 10:56 512000 c:\windows\ie8\jscript.dll + 2009-06-20 09:53 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe + 2009-06-20 09:53 . 2006-11-07 20:03 180736 c:\windows\ie8\ieui.dll + 2009-06-20 09:53 . 2009-04-29 04:49 268288 c:\windows\ie8\iertutil.dll + 2009-06-20 09:53 . 2006-11-07 20:03 287744 c:\windows\ie8\ieproxy.dll + 2009-06-20 09:53 . 2006-11-07 20:03 191488 c:\windows\ie8\iepeers.dll + 2009-06-20 09:53 . 2009-04-29 04:49 385024 c:\windows\ie8\iedkcs32.dll + 2009-06-20 09:53 . 2009-04-29 04:49 383488 c:\windows\ie8\ieapfltr.dll + 2009-06-20 09:53 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll + 2009-06-20 09:53 . 2009-04-29 04:49 230400 c:\windows\ie8\ieaksie.dll + 2009-06-20 09:53 . 2009-04-29 04:49 153088 c:\windows\ie8\ieakeng.dll + 2009-06-20 09:53 . 2009-04-29 04:49 214528 c:\windows\ie8\dxtrans.dll + 2009-06-20 09:53 . 2009-04-29 04:49 347136 c:\windows\ie8\dxtmsft.dll + 2009-06-20 09:53 . 2009-04-29 04:49 124928 c:\windows\ie8\advpack.dll + 2004-01-21 17:30 . 2009-04-30 21:17 1207808 c:\windows\system32\urlmon.dll + 2004-07-07 17:00 . 2009-05-13 05:06 5936128 c:\windows\system32\mshtml.dll + 2006-10-17 10:57 . 2009-04-30 21:17 1985024 c:\windows\system32\iertutil.dll + 2006-09-05 22:01 . 2009-02-06 19:07 3698584 c:\windows\system32\ieapfltr.dat + 2004-01-21 17:30 . 2009-04-30 21:17 1207808 c:\windows\system32\dllcache\urlmon.dll + 2009-01-07 16:21 . 2009-01-07 16:21 1497088 c:\windows\system32\dllcache\shdocvw.dll + 2004-07-07 17:00 . 2009-05-13 05:06 5936128 c:\windows\system32\dllcache\mshtml.dll + 2007-05-10 14:20 . 2009-04-30 21:17 1985024 c:\windows\system32\dllcache\iertutil.dll + 2007-05-10 14:20 . 2009-02-06 19:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat + 2009-01-07 16:21 . 2009-01-07 16:21 1022976 c:\windows\system32\dllcache\browseui.dll + 2009-06-20 10:01 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll + 2009-06-20 10:01 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll + 2009-06-20 10:01 . 2009-03-08 02:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll + 2009-06-20 09:53 . 2009-04-29 04:49 1159680 c:\windows\ie8\urlmon.dll + 2009-06-20 09:53 . 2009-04-29 04:49 3596288 c:\windows\ie8\mshtml.dll + 2009-06-20 09:53 . 2009-04-29 04:49 6066176 c:\windows\ie8\ieframe.dll + 2009-06-20 09:53 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat + 2006-11-07 20:03 . 2009-04-30 21:17 11064832 c:\windows\system32\ieframe.dll + 2007-05-10 14:20 . 2009-04-30 21:17 11064832 c:\windows\system32\dllcache\ieframe.dll + 2009-06-20 10:01 . 2009-03-08 02:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-03 206088] [HKLM\~\startupfolder\C:^Documents and Settings^The Kids^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk] path=c:\documents and settings\The Kids\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Limewire\\LimeWire.exe"= "c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Age_Of_Empire-II_The_Conquerors\\Age Of Empire-II The Conquerors\\age2_x1.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9345:TCP"= 9345:TCP:BitComet 9345 TCP "9345:UDP"= 9345:UDP:BitComet 9345 UDP R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752] R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-11-29 1432836] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-03 33808] S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656] S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232] S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [2001-08-06 28672] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336] S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-09-20 296179] S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-09-20 231983] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2003-05-25 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D420.job - c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 07:38] 2003-04-10 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2003-04-16 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2003-04-23 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2009-06-19 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-06-20 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &D&ownload &with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm TCP: {E485216F-634A-4D3B-A7C8-6ADD94BB13A8} = 195.130.131.4,195.130.130.132 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: SysInfosCab - hxxps://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-06-20 14:50 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????L? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1265887633-3067446407-1682384897-1013\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) @SACL= [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71A78D8C-2A2C-F1E0-42C57DD6D788EDD0}\{92C0E49C-6DF5-7FD3-2A5D5DA34780C80D}\{FCC2AF23-71C0-A57B-CCE1F90128BA76FE}*] "IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9, 2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f, 91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*] "IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9, 2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DFFD277A-DF70-B410-AC1E2F7ACB2EF6E1}\{F03E0E06-1B3D-CEE3-10573FC9D15505B4}\{82A99E38-2615-AE8D-106A193CCF03E65A}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f, 91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1064) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4000) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\windows\system32\slserv.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\WGATray.exe . ************************************************************************** . Voltooingstijd: 2009-06-20 15:13 - machine werd herstart ComboFix-quarantined-files.txt 2009-06-20 13:13 ComboFix2.txt 2009-06-16 12:59 Pre-Run: 34.869.026.816 bytes beschikbaar Post-Run: 34.847.498.240 bytes beschikbaar Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 438 --- E O F --- 2009-06-20 10:03 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:19:27, on 20/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7633 bytes
  2. Moneyman_5th
