Ga naar inhoud

[OPGELOST] Vervelende pop -ups! Aargghhh!

CynthiaS
 Delen

Aanbevolen berichten

CynthiaS Leerling

CynthiaS

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:50:53, on 17-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\AntispamService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SurfRight\Caretaker\Notifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WerCon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [recinfo] RecInfo.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmKbaa.dll,#1

O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\fccdccBS.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\xxywXOeB.dll,#1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\WOU_CY~1\AppData\Local\Temp\oumtfdio.dll",run

O4 - HKCU\..\Run: [500ba864] rundll32.exe "C:\Users\WOU_CY~1\AppData\Local\Temp\dgcdmfli.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe

O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--

End of file - 11212 bytes

Link naar reactie
Delen op andere sites
  • Reacties 30
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Xeno Enthousiasteling

Xeno

Geplaatst:
Geplaatst:

Hoi CynthiaS,

Hier zijn we dan terug, een beetje op straat gelopen vandaag.

En neen je hebt niets fout gedaan, in veilige modus zou het wel lukken, maar we gaan het eens anders doen.

Spyware Doctor, is dat een trial versie of een aangekochte, indien trial mag je die verwijderen via software.

1. Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd (eerst even dit bestand rechtsklikken en kiezen voor Run as administrator

Dit zal alles van RVAXO verwijderen.

2. Ga naar start --> uitvoeren en typ daar: combofix /u en druk OK.

Dit verwijdert zowel ComboFix als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

3. Start HijackThis en kies voor Do a system scan only en plaats alléén een vinkje voor de volgende regels:

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmKbaa.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\fccdccBS.dll, c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\xxywXOeB.dll, #1

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\WOU_CY~1\AppData\Local\Temp\oumtfdio.dll ",run

O4 - HKCU\..\Run: [500ba864] rundll32.exe "C:\Users\WOU_CY~1\AppData\Local\Temp\dgcdmfli.dll ",b

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.

4. Download Deckard's System Scanner naar je Bureaublad.

  • Sluit alle toepassingen en vensters.
  • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
  • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
  • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet.

Zorg dat sigcheck.exe toestemming krijgt om dit te doen !

Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.

Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Post de log van DSS.

Succes,

Xeno :)

Link naar reactie
Delen op andere sites
CynthiaS Leerling

CynthiaS

Geplaatst:
  • Auteur
Geplaatst:

Deckard's System Scanner v20071014.68

Run by Wou_Cyn_Na_Tho_Sil on 2008-04-20 09:17:02

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

13: 2008-04-20 06:34:52 UTC - RP55 - Spyware Doctor: Cleaning Threats

12: 2008-04-19 14:03:50 UTC - RP53 - Spyware Doctor: Cleaning Threats

11: 2008-04-19 09:06:08 UTC - RP51 - Spyware Doctor: Cleaning Threats

10: 2008-04-19 08:14:08 UTC - RP49 - Spyware Doctor: Cleaning Threats

9: 2008-04-18 19:39:04 UTC - RP47 - Spyware Doctor: Cleaning Threats

-- First Restore Point --

1: 2008-04-15 13:15:05 UTC - RP35 - Gepland herstelpunt

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Wou_Cyn_Na_Tho_Sil.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:18:51, on 20-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\AntispamService.exe

C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SurfRight\Caretaker\Notifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop\dss.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Windows\system32\conime.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Wou_Cyn_Na_Tho_Sil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [recinfo] RecInfo.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe

O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--

End of file - 10145 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 20:41:09 512 --a------ C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Wou_Cyn_Na_Tho_Sil.job

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-18 19:53:50 68096 --a------ C:\Windows\zip.exe

2008-04-18 19:53:50 49152 --a------ C:\Windows\VFind.exe

2008-04-18 19:53:50 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-04-18 19:53:50 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-04-18 19:53:50 98816 --a------ C:\Windows\sed.exe

2008-04-18 19:53:50 80412 --a------ C:\Windows\grep.exe

2008-04-18 19:53:50 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-04-18 19:21:14 0 d-------- C:\Users\All Users\Malwarebytes

