Ga naar inhoud

tibzie

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    155

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door tibzie

    Scherm Laptop

    in Archief Hardware algemeen

    Geplaatst:

    gaan naar energiebeheer via het configuratie scherm en normaal zal u daar wel ergens de acties die hij moet uitvoeren bij het toeklappen van het scherm e.d. te wijzigen (dit is toch op windows XP toepasselijk dus waarschijnlijk ook bij vista)

    [OPGELOST] explorer.exe aangetast en taakbeheer uitegeschakeld.

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Malwarebytes heeft geen infecties gevonden dus is het ook onnodig om de log te posten (ik heb de log nagekeken en er was niks geinfecteerd en niks gevonden)

    DSS post:

    Deckard's System Scanner v20071014.68

    Run by Tibbout on 2008-04-20 17:46:38

    Computer is in Normal Mode.

    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --

    28: 2008-04-20 15:47:33 UTC - RP28 - Deckard's System Scanner Restore Point

    27: 2008-04-20 07:03:20 UTC - RP27 - ComboFix created restore point

    26: 2008-04-19 18:58:20 UTC - RP26 - Herstelbewerking

    25: 2008-04-19 14:12:07 UTC - RP25 - Controlepunt van systeem

    24: 2008-04-17 15:22:15 UTC - RP24 - Controlepunt van systeem

    -- First Restore Point --

    1: 2008-03-25 17:24:38 UTC - RP1 - Controlepunt van systeem

    Backed up registry hives.

    Performed disk cleanup.

    Total Physical Memory: 383 MiB (512 MiB recommended).

    -- HijackThis (run as Tibbout.exe) ---------------------------------------------

    Unable to find log (file not found); running clone.

    -- HijackThis Clone ------------------------------------------------------------

    Emulating logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 2008-04-20 17:48:39

    Platform: Windows XP Service Pack 2 (5.01.2600)

    MSIE: Internet Explorer (7.00.6000.16640)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\system32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Acer\eManager\anbmServ.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Grisoft\AVG7\avgamsvr.exe

    C:\Program Files\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\LogMeIn\x86\ramaint.exe

    C:\Program Files\LogMeIn\x86\LogMeIn.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Program Files\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\WISPTIS.EXE

    C:\Documents and Settings\Tibbout\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe

    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live Help

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll

    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL

    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe

    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe

    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe

    --

    End of file - 5159 bytes

    -- HijackThis Fixed Entries (C:\DOCUME~1\Tibbout\MIJNDO~1\software\ANTI-V~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

    backup-20080123-165535-830 O4 - HKLM\..\Run: [DShutdown] "C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 1 voor dshutdown.zip\DShutdown\DShutdown.exe" /SAVEONEXIT /IP:LocalHost /Shutdown /IP:ACER-10129A827F /Shutdown /IP:DELL /Shutdown

    backup-20080123-165535-976 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    backup-20080401-111038-651 O3 - Toolbar: (no name) - {FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)

    backup-20080401-111038-862 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Internet Doorzoeken :: DAEMON-Search.com

    backup-20080419-202159-114 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    backup-20080419-202159-156 O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    backup-20080419-202159-203 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    backup-20080419-202159-243 O4 - HKLM\..\Run: [LaunchApp] Alaunch

    backup-20080419-202159-249 O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    backup-20080419-202159-292 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    backup-20080419-202159-316 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    backup-20080419-202159-335 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    backup-20080419-202159-381 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecure/sha1auth.srf?lc=2067

    backup-20080419-202159-398 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    backup-20080419-202159-418 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com

    backup-20080419-202159-466 O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    backup-20080419-202159-478 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    backup-20080419-202159-580 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    backup-20080419-202159-673 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    backup-20080419-202159-726 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    backup-20080419-202200-151 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    backup-20080419-202200-730 O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    backup-20080419-202201-255 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

    backup-20080419-202201-603 O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

    backup-20080419-202201-806 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    backup-20080419-202202-162 O11 - Options group: [iNTERNATIONAL] International*

    backup-20080419-202202-502 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    backup-20080419-202202-608 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    backup-20080419-202202-810 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    backup-20080419-202203-283 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