    Zo, heb eerst norton removel tool gedaan maar denk ni da het verschil heeft gemaakt, installatieprogramma staat er nog en de map NIS ziet er nog exact hetzelfde uit. Heb daarna combofix gedaan, hier volgen logjes P.S. Wel klein vraagje hoe komt het dat sinds combofix ik terug een vroegere bureaubladachtergrondfoto heb? ComboFix 09-06-15.06 - The Kids 16/06/2009 14:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.61 [GMT 2:00] Gestart vanuit: c:\documents and settings\The Kids\Bureaublad\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\The Kids\Application Data\WeatherDPA c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Temporary Internet Files\kandidatchaufscan.doc c:\documents and settings\The Kids\Application Data\WeatherDPA\Weather\WeatherStartup.xml c:\documents and settings\The Kids\Favorieten\Videos.url c:\documents and settings\The Kids\Menu Start\Programma's\Videos.url C:\FLIPART.EXE C:\GETDRIVE.EXE c:\windows\IE4 Error Log.txt c:\windows\system32\MabryObj.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games (((((((((((((((((((( Bestanden Gemaakt van 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))) . 2009-06-16 11:44 . 2009-06-16 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-16 11:12 . 2009-06-16 11:17 -------- d--h--r- c:\documents and settings\The Kids\Onlangs geopend 2009-06-10 21:24 . 2009-06-10 21:24 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000001200002i\PPCNVCOM.EXE 2009-06-10 11:41 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-10 11:41 . 2009-06-10 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-10 11:41 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\The Kids\Application Data\Malwarebytes 2009-06-04 15:08 . 2009-06-04 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-04 14:17 . 2009-06-04 14:17 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000700002i\Wordconv.exe 2009-06-04 14:16 . 2009-06-04 14:16 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000e800002i\WgaTray.exe 2009-06-03 17:03 . 2009-06-03 17:03 -------- d-----w- c:\program files\Trend Micro 2009-06-01 23:08 . 2009-06-01 23:08 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\rundll32.exe 2009-06-01 19:19 . 2009-06-01 19:19 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000003100002i\WISPTIS.EXE 2009-05-31 22:48 . 2009-05-31 22:48 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\10000001600002i\msiexec.exe 2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\l2schemas 2009-05-31 15:28 . 2009-05-31 15:28 -------- d-----w- c:\windows\system32\nl 2009-05-30 13:16 . 2009-05-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-05-28 19:40 . 2009-05-28 19:40 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000b00002i\verclsid.exe 2009-05-25 22:22 . 2009-05-25 22:22 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\3000000062300002i\POWERPNT.EXE 2009-05-25 21:12 . 2009-05-25 21:12 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\400000600002i\ctfmon.exe 2009-05-23 22:04 . 2009-05-23 22:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\30000000bee00002i\WINWORD.EXE 2009-05-23 21:44 . 2009-05-23 21:44 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009c00002i\IEXPLORE.EXE 2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000004d00002i\mdm.exe 2009-05-23 21:37 . 2009-05-23 21:37 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\1000000600002i\svchost.exe 2009-05-23 06:06 . 2009-05-23 06:06 -------- d-----w- c:\program files\MSXML 4.0 2009-05-22 15:39 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll 2009-05-22 15:39 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll 2009-05-22 15:39 . 2008-04-14 17:02 712704 ------w- c:\windows\system32\windowscodecs.dll 2009-05-22 15:39 . 2008-04-14 17:02 346112 ------w- c:\windows\system32\windowscodecsext.dll 2009-05-22 15:39 . 2008-04-14 17:02 50688 ------w- c:\windows\system32\tspkg.dll 2009-05-22 15:39 . 2008-04-14 17:02 53248 ------w- c:\windows\system32\tsgqec.dll 2009-05-22 15:38 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2009-05-22 15:38 . 2008-04-14 17:03 32768 ------w- c:\windows\system32\setupn.exe 2009-05-22 15:38 . 2008-04-14 17:02 290304 ------w- c:\windows\system32\rhttpaa.dll 2009-05-22 15:38 . 2008-04-14 17:02 61952 ------w- c:\windows\system32\rasqec.dll 2009-05-22 15:38 . 2008-04-14 17:02 76800 ------w- c:\windows\system32\qutil.dll 2009-05-22 15:38 . 2008-04-14 17:02 62464 ------w- c:\windows\system32\qcliprov.dll 2009-05-22 15:38 . 2008-04-14 17:02 292864 ------w- c:\windows\system32\qagentrt.dll 2009-05-22 15:38 . 2008-04-14 17:02 150528 ------w- c:\windows\system32\qagent.dll 2009-05-22 15:38 . 2008-04-14 17:02 412160 ------w- c:\windows\system32\photometadatahandler.dll 2009-05-22 15:38 . 2008-04-14 17:02 144896 ------w- c:\windows\system32\onex.dll 2009-05-22 15:37 . 2008-04-14 17:03 176640 ------w- c:\windows\system32\napstat.exe 2009-05-22 15:37 . 2008-04-14 17:02 30208 ------w- c:\windows\system32\napipsec.dll 2009-05-22 15:37 . 2008-04-14 17:02 196608 ------w- c:\windows\system32\napmontr.dll 2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\msxml6r.dll 2009-05-22 15:37 . 2008-04-14 16:39 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll 2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\msxml6.dll 2009-05-22 15:37 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll 2009-05-22 15:37 . 2008-04-14 17:02 155136 ------w- c:\windows\system32\mssha.dll 2009-05-22 15:37 . 2008-04-14 16:38 78336 ------w- c:\windows\system32\msshavmsg.dll 2009-05-22 15:37 . 2008-04-14 17:03 33792 ------w- c:\windows\system32\mmcperf.exe 2009-05-22 15:36 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll 2009-05-22 15:36 . 2008-04-14 17:02 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll 2009-05-22 15:36 . 2008-04-14 17:02 106496 ------w- c:\windows\system32\mmcfxcommon.dll 2009-05-22 15:36 . 2008-04-14 17:02 37376 ------w- c:\windows\system32\l2gpstore.dll 2009-05-22 15:36 . 2008-04-14 17:02 61440 ------w- c:\windows\system32\kmsvc.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdpash.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdnepr.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdiultn.dll 2009-05-22 15:36 . 2008-04-14 17:01 6144 ------w- c:\windows\system32\kbdbhc.dll 2009-05-22 15:34 . 2008-04-14 17:02 7168 ------w- c:\windows\system32\bitsprx4.dll 2009-05-22 15:34 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll 2009-05-22 15:34 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll 2009-05-22 15:09 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2009-05-22 15:04 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-05-22 15:04 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2009-05-22 14:28 . 