trojan.exe

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:53, on 28-4-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 4547 bytes

HJT lukt steeds wel maar als ik op bijv combofix.exe druk krijg ik weer dezelfde foutmelding. ook veel andere programma's doen het nog steeds niet

top deze hulp zeg! overigens heb ik geen idee of het relevant is om te zeggen maar ik voer de acties steeds in veilige modus uit omdat in normale modus het vaak niet mogelijk is de software te runnen. bij deze weer de logjes: ComboFix 10-04-27.02 - MSuser 28-04-2010 12:44:10.3.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.800 [GMT 2:00] Gestart vanuit: c:\documents and settings\nielzie\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\nielzie\Bureaublad\CFScript.txt FILE :: "c:\windows\~nsu.tmp" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MSuser\Local Settings\Application Data\Conduit . (((((((((((((((((((( Bestanden Gemaakt van 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))) . 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\MSuser\Application Data\Malwarebytes 2010-04-27 12:00 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 12:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 15:29 . 2008-04-14 20:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2010-04-26 15:24 . 2010-04-26 15:24 -------- d-----w- c:\windows\EHome 2010-04-26 13:35 . 2010-04-27 13:38 -------- d-----w- c:\program files\AVI DivX to DVD SVCD VCD Converter 2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Badger I.T 2010-04-26 12:10 . 2010-04-26 12:10 -------- d-----w- c:\windows\~nsu.tmp 2010-04-26 07:04 . 2010-04-26 07:04 388096 ----a-r- c:\documents and settings\MSuser\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-26 07:04 . 2010-04-26 07:04 -------- d-----w- c:\program files\Trend Micro 2010-04-26 06:27 . 2010-04-26 06:27 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Xenocode 2010-04-26 06:26 . 2010-04-26 06:26 -------- d-----w- c:\program files\BadgerIT 2010-04-25 14:39 . 2010-04-25 14:39 -------- d-----w- c:\program files\microsoft frontpage 2010-04-25 13:12 . 2010-04-25 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2010-04-25 13:12 . 2010-04-27 16:15 -------- d-----w- c:\documents and settings\MSuser\Application Data\Azureus 2010-04-25 13:11 . 2010-04-25 13:12 -------- d-----w- c:\program files\Vuze 2010-04-25 13:11 . 2010-04-25 14:44 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Vuze_Remote 2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\program files\Vuze_Remote 2010-04-22 19:13 . 2010-04-22 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-04-22 19:12 . 2010-04-25 13:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-04-21 17:05 . 2010-04-21 17:05 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\LooksBuilder 2010-04-03 10:24 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 10:45 . 2004-08-04 12:00 511866 ----a-w- c:\windows\system32\perfh013.dat 2010-04-28 10:45 . 2004-08-04 12:00 91632 ----a-w- c:\windows\system32\perfc013.dat 2010-04-26 15:54 . 2009-11-09 12:28 -------- d-----w- c:\program files\MSN Messenger 2010-04-26 15:35 . 2006-04-03 11:38 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-21 08:50 . 2006-04-09 10:09 37472 -c-ha-w- c:\windows\Fonts\infoview.fon 2010-04-13 21:24 . 2009-11-23 17:51 79488 ----a-w- c:\documents and settings\MSuser\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-13 20:44 . 2006-11-04 20:41 -------- d-----w- c:\documents and settings\MSuser\Application Data\U3 2010-03-20 11:35 . 2010-03-20 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow RegCleaner 2010-03-20 11:19 . 2010-03-20 11:19 45792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-10 06:17 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2004-08-04 12:00 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-04 16:33 . 2006-04-03 12:45 45792 -c--a-w- c:\documents and settings\MSuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-04 12:00 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((( SnapShot@2010-04-27_15.43.59 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 12:00 . 2008-04-14 20:32 90112 c:\windows\system32\wshext.dll + 2004-08-04 12:00 . 2008-05-09 10:56 90112 c:\windows\system32\wshext.dll + 2004-08-04 12:00 . 2010-04-28 10:45 71904 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2010-04-27 15:37 71904 c:\windows\system32\perfc009.dat + 2008-05-09 10:56 . 2008-05-09 10:56 90112 c:\windows\system32\dllcache\wshext.dll + 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe - 2004-08-04 12:00 . 2008-04-14 20:33 155648 c:\windows\system32\wscript.exe + 2004-08-04 12:00 . 2008-05-09 10:56 172032 c:\windows\system32\scrrun.dll - 2004-08-04 12:00 . 2008-04-14 20:32 172032 c:\windows\system32\scrrun.dll - 2004-08-04 12:00 . 2008-04-14 20:32 180224 c:\windows\system32\scrobj.dll + 2004-08-04 12:00 . 2008-05-09 10:56 180224 c:\windows\system32\scrobj.dll + 2004-08-04 12:00 . 2010-04-28 10:45 444028 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2010-04-27 15:37 444028 c:\windows\system32\perfh009.dat + 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe + 2008-05-09 10:56 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-05-09 10:56 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe + 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe + 2006-04-03 11:35 . 2009-06-10 07:22 2066432 c:\windows\system32\mstscax.dll + 2006-04-03 11:35 . 2009-06-10 07:22 2066432 c:\windows\system32\dllcache\mstscax.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave9"=Echo24Wrap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-03-04 18:19 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "CCALib8"=2 (0x2) "Bonjour Service"=2 (0x2) "astcc"=2 (0x2) "ACDaemon"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"= "c:\\Program Files\\Secway\\SimpLite-MSN 2.2\\SimpLite-MSN.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-9-2006 13:18 682232] S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [30-11-2001 16:00 103840] S3 echo24;Gina24 Service;c:\windows\system32\drivers\echo24.sys [21-3-2003 14:07 544384] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: 0.0.0.0 Trusted Zone: ziggo.nl\thuishelp DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-28 12:51 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(428) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Voltooingstijd: 2010-04-28 12:54:06 ComboFix-quarantined-files.txt 2010-04-28 10:53 ComboFix2.txt 2010-04-27 16:00 ComboFix3.txt 2010-04-27 15:46 Pre-Run: 2.840.088.576 bytes beschikbaar Post-Run: 2.949.722.112 bytes beschikbaar Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - CB947C4A1EC60148F83A85029A57371B --------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:58:59, on 28-4-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 4255 bytes