    backup-20080419-202204-696 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    backup-20080419-202204-762 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    backup-20080419-202205-338 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    backup-20080419-202205-428 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    backup-20080419-202205-841 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    backup-20080419-204841-162 O2 - BHO: (no name) - {02540E51-1317-4A95-879D-DFA674857201} - C:\WINDOWS\system32\efcAQJyA.dll

    backup-20080419-204842-209 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\iifdaYOg.dll

    backup-20080419-204843-250 O20 - Winlogon Notify: iifdaYOg - C:\WINDOWS\SYSTEM32\iifdaYOg.dll

    backup-20080419-204847-167 O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

    -- File Associations -----------------------------------------------------------

    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys

    R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver>

    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

    S3 int15.sys - c:\program files\acer\erecovery\int15.sys

    S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>

    R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.

    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-09 13:03:54 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

    2008-04-09 13:03:50 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

    2008-04-04 19:20:40 398 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job

    -- Files created between 2008-03-20 and 2008-04-20 -----------------------------

    2008-04-20 12:44:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

    2008-04-20 11:41:49 0 d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc

    2008-04-20 09:05:50 0 d-------- C:\cmdcons

    2008-04-20 09:02:01 68096 --a------ C:\WINDOWS\zip.exe

    2008-04-20 09:02:01 49152 --a------ C:\WINDOWS\VFind.exe

    2008-04-20 09:02:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

    2008-04-20 09:02:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

    2008-04-20 09:02:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

    2008-04-20 09:02:01 98816 --a------ C:\WINDOWS\sed.exe

    2008-04-20 09:02:01 80412 --a------ C:\WINDOWS\grep.exe

    2008-04-20 09:02:01 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

    2008-04-20 08:53:09 0 d-------- C:\VundoFix Backups

    2008-04-19 20:38:21 0 dr-h----- C:\Documents and Settings\Tibbout\Onlangs geopend

    2008-04-19 20:24:03 0 dr-h----- C:\Documents and Settings\Cedric\Onlangs geopend

    2008-04-19 19:54:54 0 dr-h----- C:\$VAULT$.AVG

    2008-04-19 19:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\EarMaster

    2008-04-18 18:37:54 0 d-------- C:\Documents and Settings\Cedric\Incomplete

    2008-04-18 18:37:21 0 d-------- C:\Documents and Settings\Cedric\Application Data\FrostWire

    2008-04-18 18:36:37 0 d-------- C:\Documents and Settings\Cedric\Application Data\Ipswitch

    2008-04-13 14:37:15 0 d-------- C:\Documents and Settings\Gast\Application Data\Ipswitch

    2008-04-10 17:33:28 0 d-------- C:\Restoration

    2008-04-09 13:03:48 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Uniblue

    2008-04-09 13:03:16 0 d-------- C:\Program Files\Uniblue

    2008-04-06 12:35:30 0 d-------- C:\Program Files\Poke

    2008-04-01 19:08:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\CoreFTP

    2008-04-01 19:07:42 0 d-------- C:\Program Files\CoreFTP

    2008-04-01 17:27:25 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Ipswitch

    2008-04-01 17:26:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch

    2008-04-01 17:26:44 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>

    2008-04-01 17:26:34 0 d-------- C:\Program Files\Ipswitch

    2008-04-01 17:25:50 0 d-------- C:\Documents and Settings\Tibbout\Application Data\InstallShield

    2008-04-01 11:11:13 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Malwarebytes

    2008-04-01 11:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2008-04-01 11:06:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\uk.co.planetside

    2008-04-01 10:26:33 0 d-------- C:\Program Files\Terragen

    2008-04-01 10:15:26 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Dexpot

    2008-04-01 10:00:27 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE

    2008-03-29 12:39:54 0 d-------- C:\Program Files\Rockstar Games

    2008-03-22 23:21:53 0 d-------- C:\Program Files\InterActual

    2008-03-22 22:39:03 5767168 --a------ C:\Documents and Settings\Tibbout\ntuser.dat

    2008-03-22 21:11:41 0 d-------- C:\Program Files\BPK

    2008-03-22 10:07:56 0 d-------- C:\Documents and Settings\Cedric\Application Data\AdobeUM