2008-04-21 21:16 218624 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\300000003400002i\dwwin.exe 2009-05-22 12:04 . 2009-05-22 12:04 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003c00002i\FlashUtil10b.exe 2009-05-22 12:03 . 2009-05-22 12:03 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000003b00002i\FP_AX_CAB_INSTALLER.exe 2009-05-22 11:56 . 2009-05-22 11:56 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000009b00002i\IEXPLORE.EXE 2009-05-22 11:51 . 2009-05-22 11:51 40960 ----a-w- c:\documents and settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe 2009-05-22 11:37 . 2009-05-22 11:37 -------- d-----w- c:\documents and settings\The Kids\Application Data\Thinstall . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-16 12:50 . 2007-06-06 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-16 12:39 . 2008-12-15 08:06 917536 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-16 12:39 . 2008-12-15 08:06 42140 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-16 12:39 . 2008-12-15 08:06 278492 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-16 12:39 . 2008-12-15 08:06 20713760 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-16 11:03 . 2008-07-13 19:18 -------- d-----w- c:\program files\Call of Duty 2009-06-15 14:50 . 2008-09-18 14:15 -------- d-----w- c:\program files\PokerStars 2009-06-04 16:53 . 2007-11-03 13:23 -------- d-----w- c:\program files\Common Files\Teleca Shared 2009-06-04 16:46 . 2007-11-21 20:29 -------- d-----w- c:\program files\NCH Software 2009-06-04 16:42 . 2008-12-23 14:48 -------- d-----w- c:\program files\BearShare Pro 2009-06-03 14:40 . 2007-04-29 11:04 -------- d-----w- c:\program files\Google 2009-05-31 16:39 . 2003-01-29 13:46 84432 ----a-w- c:\windows\system32\perfc013.dat 2009-05-31 16:39 . 2003-01-29 13:46 475216 ----a-w- c:\windows\system32\perfh013.dat 2009-05-31 15:35 . 2003-01-29 14:06 77179 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-23 07:09 . 2008-03-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-20 15:03 . 2008-12-15 08:09 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-20 15:03 . 2008-12-15 08:09 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-14 08:55 . 2004-10-02 08:46 95888 ----a-w- c:\documents and settings\The Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-07 15:34 . 2003-01-29 13:45 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-03 10:04 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-03 10:02 . 2009-05-03 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe 2009-05-03 10:02 . 2009-05-03 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2009-05-03 10:02 . 2009-05-03 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2009-05-03 09:39 . 2006-06-16 14:09 -------- d-----w- c:\program files\Kaspersky Lab 2009-04-29 04:49 . 2004-02-06 16:09 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:49 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 16:55 . 2009-04-26 16:55 -------- d-----w- c:\program files\Common Files\DirectX 2009-04-19 19:51 . 2003-01-29 13:46 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2004-04-15 15:10 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-08 13:55 . 2005-07-30 15:53 92000 ----a-w- c:\documents and settings\mieke.YOUR-702469E35F\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-05-17 03:55 . 2006-05-17 03:55 618496 ----a-r- c:\program files\EReg.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-03 206088] [HKLM\~\startupfolder\C:^Documents and Settings^The Kids^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk] path=c:\documents and settings\The Kids\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Limewire\\LimeWire.exe"= "c:\\Documents and Settings\\The Kids\\Mijn documenten\\Dimitri's Documenten\\Age_Of_Empire-II_The_Conquerors\\Age Of Empire-II The Conquerors\\age2_x1.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9345:TCP"= 9345:TCP:BitComet 9345 TCP "9345:UDP"= 9345:UDP:BitComet 9345 UDP R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752] R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-11-29 1432836] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-03 33808] S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656] S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232] S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [2001-08-06 28672] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336] S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [2002-09-20 296179] S3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [2002-09-20 231983] . Inhoud van de 'Gedeelde Taken' map 2003-05-25 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D420.job - c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 07:38] 2003-04-10 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2003-04-16 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2003-04-23 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 17:03] 2009-06-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-06-16 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Update Service - c:\program files\Common Files\Teknum Systems\update.exe . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore IE: &D&ownload &with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\documents and settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm TCP: {E485216F-634A-4D3B-A7C8-6ADD94BB13A8} = 195.130.131.4,195.130.130.132 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: SysInfosCab - hxxps://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-06-16 14:48 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1265887633-3067446407-1682384897-1013\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) @SACL= [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71A78D8C-2A2C-F1E0-42C57DD6D788EDD0}\{92C0E49C-6DF5-7FD3-2A5D5DA34780C80D}\{FCC2AF23-71C0-A57B-CCE1F90128BA76FE}*] "IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9, 2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f, 91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8CD4472C-E90F-9EEE-8658179FAD84CDE4}\{86C14694-A4A0-6014-B9D2B6867C4357D1}\{413E2BB7-2C4D-BBD1-7F39BC4CF716110E}*] "IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9, 2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DFFD277A-DF70-B410-AC1E2F7ACB2EF6E1}\{F03E0E06-1B3D-CEE3-10573FC9D15505B4}\{82A99E38-2615-AE8D-106A193CCF03E65A}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,45,79,7f, 91,5d,95,3e,79,b2,13,f8,ba,02,89,e4,5c,8b,4f,88,a8,8b,f8,93,2d,03,d9,49,c1,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1112) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3616) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\windows\system32\slserv.