bij deze weer het logje ComboFix 10-04-26.04 - MSuser 27-04-2010 17:37:58.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.800 [GMT 2:00] Gestart vanuit: c:\documents and settings\nielzie\Bureaublad\ComboFix.exe . ADS - WINDOWS: deleted 0 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\install.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))) . 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\MSuser\Application Data\Malwarebytes 2010-04-27 12:00 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 12:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 15:29 . 2008-04-14 20:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2010-04-26 15:24 . 2010-04-26 15:24 -------- d-----w- c:\windows\EHome 2010-04-26 13:35 . 2010-04-27 13:38 -------- d-----w- c:\program files\AVI DivX to DVD SVCD VCD Converter 2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Badger I.T 2010-04-26 12:10 . 2010-04-26 12:10 -------- d-----w- c:\windows\~nsu.tmp 2010-04-26 07:04 . 2010-04-26 07:04 388096 ----a-r- c:\documents and settings\MSuser\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-26 07:04 . 2010-04-26 07:04 -------- d-----w- c:\program files\Trend Micro 2010-04-26 06:27 . 2010-04-26 06:27 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Xenocode 2010-04-26 06:26 . 2010-04-26 06:26 -------- d-----w- c:\program files\BadgerIT 2010-04-25 14:39 . 2010-04-25 14:39 -------- d-----w- c:\program files\microsoft frontpage 2010-04-25 13:12 . 2010-04-25 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2010-04-25 13:12 . 2010-04-27 13:38 -------- d-----w- c:\documents and settings\MSuser\Application Data\Azureus 2010-04-25 13:11 . 2010-04-25 13:12 -------- d-----w- c:\program files\Vuze 2010-04-25 13:11 . 2010-04-25 14:44 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Vuze_Remote 2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\program files\Vuze_Remote 2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Conduit 2010-04-22 19:13 . 2010-04-22 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-04-22 19:12 . 2010-04-25 13:06 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-04-21 17:05 . 2010-04-21 17:05 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\LooksBuilder 2010-04-03 10:24 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-27 15:37 . 2004-08-04 12:00 91632 ----a-w- c:\windows\system32\perfc013.dat 2010-04-27 15:37 . 2004-08-04 12:00 511866 ----a-w- c:\windows\system32\perfh013.dat 2010-04-26 15:54 . 2009-11-09 12:28 -------- d-----w- c:\program files\MSN Messenger 2010-04-26 15:35 . 2006-04-03 11:38 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-21 08:50 . 2006-04-09 10:09 37472 -c-ha-w- c:\windows\Fonts\infoview.fon 2010-04-13 21:24 . 2009-11-23 17:51 79488 ----a-w- c:\documents and settings\MSuser\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-13 20:44 . 2006-11-04 20:41 -------- d-----w- c:\documents and settings\MSuser\Application Data\U3 2010-03-20 11:35 . 2010-03-20 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow RegCleaner 2010-03-20 11:19 . 2010-03-20 11:19 45792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-10 06:17 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2004-08-04 12:00 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-04 16:33 . 2006-04-03 12:45 45792 -c--a-w- c:\documents and settings\MSuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-04 12:00 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave9"=Echo24Wrap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-03-04 18:19 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "CCALib8"=2 (0x2) "Bonjour Service"=2 (0x2) "astcc"=2 (0x2) "ACDaemon"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"= "c:\\Program Files\\Secway\\SimpLite-MSN 2.2\\SimpLite-MSN.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-9-2006 13:18 682232] S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [30-11-2001 16:00 103840] S3 echo24;Gina24 Service;c:\windows\system32\drivers\echo24.sys [21-3-2003 14:07 544384] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF185561-528F-E669-52CC-A7D98201A809}] 2009-02-13 17:21 102400 -c--a-w- c:\windows\system32\Sys32AoA.exe . Inhoud van de 'Gedeelde Taken' map 2010-04-26 c:\windows\Tasks\Install_NSS.job - c:\program files\Vuze\nssstub.exe [2010-04-25 13:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: 0.0.0.0 Trusted Zone: ziggo.nl\thuishelp DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKLM-Run-DisplayTrayIcon - (no file) MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe AddRemove-Titan Poker - c:\windows\Titan Poker setup.exe AddRemove-TweakNow RegCleaner_is1 - c:\program files\TweakNow RegCleaner\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-27 17:43 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(424) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Voltooingstijd: 2010-04-27 17:46:21 ComboFix-quarantined-files.txt 2010-04-27 15:46 Pre-Run: 2.554.019.840 bytes beschikbaar Post-Run: 3.038.035.968 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - BE53FA15F5194975DED013D9A0765C16