2008-04-18 19:21:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-17 23:50:39 0 d-------- C:\Program Files\Trend Micro

2008-04-16 20:38:41 0 d-------- C:\Program Files\Spyware Doctor

2008-04-16 20:37:37 0 d-------- C:\Program Files\Picasa2

2008-04-16 20:37:03 0 d-------- C:\Users\All Users\Google Updater

2008-04-16 20:26:38 0 d-------- C:\Users\All Users\Google

2008-04-16 20:26:06 0 d-------- C:\Program Files\Google

2008-04-16 19:12:01 0 d-a------ C:\Users\All Users\TEMP

2008-04-16 19:07:00 0 d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-16 18:59:17 0 d-------- C:\Users\All Users\Prevx

2008-04-16 18:59:07 0 d-------- C:\Temp

2008-04-16 18:55:03 0 d-------- C:\Users\All Users\SurfRight

2008-04-16 18:55:02 0 d-------- C:\Program Files\SurfRight

2008-04-16 18:47:55 0 d-------- C:\Program Files\Hitman Pro

2008-04-15 09:14:39 0 d-------- C:\Users\All Users\IM

2008-04-15 09:14:38 0 d-------- C:\Users\All Users\IncrediMail

2008-04-15 09:14:38 0 d-------- C:\Program Files\IncrediMail

2008-04-14 12:46:00 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\Shared

2008-04-14 12:45:56 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\Incomplete

2008-04-14 12:45:30 0 d-------- C:\Program Files\FrostWire

2008-04-13 20:23:45 0 d-------- C:\Program Files\ImgBurn

2008-04-13 09:00:29 0 d-------- C:\Users\All Users\Nero

2008-04-13 09:00:29 0 d-------- C:\Program Files\Common Files\Nero

2008-04-09 17:35:10 0 d-------- C:\Program Files\iPod

2008-04-09 17:35:08 0 d-------- C:\Program Files\iTunes

2008-04-09 17:32:44 0 d-------- C:\Program Files\Bonjour

2008-04-09 17:32:06 0 d-------- C:\Program Files\QuickTime

2008-04-09 17:32:04 0 d-------- C:\Users\All Users\Apple Computer

2008-04-09 17:31:36 0 d-------- C:\Program Files\Apple Software Update

2008-04-09 17:30:47 0 d-------- C:\Program Files\Common Files\Apple

2008-04-09 17:30:45 0 d-------- C:\Users\All Users\Apple

2008-04-09 15:10:06 0 d-------- C:\Program Files\Java

2008-04-09 15:08:53 0 d-------- C:\Program Files\Common Files\Java

2008-04-09 15:08:29 0 d-------- C:\Program Files\LimeWire

2008-04-06 09:42:35 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-06 09:42:13 0 d-------- C:\Program Files\Common Files\InstallShield

2008-04-06 09:36:40 0 d-------- C:\Users\All Users\Adobe Systems

2008-04-06 09:33:36 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-04-06 09:13:33 0 d-------- C:\Program Files\EPSON