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WGATray.exe c:\windows\system32\CF1829.exe . ************************************************************************** . Voltooingstijd: 2009-06-16 14:59 - machine werd herstart ComboFix-quarantined-files.txt 2009-06-16 12:59 Pre-Run: 34.916.352.000 bytes beschikbaar Post-Run: 35.022.286.848 bytes beschikbaar Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 260 --- E O F --- 2009-06-12 00:18 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:04:29, on 16/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7633 bytes
  3. Moneyman_5th
    Vroeger stond er Norton antivirus op (vandaar miss nog sporen van symantec want als ik mij ni vergis zijn die gelinkt). Nu staat er enkel nog Kapersky op, dacht ik toch Want dat zou idd veel kunne verklaren maar denk ni da het daar zal aan liggen, toch thx voor de input en zal zeker dat programma is proberen nadat ik de stappen van Kape heb geprobeerd
  4. Moneyman_5th
    Nog altijd even slecht :s Daarnet is de pc ook volledig vastgelopen. niets hielp, ctrl alt del, esc, wachten, niks :s Heb ook geen idee meer aan wat dit kan liggen
  5. Moneyman_5th
    Sorry voor de vertraging, examens kwamen in de weg. Had toch alles verwijderd, had enkel een verkeerd (te vroeg) logfile opgeslagen :s Hier zijn de nieuwe logjes Malwarebytes' Anti-Malware 1.37 Database versie: 2229 Windows 5.1.2600 Service Pack 3 4/06/2009 17:45:37 mbam-log-2009-06-04 (17-45-37).txt Scan type: Snelle Scan Objecten gescand: 122005 Verstreken tijd: 28 minute(s), 7 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 30 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 12 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Netcom3 Cleaner (Rogue.NetCom3) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.NetCom3) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.slotplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.slotplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.textplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.textplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.37.0 (Adware.Zango) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: c:\documents and settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\mieke.YOUR-702469E35F\Application Data\Zango (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0 (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango\static (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\The Kids\Application Data\Zango (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\The Kids\application data\Zango\v3.0 (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango\static (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:52:52, on 10/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Deamon tools\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8439 bytes
  6. Moneyman_5th
    Heb beide gedaan Deze zijn echter niet verwijderd, geen idee waarom R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Heb daarna wel mbam gedaan. logjes volgen hieronder Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:48:24, on 5/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Deamon tools\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8528 bytes Malwarebytes' Anti-Malware 1.37 Database versie: 2229 Windows 5.1.2600 Service Pack 3 4/06/2009 17:43:57 mbam-log-2009-06-04 (17-43-32).txt Scan type: Snelle Scan Objecten gescand: 122005 Verstreken tijd: 28 minute(s), 7 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 30 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 12 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Netcom3 Cleaner (Rogue.NetCom3) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.NetCom3) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.slotplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.slotplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.textplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.textplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.37.0 (Adware.Zango) -> No action taken. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: c:\documents and settings\All Users\Application Data\ZangoSA (Adware.Zango) -> No action taken. c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. c:\documents and settings\mieke.YOUR-702469E35F\Application Data\Zango (Adware.Zango) -> No action taken. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0 (Adware.Zango) -> No action taken. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango (Adware.Zango) -> No action taken. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango\static (Adware.Zango) -> No action taken. c:\documents and settings\mieke.your-702469e35f\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> No action taken. c:\documents and settings\The Kids\Application Data\Zango (Adware.Zango) -> No action taken. c:\documents and settings\The Kids\application data\Zango\v3.0 (Adware.Zango) -> No action taken. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango (Adware.Zango) -> No action taken. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango\static (Adware.Zango) -> No action taken. c:\documents and settings\The Kids\application data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> No action taken. Bestanden geïnfecteerd: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll (Adware.Zango) -> No action taken. c:\documents and settings\all users\application data\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken. c:\documents and settings\all users\application data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken. c:\documents and settings\all users\application data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken. c:\documents and settings\all users\application data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> No action taken. c:\documents and settings\all users\application data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken.