    -- Find3M Report ---------------------------------------------------------------

    2008-04-20 13:41:05 0 d-------- C:\Documents and Settings\Tibbout\Application Data\AVG7

    2008-04-20 08:39:06 0 d-------- C:\Program Files\LogMeIn

    2008-04-14 19:04:48 0 d-------- C:\Documents and Settings\Tibbout\Application Data\FrostWire

    2008-04-12 18:49:40 504482 --a------ C:\WINDOWS\system32\perfh013.dat

    2008-04-12 18:49:40 88852 --a------ C:\WINDOWS\system32\perfc013.dat

    2008-04-11 19:45:39 0 d--h----- C:\Program Files\InstallShield Installation Information

    2008-04-09 18:16:00 0 d-------- C:\Program Files\FrostWire

    2008-04-09 13:46:12 0 d-------- C:\Program Files\AvRack

    2008-04-04 14:58:02 0 d-------- C:\Program Files\Opera

    2008-04-01 14:27:38 0 d-------- C:\Program Files\Java

    2008-03-15 15:29:17 0 d-------- C:\Program Files\DAEMON Tools Lite

    2008-03-15 15:15:09 0 d-------- C:\Documents and Settings\Tibbout\Application Data\DAEMON Tools

    2008-03-15 14:21:21 0 d-------- C:\Program Files\2 Pic

    2008-03-15 14:17:20 0 d-------- C:\Documents and Settings\Tibbout\Application Data\VSRevoGroup

    2008-03-14 22:45:17 0 d-------- C:\Program Files\directx

    2008-03-12 16:25:11 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>

    2008-03-11 19:53:39 0 d-------- C:\Program Files\Auslogics

    2008-03-11 19:28:30 0 d-------- C:\Program Files\IObit

    2008-03-11 19:15:19 0 d-------- C:\Program Files\VS Revo Group

    2008-03-11 18:44:08 0 d-------- C:\Program Files\YouTube Downloader

    2008-03-11 18:40:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\NCH Swift Sound

    2008-03-11 18:40:40 0 d-------- C:\Program Files\Telemeter 3.0

    2008-03-11 18:40:24 0 d-------- C:\Program Files\NCH Swift Sound

    2008-03-11 18:39:07 0 d-------- C:\Program Files\NCH Software

    2008-03-11 18:38:23 0 d-------- C:\Program Files\Octoshape Streaming Services

    2008-03-07 22:53:10 0 d-------- C:\Program Files\MessengerDiscovery 2

    2008-03-03 19:39:26 0 d-------- C:\Program Files\CCleaner

    2008-03-03 11:05:00 0 d-------- C:\Program Files\MSN Messenger

    2008-03-02 09:54:49 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Auslogics

    2008-02-26 21:09:58 0 d-------- C:\Program Files\Windows Live

    2008-02-26 21:08:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

    2008-02-26 19:16:02 0 d-------- C:\Program Files\Windows Live Safety Center

    2008-02-26 17:59:35 0 d-------- C:\Program Files\Common Files

    2008-02-25 22:14:36 335 --a------ C:\WINDOWS\nsreg.dat

    2008-02-25 22:14:36 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Mozilla

    2008-02-25 22:13:07 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Easy Computing

    2008-02-25 20:59:57 0 d-------- C:\Program Files\Easy Computing

    2008-02-22 20:02:58 0 d-------- C:\Program Files\AviSynth 2.5

    2008-02-21 20:25:38 0 d-------- C:\Program Files\Common Files\Adobe

    2008-02-20 19:56:51 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Adobe

    2008-02-13 15:13:18 3309 --a------ C:\WINDOWS\system32\chordcomposer_en.dat

    2008-02-10 17:12:42 262144 --a------ C:\WINDOWS\system32\default_user_class.dat

    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [17/04/2008 16:58]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "DisableRegistryTools"=0 (0x0)

    "HideLegacyLogonScripts"=0 (0x0)

    "HideLogoffScripts"=0 (0x0)

    "RunLogonScriptSync"=1 (0x1)

    "RunStartupScriptSync"=1 (0x1)