bij deze de logbestanden: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversie: 4041 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27-4-2010 15:17:44 mbam-log-2010-04-27 (15-17-44).txt Scantype: Snelle scan Objecten gescand: 124600 Verstreken tijd: 9 minuut/minuten, 0 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ----------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:37:28, on 27-4-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 4894 bytes

ik heb sp3 geinstalleerd maar heb helaas nog steeds dezelfde problemen. daarom hijack maar weer eens aangezet: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:57:42, on 26-4-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 5074 bytes

ik ga het vanavond proberen laat wel even weten of het gelukt is of niet

ok dit is het resultaat: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:43:50, on 26-4-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- End of file - 4897 bytes

ik heb dit al maanden en miss nog wel langer. systeemherstel heb ik enige malen geprobeerd waarna dezelfde problemen zich snel weer voordeden. vaker niet dan wel lukt het om een programma te installeren en of te runnen. wellicht is het niet relevant het te melden maar ik heb tevens last van beperking van het openen van vensters. van map-en programma-tot internet explorer vensters. vaak kan ik er hoogstens 4 tegelijk openen

Hallo allemaal! bijna elke keer als ik nieuwe software wil installeren of een .exe bestand wil runnen krijg ik de foutmelding: in().exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak. zeer frustrerend dus iemand hier enig idee wat ik hier aan kan doen?