  7. Moneyman_5th
    De laatste tijd werkt mijn pc trager en trager. Dit komt onder andere omdat het inderdaad een heel oud beestje is maar ik vrees dat er nog wat schort. Heb een HiJackThis-logje gemaakt, willen jullie er even naar kijken? bedankt bij voorbaat, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:05:16, on 3/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\The Kids\Application Data\Thinstall\Windows Live Messenger\4000001900003i\usnsvc.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Deamon tools\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1265887633-3067446407-1682384897-1014\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'mieke') O4 - S-1-5-21-1265887633-3067446407-1682384897-1014 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'mieke') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\Bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.131.4,195.130.130.132 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 9295 bytes
  8. Moneyman_5th
    de aanpassingen zijn uitgevoerd, maar ik heb wegens onvoorziene omstandigheden niet meer op de pc.
  9. Moneyman_5th
    men pa heeft het weer klaargespeeld om nogmaals (heb jullie hulp al is gevraagd hiervoor, bedankt voor het helpen toen trouwens) het MSN-virus binnen te halen. Msn en windows live gevallen zijn er afgehaald en hier is een HiJackThis log plz help Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:36, on 3/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe C:\Program Files\DV Series\Console\Watch.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136120949766 O17 - HKLM\System\CCS\Services\Tcpip\..\{98E91F6F-7ECF-46BC-B876-59898B36AE82}: NameServer = 195.130.130.4,195.130.130.132 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6629 bytes
  10. Moneyman_5th
    Hey, Een maat van me van wiens bedrijf (telenet) de computer gekocht is heeft het probleem opgelost met een systeemherstel en de virussen zichtbaar in HiJackThis zijn er ook afgehaald, bedankt voor de hulp
  11. Moneyman_5th
    Bij het opstarten van windows krijg ik hetvolgende 0xc0000005 userinit.exe kan niet initialiseren Krijg enkel wallpaper, geen iconen geen taakbalk, alé da ding da vanonder sta en de windows-knop geeft geen gevolg, ben in internet en dergerlijke geraakt via taakbeheer, uitvoeren. Ik kan voor de rest eigenlijk aan alles maar tis toch ook ni werken zo, plz help me heb ook al gezien bij mijn processen, en er mankeren er precies toch wel enkele, zoals explorer.exe, die heb ik via nieuwe taak proberen starten maar hij kwam dan maar enkele seconden in proceslijst :s Zit waarschijnlijk ook heel veel virussen en dergerlijke in peins ik dus plz Help me Weet dat je me anders wsslk niet kunt helpen dus hier onder staat het HiJackThis logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:48, on 27/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Eigenaar\svchost.exe O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\ZFWSCDLC\install_sbd_nl[2].exe O4 - HKLM\..\Run: [fc5d793c] rundll32.exe "C:\WINDOWS\system32\bwwmyjev.dll",b O4 - HKLM\..\Run: [bMff6e4aa0] Rundll32.exe "C:\WINDOWS\system32\wsxramak.dll",s O4 - HKCU\..\Run: [backupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d87370d98c941a9c.spaces.live.com/PhotoUpload/MsnPUpld.cab O20 - AppInit_DLLs: droxyyfa.dll suxxdjcf.dll O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O24 - Desktop Component 0: (no name) - http://gdservice.be/bm/bm~pix/mgs-01-prep-3~s800x800.jpg O24 - Desktop Component 1: (no name) - http://www.buell.com/common/08/adventure/xb12x/gallery/1024/1.jpg O24 - Desktop Component 2: (no name) - http://www.yamaha-motor.be/dutch/Images/2008-MT-03-AoE-detail-01_tcm30-209530.jpg -- End of file - 8427 bytes
  12. Moneyman_5th
    ok heb effe zelf bezig geweest met onder andere het uitzetten van niet-strikt noodzakelijke opstartprogramma's en heb de vrijheid genomen even Registerybooster 2 te installeren en zijn werk te laten doen, vond 364 fouten die nu zouden zijn weggewerkt dus dat klinkt goed en de pc loopt al een stukje sneller terug. Het internet doet wel raar en dan bedoel ik internet explorer, want as ik een tweede tablad opendoe blokkeert dat tweede tablad, erg vreemd :s heb een nieuw hijackthislogje gemaakt want heb toch een aantal dingen veranderd dus het vorige geeft een achtergestelde staat van zaken op dus hier is het nieuwe HiJackThislog Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:12:06, on 27/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\V0470Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Italia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175027306546 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10180 bytes
  13. Moneyman_5th
    mywebsearch is na heel veel moeite verwijderd HiJackThis heeft de genoemde zaken verwijderd en geen enkel van de jotti-virusscanners heeft iets verkeerds gevonden aan C:\Windows\V0470mon.exe Wel nog een klein vraagje ook hier zie ik tussen de opstartlijst wuauclt.exe staan net als bij mijn moeder dus dacht ik we gaan is zoeken wat dat voor iets is. Nu ben ik via google op een site (bleepingcomputer) die zei dat het een undesirable program is, dus denk ik, laten we het opsporen en verwijderen maar de zoekfunctie vind geen wuauclt.exe, heb jij enig idee wat dit is en hoe ik het wegkrijg? hier is het logfile van HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:08:40, on 26/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PKR\pkrpal.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\V0470Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Italia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175027306546 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 11805 bytes
  14. Moneyman_5th
    mappen zijn verwijdert heb dan toch manieren kunnen uitleggen om ze weg te krijgen HiJackThislogje volgt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:42, on 24/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PKR\pkrpal.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\V0470Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het web van Z tot A R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Italia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYBE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175027306546 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12391 bytes
  15. Moneyman_5th