    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableRegedit"=0 (0x0)

    "HideLegacyLogonScripts"=0 (0x0)

    "HideLogoffScripts"=0 (0x0)

    "RunLogonScriptSync"=1 (0x1)

    "RunStartupScriptSync"=1 (0x1)

    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoBandCustomize"=0 (0x0)

    "NoMovingBands"=0 (0x0)

    "NoCloseDragDropBands"=0 (0x0)

    "NoSetTaskbar"=0 (0x0)

    "NoToolbarsOnTaskbar"=0 (0x0)

    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microtek Scanner Finder.lnk]

    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk

    backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]

    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk

    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]

    "C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" /Q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

    "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableMouse]

    Rundll32.exe Mouse,Disable

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableMouse]

    Rundll32.exe Mouse,Enable

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HideWin]

    C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 3 voor hidewin.zip\hidewin.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

    C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

    "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

    "C:\Program Files\Arcade\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\WINDOWS\system32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0]

    "C:\Program Files\Telemeter 3.0\telemeter3.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "AVGEMS"=2 (0x2)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    -- End of Deckard's System Scanner: finished at 2008-04-20 17:50:01 ------------

    [OPGELOST] explorer.exe aangetast en taakbeheer uitegeschakeld.

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Gisteren had ik een of ander bestand gedownload en dat bleek een virus te zijn.

    Ik kon taakbeheer niet meer openen (wat ik inmiddels al heb kunnen oplossen met een register edit).

    En explorer.exe viel altijd uit en aan, de pc was onhandelbaar maar dat heb ik inmiddels ook kunnen verhelpen door een kopie te nemen van explorer.exe en dat te hernoemen naar explorerer.exe en ipv van explorer.exe te laten opstarten heb ik explorerer.exe laten opstarten (ook dmv een register edit)

    maar nu zit ik nog altijd met die spyware/malware/virus op mijn pc.

    Ik heb ook al combofix en hijackthis en vundofix laten lopen maar vundofix heeft niks gevonden.

    ComboFix 08-04-18.3 - Tibbout 2008-04-20 9:06:44.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.104 [GMT 2:00]

    Gestart vanuit: C:\Documents and Settings\Tibbout\Bureaublad\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Tibbout\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

    * Nieuw herstelpunt werd aangemaakt

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\AyJQAcfe.ini

    C:\WINDOWS\system32\AyJQAcfe.ini2

    C:\WINDOWS\system32\efcAQJyA.dll

    C:\WINDOWS\system32\iifdaYOg.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NWSAPAGENT

    -------\Service_NwSapAgent

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))

    .

    2008-04-20 08:53 . 2008-04-20 08:53 <DIR> d-------- C:\VundoFix Backups

    2008-04-19 20:38 . 2008-04-19 20:38 <DIR> dr-h----- C:\Documents and Settings\Tibbout\Onlangs geopend

    2008-04-19 20:26 . 2007-06-13 15:24 1,036,800 --a------ C:\WINDOWS\explorerer.exe

    2008-04-19 20:24 . 2008-04-19 20:24 <DIR> dr-h----- C:\Documents and Settings\Cedric\Onlangs geopend

    2008-04-19 19:54 . 2008-04-19 20:47 <DIR> dr-h----- C:\$VAULT$.AVG

    2008-04-19 19:33 . 2008-04-19 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EarMaster

    2008-04-18 18:37 . 2008-04-18 18:37 <DIR> d-------- C:\Documents and Settings\Cedric\Incomplete

    2008-04-18 18:37 . 2008-04-18 18:42 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\FrostWire

    2008-04-18 18:36 . 2008-04-18 18:36 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\Ipswitch

    2008-04-13 14:37 . 2008-04-13 14:37 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Ipswitch

    2008-04-10 17:33 . 2008-04-10 17:33 <DIR> d-------- C:\Restoration

    2008-04-09 13:03 . 2008-04-09 13:07 <DIR> d-------- C:\Program Files\Uniblue

    2008-04-09 13:03 . 2008-04-09 13:07 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Uniblue