2008-04-06 09:00:43 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat

2008-04-06 09:00:43 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat

2008-04-06 09:00:43 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat

2008-04-06 09:00:43 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat

2008-04-06 09:00:43 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat

2008-04-06 09:00:43 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat

2008-04-06 09:00:43 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat

2008-04-06 09:00:43 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat

2008-04-06 09:00:43 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat

2008-04-06 09:00:43 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat

2008-04-06 09:00:43 4943 --a------ C:\Windows\system32\EPPICPattern6.dat

2008-04-06 09:00:43 21390 --a------ C:\Windows\system32\EPPICPattern5.dat

2008-04-06 09:00:43 11811 --a------ C:\Windows\system32\EPPICPattern4.dat

2008-04-06 09:00:43 24903 --a------ C:\Windows\system32\EPPICPattern3.dat

2008-04-06 09:00:43 20148 --a------ C:\Windows\system32\EPPICPattern2.dat

2008-04-06 09:00:43 31053 --a------ C:\Windows\system32\EPPICPattern131.dat

2008-04-06 09:00:43 27417 --a------ C:\Windows\system32\EPPICPattern121.dat

2008-04-06 09:00:43 26154 --a------ C:\Windows\system32\EPPICPattern1.dat

2008-04-05 18:07:00 0 d-------- C:\Program Files\uTorrent

2008-04-04 21:04:28 0 d-------- C:\Program Files\Norton Internet Security

2008-04-04 21:02:58 0 d-------- C:\Program Files\Symantec

2008-04-04 21:02:52 0 d-------- C:\Users\All Users\Symantec

2008-04-04 21:02:35 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-04-04 20:53:28 0 d-------- C:\Users\All Users\Avg7

2008-04-02 22:02:37 0 d-------- C:\Windows\system32\Macromed

2008-04-02 21:56:36 0 d-------- C:\Program Files\Nero

2008-04-02 21:56:36 0 d-------- C:\Program Files\Common Files\Ahead

2008-04-02 21:56:08 0 d-------- C:\Users\All Users\Adobe

2008-04-02 21:56:05 0 d-------- C:\Program Files\Common Files\Adobe

2008-04-02 21:54:27 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Searches

2008-04-02 21:54:18 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Contacts

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Sjablonen

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\SendTo

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Recent

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Netwerkprinteromgeving

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\NetHood

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Menu Start

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Local Settings

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Cookies

2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Application Data

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Videos

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Saved Games

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Pictures

2008-04-02 21:54:12 2883584 --ahs---- C:\Users\Wou_Cyn_Na_Tho_Sil\NTUSER.DAT

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Music

2008-04-02 21:54:12 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Mijn documenten

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Links

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Favorites

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Downloads

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Documents

2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop

2008-04-02 21:54:12 0 d--h----- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData

2008-04-02 21:45:19 0 d-------- C:\Windows\SoftwareDistribution

-- Find3M Report ---------------------------------------------------------------

2008-04-20 09:16:21 689380 --a------ C:\Windows\system32\perfh013.dat

2008-04-20 09:16:21 122590 --a------ C:\Windows\system32\perfc013.dat

2008-04-19 20:54:12 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\uTorrent

2008-04-18 19:21:25 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Malwarebytes

2008-04-17 15:04:13 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Google

2008-04-16 20:38:41 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\PC Tools

2008-04-16 20:35:10 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Lavasoft

2008-04-15 21:21:50 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\WinRAR

2008-04-14 13:11:34 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\FrostWire

2008-04-13 20:43:53 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\ImgBurn

2008-04-13 09:03:33 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Nero

2008-04-13 09:00:29 0 d-------- C:\Program Files\Common Files

2008-04-10 21:25:41 0 d-------- C:\Program Files\Windows Mail

2008-04-09 17:35:25 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Apple Computer

2008-04-09 15:23:18 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\LimeWire

2008-04-06 11:48:00 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Adobe

2008-04-06 09:00:37 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\InstallShield

2008-04-02 22:02:37 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Macromedia

2008-04-02 21:54:19 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Identities

2008-02-26 23:25:57 0 d-------- C:\Program Files\Common Files\Fujitsu Siemens Computers

2008-02-26 23:17:21 0 d-------- C:\Program Files\MSXML 4.0

2008-02-26 23:12:47 0 d-------- C:\Program Files\Windows Sidebar

2008-02-26 22:55:53 174 --ahs---- C:\Program Files\desktop.ini

2008-02-25 23:05:05 0 -rahs---- C:\MSDOS.SYS

2008-02-25 23:05:05 0 -rahs---- C:\IO.SYS

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2007 10:17]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [01-06-2007 17:46]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01-06-2007 17:46]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01-06-2007 17:46]

"RtHDVCpl"="RtHDVCpl.exe" [17-12-2007 12:02 C:\Windows\RtHDVCpl.exe]

"recinfo756"="c:\RecInfo\RecInfo.exe" [23-10-2007 14:52]