    ok heb alles uitgelegd en gedaan gekregen behalve het verwijderen van enkele mappen maar daar hou ik me zaterdag dan wel persoonlijk mee bezig Hier zijn de logs SDFix: Version 1.173 Run by PC on Wed 23/04/2008 at 22:18 Microsoft Windows XP [Version 5.1.2600] Running From: C:\PROGRA~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\%%%.exe - Deleted C:\Program Files\CPV\CPV8.dll - Deleted C:\WINDOWS\b155.exe - Deleted C:\WINDOWS\mrofinu1423.exe - Deleted C:\WINDOWS\mrofinu1423.exe.tmp - Deleted C:\Documents and Settings\PC\real.txt - Deleted C:\WINDOWS\system32\real.txt - Deleted Folder C:\Program Files\CPV - Removed Folder C:\Program Files\Temporary - Removed Folder C:\Program Files\Twain - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 22:57:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016383a0143] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016383a0143] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000087 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 9 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM" "C:\\My Games\\SmallBall Football\\jre\\bin\\javaw.exe"="C:\\My Games\\SmallBall Football\\jre\\bin\\javaw.exe:*:Disabled:javaw" "C:\\My Games\\SmallBall Baseball\\smallball.exe"="C:\\My Games\\SmallBall Baseball\\smallball.exe:*:Disabled:SmallBall BaseBall" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"="C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe:*:Enabled:motogp" "C:\\Program Files\\Cyanide\\Winter Challenge\\WinterApp.exe"="C:\\Program Files\\Cyanide\\Winter Challenge\\WinterApp.exe:*:Enabled:WinterChallenge" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 21 Jun 2007 4,441,216 A..H. --- "C:\My Games\Tennis Titans\Tennis Titans.exe" Tue 27 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2beb5c1d00b4ac7c5cbc5be7194a21c2\BIT195.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a4c0800595390bb5aae5098f200f8fa\BIT197.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT228.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2f549086129d9f7c3a0345500d82a22\BIT198.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ce8b2b12410df272f3067aa22bf91eb2\BIT196.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT193.tmp" Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8b7fdd48b3c0be2073971f515d132cd\BIT194.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:34, on 23/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PKR\pkrpal.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Gamevance\gamevance32.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het web van Z tot A R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Italia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYBE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175027306546 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13611 bytes
  16. Moneyman_5th
    ah ja en om het allemaal nog wa moeilijker en irritanter te maken is de hele pc trouwens in het Italiaans ingesteld maar leg et maar uit me engelse benamingen zal het wel zelf vertalen hoor
  17. Moneyman_5th
    hey, ik WEER :s mijn vader heeft blijkbaar iemand besmet en denk dat de computer er vrij slecht aan toe is van hetgeen dat em er over verteld hij heeft me een logfile van Hijackthis doorgestuurd dat zal ik hieronder effe posten, msn enzo heb ik hem al laten verwijderen nog voor het HiJackthislog, hoop dat hij alles heeft gevonden van MSN en windows live enzo Gaat heel erg traag naart schijnt terwijl het een vrij nieuwe en snelle computer is Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:32, on 23/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PKR\pkrpal.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Gamevance\gamevance32.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\V0470Mon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\mrofinu1423.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het web van Z tot A R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Italia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Ricerca nel Web | Motore di Ricerca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe" O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [sightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYBE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f995bd70cb2b4d5b9ef6c3fd8b640d75 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175027306546 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bed.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 15309 bytes
  18. Moneyman_5th
    Met de virusscanners beginnen experimenteren gaan we miss best niet doen aangezien de ouders daar niet akkoord mee zullen gaan :s Hebben wel de andere stappen uitgevoerd maar veel verbetering in snelheid levert dit niet op. Anders wel raar inderdaad van twee veel verbruikende virusscanners te gebruiken op één pc met 512MB ma ja daar gaan we niet over oordelen. Merci voor de hulp, spijtig dat het niet veel uitmaakte. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:07, on 2/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\windows\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\system32\beidservicecrl.exe C:\windows\system32\beidservicepcsc.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\windows\system32\slserv.exe C:\windows\System32\svchost.exe C:\windows\system32\wuauclt.exe C:\Logitech\iTouch\iTouch.exe C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Canon\MultiPASS4\monitr32.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\SMC\EZ Connect N Draft 11n Wireless USB2.0 Adapter\SMCWUSBS-N.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Anita F\Bureaublad\Tomtom\TomTom HOME 2\HOMERunner.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\BOINC\boinc.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86 C:\windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Belgacom R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [utility] C:\Program Files\SMC\EZ Connect N Draft 11n Wireless USB2.0 Adapter\SMCWUSBS-N.exe -h O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [f4b1d37a0796d648a2f92c5e87ca1edd] C:\DOCUME~1\ALLUSE~1\BUREAU~1\DOWNLO~1\WORMS2~1.EXE /r O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Documents and Settings\Anita F\Bureaublad\Tomtom\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Anita F\Mijn documenten\shana\andere\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Anita F\Mijn documenten\shana\andere\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shana123456789.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shana123456789.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\windows\system32\Belpic PCSC Service.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eID CRL Service - Zetes - C:\windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\windows\system32\beidservicepcsc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 13653 bytes