    2008-04-06 12:35 . 2008-04-06 12:52 <DIR> d-------- C:\Program Files\Poke

    2008-04-01 19:08 . 2008-04-01 19:10 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\CoreFTP

    2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- C:\Program Files\CoreFTP

    2008-04-01 17:27 . 2008-04-01 17:27 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Ipswitch

    2008-04-01 17:26 . 2008-04-01 17:26 <DIR> d-------- C:\Program Files\Ipswitch

    2008-04-01 17:26 . 2008-04-01 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch

    2008-04-01 17:26 . 2005-02-28 12:37 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx

    2008-04-01 17:26 . 2005-02-28 12:37 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

    2008-04-01 17:25 . 2008-04-01 17:25 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\InstallShield

    2008-04-01 11:11 . 2008-04-01 11:11 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Malwarebytes

    2008-04-01 11:11 . 2008-04-01 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2008-04-01 11:06 . 2008-04-01 11:06 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\uk.co.planetside

    2008-04-01 10:26 . 2008-04-01 10:26 <DIR> d-------- C:\Program Files\Terragen

    2008-04-01 10:15 . 2008-04-01 10:30 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Dexpot

    2008-04-01 10:00 . 2002-04-19 00:50 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE

    2008-03-29 12:39 . 2008-03-29 12:39 <DIR> d-------- C:\Program Files\Rockstar Games

    2008-03-22 23:21 . 2008-03-22 23:22 <DIR> d-------- C:\Program Files\InterActual

    2008-03-22 22:08 . 2008-03-22 21:42 165,939 --a------ C:\screenshot2.jpg

    2008-03-22 22:06 . 2008-03-22 21:23 187,902 --a------ C:\screenshot.jpg

    2008-03-22 21:11 . 2008-04-09 14:22 <DIR> d-------- C:\Program Files\BPK

    2008-03-22 10:07 . 2008-03-22 10:07 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\AdobeUM

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-20 06:39 --------- d-----w C:\Program Files\LogMeIn

    2008-04-19 18:32 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\AVG7

    2008-04-14 17:04 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\FrostWire

    2008-04-11 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-04-09 16:16 --------- d-----w C:\Program Files\FrostWire

    2008-04-09 11:46 --------- d-----w C:\Program Files\AvRack

    2008-04-04 12:58 --------- d-----w C:\Program Files\Opera

    2008-04-01 12:27 --------- d-----w C:\Program Files\Java

    2008-03-15 13:29 --------- d-----w C:\Program Files\DAEMON Tools Lite

    2008-03-15 13:17 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

    2008-03-15 13:15 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\DAEMON Tools

    2008-03-15 12:21 --------- d-----w C:\Program Files\2 Pic

    2008-03-15 12:17 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\VSRevoGroup

    2008-03-14 20:45 --------- d-----w C:\Program Files\directx

    2008-03-11 17:53 --------- d-----w C:\Program Files\Auslogics

    2008-03-11 17:28 --------- d-----w C:\Program Files\IObit

    2008-03-11 17:15 --------- d-----w C:\Program Files\VS Revo Group

    2008-03-11 16:44 --------- d-----w C:\Program Files\YouTube Downloader

    2008-03-11 16:40 --------- d-----w C:\Program Files\Telemeter 3.0

    2008-03-11 16:40 --------- d-----w C:\Program Files\NCH Swift Sound

    2008-03-11 16:40 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\NCH Swift Sound

    2008-03-11 16:39 --------- d-----w C:\Program Files\NCH Software

    2008-03-11 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

    2008-03-11 16:38 --------- d-----w C:\Program Files\Octoshape Streaming Services

    2008-03-07 20:53 --------- d-----w C:\Program Files\MessengerDiscovery 2

    2008-03-03 17:39 --------- d-----w C:\Program Files\CCleaner

    2008-03-03 09:05 --------- d-----w C:\Program Files\MSN Messenger

    2008-03-02 17:23 --------- d-----w C:\Documents and Settings\Gast\Application Data\AVG7

    2008-03-02 16:47 --------- d-----w C:\Documents and Settings\Cedric\Application Data\AVG7