"recinfo"="RecInfo.exe" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25-10-2006 01:08]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [27-10-2006 02:18]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14-12-2007 03:42]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 14:57]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03-12-2007 14:21]

"CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [18-03-2008 12:58]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [26-02-2008 23:04]

"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 14:36]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [16-04-2008 20:37]

C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 19:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [16-4-2008 20:37:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-04-20 09:19:39 ------------

Link naar reactie
Delen op andere sites
CynthiaS Leerling

CynthiaS

Geplaatst:
  • Auteur
Geplaatst:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)

Architecture: X86; Language: Dutch

CPU 0: Intel® Core2 Duo CPU E4500 @ 2.20GHz

Percentage of Memory in Use: 32%

Physical Memory (total/avail): 2046.69 MiB / 1374.57 MiB

Pagefile Memory (total/avail): 4315.36 MiB / 3271.46 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1934.62 MiB

C: is Fixed (NTFS) - 216.41 GiB total, 137.8 GiB free.

D: is Fixed (NTFS) - 107.22 GiB total, 102.13 GiB free.

E: is CDROM (No Media)

F: is Fixed (NTFS) - 141.54 GiB total, 93.44 GiB free.

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3360320AS ATA Device - 335.35 GiB - 3 partitions

\PARTITION0 - Unknown - 11.72 GiB

\PARTITION1 (bootable) - Installable File System - 216.41 GiB - C:

\PARTITION2 - Installable File System - 107.22 GiB - D:

\\.\PHYSICALDRIVE1 - Generic 2.0 Reader -0 USB Device

\\.\PHYSICALDRIVE2 - Generic 2.0 Reader -1 USB Device

\\.\PHYSICALDRIVE3 - Generic 2.0 Reader -2 USB Device

\\.\PHYSICALDRIVE4 - Generic 2.0 Reader -3 USB Device

\\.\PHYSICALDRIVE5 - Generic 2.0 Reader -4 USB Device

\\.\PHYSICALDRIVE6 - Generic USB Disk USB Device - 149.05 GiB - 2 partitions

\PARTITION0 - Unknown - 7.5 GiB

\PARTITION1 (bootable) - Installable File System - 141.54 GiB - F:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)

AV: Norton Internet Security v2007 (Symantec Corporation)

AS: Spyware Doctor v5.5.0.204 (PC Tools)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC_VAN_WOU_CYN_

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Wou_Cyn_Na_Tho_Sil

LOCALAPPDATA=C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Local

LOGONSERVER=\\PC_VAN_WOU_CYN_

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f0d

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\WOU_CY~1\AppData\Local\Temp

TMP=C:\Users\WOU_CY~1\AppData\Local\Temp

USERDOMAIN=PC_van_Wou_Cyn_

USERNAME=Wou_Cyn_Na_Tho_Sil

USERPROFILE=C:\Users\Wou_Cyn_Na_Tho_Sil

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Wou_Cyn_Na_Tho_Sil

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL

--> C:\Windows\UNNeroShowTime.exe /UNINSTALL

--> C:\Windows\UNNeroVision.exe /UNINSTALL

--> C:\Windows\UNRecode.exe /UNINSTALL

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Caretaker Antispam 1.5.9 --> MsiExec.exe /X{601F6DF0-45A3-436E-869A-5D837863C3F4}

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

EPSON-printersoftware --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

FirstSteps Diagnostics --> MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}

FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"

IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1043}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}

Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}

Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

NVIDIA Drivers --> C:\Windows\system32\nvudisp.exe UninstallGUI

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

Realtek High Definition Audio Driver --> RtlUpd.exe -r -m

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type3429 / Error

Event Submitted/Written: 04/20/2008 09:12:10 AM

Event ID/Source: 5007 / WerSvc

Event Description:

Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9.

Event Record #/Type3428 / Success

Event Submitted/Written: 04/20/2008 09:12:09 AM

Event ID/Source: 5617 / WinMgmt

Event Description:

Event Record #/Type3426 / Success

Event Submitted/Written: 04/20/2008 09:12:08 AM

Event ID/Source: 5615 / WinMgmt

Event Description:

Event Record #/Type3414 / Success

Event Submitted/Written: 04/20/2008 09:11:54 AM

Event ID/Source: 902 / Software Licensing Service

Event Description:

De Software Licensing-service is gestart.