  19. Moneyman_5th
    Weet dat ik nu een beetje aant overdrijven ben misschien maar mijn maat zijn pc heeft 512MB RAM geheugen en da duurt 20 minuten om die gwn nog maar op te starten, vreselijk gwn, ok ze zeggen wel het geheugen staat vol maar volgens mij kan dit nooit de enige oorzaak zijn dus heb ik een logje gemaakt met HiJackThis wil jij eens kijken wat ze kunne doen om de opstartsnelheid en algemene snelheid te verbeteren? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:25:28, on 2/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\windows\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\system32\beidservicecrl.exe C:\windows\system32\beidservicepcsc.exe C:\Logitech\iTouch\iTouch.exe C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Canon\MultiPASS4\monitr32.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Apps\ActivBoard\TrayMon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\windows\system32\slserv.exe C:\windows\System32\svchost.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\SMC\EZ Connect N Draft 11n Wireless USB2.0 Adapter\SMCWUSBS-N.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\windows\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Anita F\Bureaublad\Tomtom\TomTom HOME 2\HOMERunner.exe C:\Program Files\D-Link\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE C:\Program Files\BOINC\boincmgr.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\BOINC\boinc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Anita F\Local Settings\Temporary Internet Files\Content.IE5\2G5GQ1BA\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Belgacom R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [utility] C:\Program Files\SMC\EZ Connect N Draft 11n Wireless USB2.0 Adapter\SMCWUSBS-N.exe -h O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [f4b1d37a0796d648a2f92c5e87ca1edd] C:\DOCUME~1\ALLUSE~1\BUREAU~1\DOWNLO~1\WORMS2~1.EXE /r O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Documents and Settings\Anita F\Bureaublad\Tomtom\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shana123456789.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://shana123456789.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\windows\system32\Belpic PCSC Service.exe (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eID CRL Service - Zetes - C:\windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\windows\system32\beidservicepcsc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 15103 bytes
  20. Moneyman_5th
    Heb die map verwijderd en nu vind ik ze niet meer in mijn program files zou het kunnen dat deze map is verborgen? En indien ja hoe vind ik ze dan terug? zoekfuncties vinden hem ook niet, gwn de overschot verwijderen met HiJackThis? want ook HiJackThis geeft aan dat deze map verwijderd is denk ik O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
  21. Moneyman_5th
    op eerste zicht ging het opstarten toch wat sneller en ook de snelheid op zich is precies toch iets sneller dan normaal, dat van die vcsplay verbaasde me wel want had op een site gelezen dat dat niet mocht worden uitgeschakeld in geen enkele situatie goed dat ik dat dan weer weet want heb dat programma nog nooit gebruikt. thx a lot Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:48, on 31/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O8 - Extra context menu item: Voeg toe aan de Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.130.164,195.130.130.4 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7239 bytes
  22. Moneyman_5th
    Zou graag mijn pc ook eens laten controleren op virussen en dergerlijke want hij gaat heel traag, mede een logisch gevolg van het feit dat hij maar 256MB RAM heeft. Echter starten er samen met de pc ook zeer veel processen mee op wat ook pc functies vertraagd natuurlijk zou jij er is naar willen kijken wat strikt nodig is en wat niet? Weet dat ik dat miss best niet hier zet maar kun jij het anders verplaatsen naar een andere discussie of zo? Hier is in ieder geval al mijn HiJackThis log Kan ik trouwens hier ook combolog doen of is dat niet nodig of niet goed of zo? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:58, on 31/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\htpatch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\The Kids\Mijn documenten\Dimitri's Documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll (file missing) O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [spyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1265887633-3067446407-1682384897-1014\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'mieke') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1265887633-3067446407-1682384897-1014 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'mieke') O8 - Extra context menu item: Voeg toe aan de Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: SysInfosCab - https://www.homebanking2.axa.be/clientupgrade/SysInfosCab.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.e-sexcash.com/plugin/243/stoutetienersnl.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132077504796 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pluiskipje.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5142/mcfscan.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E485216F-634A-4D3B-A7C8-6ADD94BB13A8}: NameServer = 195.130.130.164,195.130.130.4 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 9364 bytes
  23. Moneyman_5th