    2008-03-02 07:54 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\Auslogics

    2008-02-26 19:09 --------- d-----w C:\Program Files\Windows Live

    2008-02-26 19:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

    2008-02-26 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

    2008-02-26 17:16 --------- d-----w C:\Program Files\Windows Live Safety Center

    2008-02-25 20:13 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\Easy Computing

    2008-02-25 18:59 --------- d-----w C:\Program Files\Easy Computing

    2008-02-22 18:02 --------- d-----w C:\Program Files\AviSynth 2.5

    2008-02-21 18:25 --------- d-----w C:\Program Files\Common Files\Adobe

    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 16:58 579584]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-05 11:17 219136]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableRegedit"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoResolveSearch"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoBandCustomize"= 0 (0x0)

    "NoMovingBands"= 0 (0x0)

    "NoCloseDragDropBands"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microtek Scanner Finder.lnk]

    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk

    backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]

    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk

    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    --a------ 2004-10-07 20:50 88363 C:\WINDOWS\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]

    --a------ 2008-01-19 16:39 1927168 C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

    --a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableMouse]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableMouse]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HideWin]

    C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 3 voor hidewin.zip\hidewin.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

    --a------ 2004-08-04 06:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

    --a------ 2005-03-28 13:30 315392 C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

    --a------ 2007-04-17 15:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

    --a------ 2005-03-09 19:59 49152 C:\Program Files\Arcade\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

    --a------ 2004-08-04 06:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

    --a------ 2004-08-04 06:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2008-01-04 20:40 98304 C:\WINDOWS\system32\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

    --a------ 2005-02-23 12:13 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0]

    C:\Program Files\Telemeter 3.0\telemeter3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "AVGEMS"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00]

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]

    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 16:57]

    R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00]

    R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 02:43]

    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 15:46]

    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 22:18]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    .

    Inhoud van de 'Gedeelde Taken' map

    "2008-04-04 17:20:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"

    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe

    "2008-04-09 11:03:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

    "2008-04-09 11:03:50 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-20 09:14:51

    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond

    verborgen bestanden: 364

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Acer\eManager\anbmServ.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\LogMeIn\x86\ramaint.exe

    C:\Program Files\LogMeIn\x86\LogMeIn.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\UPHClean\uphclean.exe

    C:\PROGRA~1\Grisoft\AVG7\avginet.exe

    .

    **************************************************************************

    .

    Voltooingstijd: 2008-04-20 9:25:27 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-04-20 07:25:08

    Pre-Run: 14,572,998,656 bytes beschikbaar

    Post-Run: 14,498,574,336 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AllwaysOff

    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    216 --- E O F --- 2008-04-12 16:51:31

    Logfile of HijackThis v1.99.1

    Scan saved at 9:34:00, on 20/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Acer\eManager\anbmServ.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\LogMeIn\x86\RaMaint.exe

    C:\Program Files\LogMeIn\x86\LogMeIn.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Opera\Opera.exe

    C:\Documents and Settings\Tibbout\Mijn documenten\software\anti-virus\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live Help

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    Harde schijven formateren

    in Archief Windows Algemeen

    Geplaatst:

    Tho dat hangt er denk ik van af, als het een recovery cd is dan moet je het zeker niet proberen want dat zal toch niet baten en als het een windows cd is werkt het misschien maar waarschijnlijk kan je het maar op 1 pc tegelijk registreren.

    partities zijn delen van je harde schijf zoals je C: en D: hebt.

    Dat installatie scherm is het scherm dat je krijgt als je windows wilt installeren vanaf je cd (uiteraard als windows niet is opgestart).

    Harde schijven formateren

    in Archief Windows Algemeen

    Geplaatst:

    Normaal gezien (dit was toch bij mij het geval) zal hij je volledige C schijf wissen als je daar windows op installeert en dan pas windows installeren, een bootmenu (een zwart scherm waar je je besturingssysteem op kan kiezen) krijg je alleen als er meerdere besturingssystemen geinstalleerd hebt en aangezien er maar 1 besturingssyteem per partitie kan zijn zal je dit niet voorhebben.