Event Record #/Type3391 / Error

Event Submitted/Written: 04/20/2008 08:34:51 AM

Event ID/Source: 8194 / VSS

Event Description:

Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005.

Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

Bewerking:

Schrijvergegevens verzamelen

Context:

Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

Naam van schrijver: System Writer

Instantie-id van schrijver: {bb943397-480d-46d1-9c4e-c1f05d0026f5}

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type21695 / Error

Event Submitted/Written: 04/20/2008 09:05:07 AM

Event ID/Source: 10010 / DCOM

Event Description:

{44295CB8-D71B-11DA-8750-001185653D78}

Event Record #/Type21694 / Error

Event Submitted/Written: 04/20/2008 09:03:34 AM

Event ID/Source: 10010 / DCOM

Event Description:

{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}

Event Record #/Type21693 / Error

Event Submitted/Written: 04/20/2008 08:54:01 AM

Event ID/Source: 10016 / DCOM

Event Description:

standaard voor deze computerLokaalActiveren{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_van_Wou_Cyn_Wou_Cyn_Na_Tho_SilS-1-5-21-2691431002-2544732280-3931427400-1000LocalHost (via LRPC)

Event Record #/Type21692 / Error

Event Submitted/Written: 04/20/2008 08:54:01 AM

Event ID/Source: 10016 / DCOM

Event Description:

standaard voor deze computerLokaalActiveren{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_van_Wou_Cyn_Wou_Cyn_Na_Tho_SilS-1-5-21-2691431002-2544732280-3931427400-1000LocalHost (via LRPC)

Event Record #/Type21691 / Warning

Event Submitted/Written: 04/20/2008 08:53:31 AM

Event ID/Source: 243 / Win32k

Event Description:

Fout bij het toewijzen van een bureaublad-heap.

-- End of Deckard's System Scanner: finished at 2008-04-20 09:19:39 ------------

Link naar reactie
Delen op andere sites
CynthiaS Leerling

CynthiaS

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:18:51, on 20-4-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

C:\Windows\system32\svchost.exe

C:\Program Files\SurfRight\Caretaker\AntispamService.exe

C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SurfRight\Caretaker\Notifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop\dss.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Windows\system32\conime.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Wou_Cyn_Na_Tho_Sil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [recinfo] RecInfo.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe

O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--

End of file - 10145 bytes

Link naar reactie
Delen op andere sites
Xeno Enthousiasteling

Xeno

Geplaatst:
Geplaatst:

Hoi CynthiaS,

Alles clean, je mag alle gebruikte tools en bestanden verwijderen.

- Je Java software is verouderd.

- Download Java Runtime Environment (JRE) 6u6.

- Scroll omlaag naar : Java Runtime Environment (JRE) 6u6.

- Klik op de Download knop aan de rechterkant.

- In het uitklapmenu rechts naast Platform, selecteer Windows

- Vink aan: I agree to the Java SE Runtime Environment 6 License Agreement, en klik op Continue.

- De pagina zal herladen.

- Klik op de jre-6u6-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.

- Sluit alle programma's die eventueel open zijn - Zeker je web browser!

- Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.

- Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.

- Klik dan op Verwijderen of op de Wijzig/Verwijder knop.

- Herhaal dit tot alle oudere versies verdwenen zijn.

- Na het verwijderen van alle oudere versies, herstart je pc.

- Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Klik op ATF-Cleaner.exe en kies voor uitvoeren, dus niet installeren.

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad Main, plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:

Klik op tabblad Firefox, plaats een vinkje bij Select All.

Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.

(dit haalt het vinkje weer weg bij Firefox saved passwords)

Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:

Klik op tabblad Opera, plaats een vinkje bij Select All.

Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.

Klik op de knop Empty Selected.

Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.

Succes,

Xeno :)

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.