    ok logje gebeurd ben benieuwd naar het aanbod worden hijackthis en combofix ook verwijderd of niet? ComboFix 08-03-24.1 - Paul 2008-03-30 16:55:47.7 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Paul\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Malwarebytes C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Documents and Settings\Paul\Application Data\Malwarebytes C:\Documents and Settings\Paul\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-3-27-2008 (18-13-36).txt C:\Program Files\Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys C:\Program Files\Malwarebytes' Anti-Malware\comctl32.ocx C:\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng C:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng C:\Program Files\Malwarebytes' Anti-Malware\License.txt C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.sys C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))) . 2008-03-27 23:29 . 2008-03-27 23:29 1,986 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-03-25 00:18 . 2008-03-25 00:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 22:17 . 2008-03-24 22:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-21 12:59 . 2008-03-21 12:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 12:56 . 2008-03-24 23:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 12:54 . 2008-03-21 12:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 21:28 . 2008-03-02 21:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 14:12 . 2008-03-02 14:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 23:32 . 2008-03-01 23:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 07:56 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat 2007-12-07 02:18 824,832 -c--a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 -c--a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-25_ 0.37.20.70 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 163,328 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 28,160 -c--a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,160 -c--a-w C:\WINDOWS\Nircmd.exe - 2008-03-21 06:37:13 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 08:00:15 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-21 06:37:14 82,624 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-03-30 08:00:16 82,624 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-03-21 06:37:13 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 08:00:15 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-21 06:37:14 469,120 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-03-30 08:00:16 469,120 ----a-w C:\WINDOWS\system32\perfh013.dat - 2000-08-31 07:00:00 161,792 -c--a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 06:00:00 161,792 -c--a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 13:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 19:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 21:04:27 217088] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 23:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 05:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 09:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-30 07:58:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 17:01:58 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-30 17:03:31 ComboFix-quarantined-files.txt 2008-03-30 15:03:08 ComboFix2.txt 2008-03-28 20:14:42 ComboFix3.txt 2008-03-27 16:46:16 ComboFix4.txt 2008-03-25 16:41:53 ComboFix5.txt 2008-03-25 13:29:36 . 2008-03-28 11:43:54 --- E O F ---
  24. Moneyman_5th
    had eigenlijk ook al juist aan mijn vader gevraagd of het niet zou kunnen dat het aan de pc ligt en niet aan de software dat hij soms traag gaat, logje hangt er aan vast. Wat kan ik me voorstellen bij een grote schoonmaak? Ben in ieder geval wel voor een grondige schoonmaak ineens want wie weet wat men vader er de volgende keer weer opkrijgt zal hem is voorlichting en informatie geven hoe je kan zien of iets betrouwbaar is of niet We hebben in ieder geval al een stuk gezondere pc, waarvoor zeer veel dank, miss een rare of stomme vraag maar word jij hier voor betaald of zo want das toch wel zeer veel dat jij voor ons doet. ComboFix 08-03-24.1 - Paul 2008-03-28 21:05:25.6 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Paul\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-27 22:29 . 2008-03-27 22:29 1,986 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d----c--- C:\Documents and Settings\Paul\Application Data\Malwarebytes 2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-24 23:18 . 2008-03-24 23:18 <DIR> d----c--- C:\Program Files\Trend Micro 2008-03-24 21:17 . 2008-03-24 21:17 <DIR> d----c--- C:\Documents and Settings\Dimitri\Application Data\Yahoo! 2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-21 11:56 . 2008-03-24 22:23 <DIR> d----c--- C:\Program Files\Windows Live 2008-03-21 11:54 . 2008-03-21 11:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 20:28 . 2008-03-02 20:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-03-02 13:12 . 2008-03-02 13:12 <DIR> d----c--- C:\Documents and Settings\Arachne\Application Data\Yahoo! 2008-03-01 22:32 . 2008-03-01 22:32 <DIR> d----c--- C:\Program Files\Telemeter 3.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 11:16 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-03-24 21:30 --------- dc----w C:\Program Files\Yahoo! 2008-03-24 21:30 --------- dc----w C:\Program Files\Google 2008-03-24 21:15 --------- dc----w C:\Program Files\Windows Live Toolbar 2008-03-21 11:26 --------- dc----w C:\Program Files\MSN Messenger 2008-02-12 02:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-02-01 10:27 230,432 -c--a-w C:\StiImg.dat . ((((((((((((((((((((((((((((( snapshot@2008-03-25_ 0.37.20.70 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744] "NWEReboot"="" [] "NvCplDaemon"="NvQTwk" [] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ MSI US54SE II Wireless Client Utility.lnk - C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe [2007-09-05 18:31:03 593920] Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2006-03-28 20:04:27 217088] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49] R3 AR5523;MSI US60SE Wireless Adapter;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 04:45] S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 10:37] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29] S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 08:25] . Inhoud van de 'Gedeelde Taken' map "2008-03-28 11:41:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 21:11:25 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-28 21:14:42 ComboFix-quarantined-files.txt 2008-03-28 20:14:28 ComboFix2.txt 2008-03-27 16:46:16 ComboFix3.txt 2008-03-25 16:41:53 ComboFix4.txt 2008-03-25 13:29:36 ComboFix5.txt 2008-03-25 11:21:46 . 2008-03-28 11:43:54 --- E O F ---
  25. Moneyman_5th
    hebben gisteren nog het bureaublad kunnen veranderen, msn was trouwens verwijderd die stap had ik al gezet van alles waar ik msn of windows live of messenger zag staan te verwijderen We hebben trouwens geen windows CD :s denk niet dat het een illegale versie is of zo hoor maar de pc is blijkbaar, volgens men pa, tweede hands en windows XP stond er al op, dus dat zal niet lukken de pop ups zijn gedaan volgens men pa maar de "veranderingen" wij noemen ze "mood swings" in snelheid zijn er nog
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.