    Harde schijven formateren

    in Archief Windows Algemeen

    Geplaatst:

    de D schijf kan je gewoon in windows formateren aangezien deze geen belangrijke systeem bestanden bevat

    deze computer > rechtermuisknop > formatteren

    en de C schijf wordt automatisch volledig geformatteerd als je er windows XP opnieuw op installeert

    (PS: al je bestanden worden bij beide gewist)

    [OPGELOST] flv naar .3gp

    in Archief Andere software

    Geplaatst:

    das wel brak..

    en die super is idd best wel gaar, maar daar moet je even kijken en dan zie je het snel hoe het werkt!

    tip... druk met rechts ergens in het scherm van super © :)

    dan krijg je meer menus ;)

    gebruik soms ook super maar ik heb het gevoel dat er een kwaliteits verlies zit op super toch zeker bij het geluid

    klopt dit?

    [OPGELOST] [ACER LAPTOP] Windows recovery CD-rom?

    in Archief Bestrijding malware & virussen

    Geplaatst:

    In tegenstelling tot Tibzie zou ik je durven aanbevelen om die CCleaner op je PC te houden. Dit is immers een schitterend programma om op geregelde tijdstippen (om de 14 dagen, maandelijks, ... afhankelijk van je PC-gebruik), eens te laten runnen en de boel te laten opkuisen. Tenzij je natuurlijk al een andere (goede) cleaner aan boord hebt.

    Die HJT mag je zeker verwijderen, die heb je enkel nodig voor probleemoplossing.

    Even ter verduidelijking: ccleaner zou ik ook op je computer laten staan (heb ik zelf ook trouwens) maar ik legde gewoon uit hoe je het kon verwijderen.

    [OPGELOST] [ACER LAPTOP] Windows recovery CD-rom?

    in Archief Bestrijding malware & virussen

    Geplaatst:

    1. De back-up dient voor het herstellen van de gewijzigde bestanden indien er problemen worden veroorzaakt nadat je ccleaner hebt laten draaien. Dus als je geen problemen ondervindt kan je die back-up gerust verwijderen.

    2. Heeft is mee CHKDSK te maken, iets met het niet kunnen herstellen van beschadigde bestanden ofzo, maar daar weet ik het fijne niet van.

    3. HJT mag je zonder problemen verwijderen door gewoon het bestand waarmee je HJT start te verwijderen, dit programma kan wel nog handig zijn voor latere problemen.

    CCleaner kan je ook gerust verwijderen via het configuratiescherm en dan software en in die lijst ccleaner verwijderen.

    [OPGELOST] Garagetv.be

    in Archief Multimedia

    Geplaatst:

    Een filmpje van 236 is redelijk (om niet te zeggen zeer) groot.

    En waarschijnlijk om het downloaden te versnellen, zijn de kleuren veranderd.

    Je kan proberen om je filmpje te converteren naar een . wmv bestand (windows movie video) aangezien dit een klein formaat is voor filmpjes en voor op garage tv moet de kwaliteit niet super zijn aangezien het meestal in een klein scherm wordt bekeken.

    Laden tijdens Bootscreen gaat traag

    in Archief Windows Algemeen

    Geplaatst:

    Malwarebytes' Anti-Malware 1.09

    Database versie: 576

    Scan type: Snelle Scan

    Objecten gescand: 36896

    Verstreken tijd: 16 minute(s), 42 second(s)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 1

    Registerwaarden geïnfecteerd: 0

    Registerdata bestanden geïnfecteerd: 0

    Mappen geïnfecteerd: 1

    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:

    HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:

    C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    (ziet er precies redelijk proper uit, het programma heeft niet gevraagd om opnieuw op te starten)

    Logfile of HijackThis v1.99.1

    Scan saved at 11:32:01, on 1/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Acer\eManager\anbmServ.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\LogMeIn\x86\RaMaint.exe

    C:\Program Files\LogMeIn\x86\LogMeIn.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\Program Files\Dexpot\dexpot.exe

    C:\Program Files\Opera\Opera.exe

    C:\Documents and Settings\Tibbout\Mijn documenten\software\anti-virus\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live Help

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [LaunchApp] Alaunch

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    indien men hier alles aanvinkt en verwijdert, kunnen er dan ernstige gevolgen gebeuren?

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.