| Pagina's: 1 2 3 .. 9 |
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
![[*]](./images/default/default_icon.gif) Gepost op 16-2-2009 om 19:46 |
|
|
[Opgelost] PC sluit automatisch af en start weer op
Hoi, probleempje.
Al een tijdje krijg is steeds bijgaande foutmelding. Zie bijlage. Dit gebeurt volgens mij meestal als ik de externe harde schijf mee opstart of later.
Ik heb van alles gedaan. Virusscan, ook online, spyware en malware verwijderd. Register schoongemaakt enz. Symantec, AVG, CCleaner, Advanced
SystemCare. Geen virus. PC is schoon, maar toch de foutmelding en computer sluit op een gegeven moment automatisc af en start opnieuw op! Wat kan ik
nog meer doen. Ik wil eigenlijk de PC niet herstellen naar de fabrieksinstellingen. Wat heeft dat overigens voor consequenties? Ik gebruik Vista.
Alvast hartelijk dank.
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 16-2-2009 om 20:18 |
|
|
welkom op pchelpforum
Welke bijlage 
  
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 16-2-2009 om 21:34 |
|
|
Tja, dat is het 'm nu die krijg ik niet geupload. Het is een word-bestand waarin ik het plaatje van de foutmelding heb geplakt. Ook al pak ik het in
is het nog te groot.
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 16-2-2009 om 21:39 |
|
|
Plaats dan het plaatje even bij een online photosite.
en plaats die link hier de tekst kan je zo kopiëren 
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 16-2-2009 om 22:19 |
|
|
het duurde even; maar het is gelukt. Denk ik!!
http://picasaweb.google.com/OlfSelmaSonja/DropBox?authkey=dPogINuh898&pli...
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 16-2-2009 om 22:23 |
|
|
Kijk eens hierrrrrrrrrrrrrrrrrrrr
Heb je hier iets aan 
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 17-2-2009 om 23:14 |
|
|
Hoi,
Ik heb gedaan wat er op de link stond. Foutmelding blijft komen. Ik heb toen, omdat ik Microsoft XPS Document Writer niet kon aanpassen, deze
verwijderd. Probleem heb ik nog steeds. Heb ik wat fout gedaan. De foutmelding komt met name als ik de externe harde schijf aanzet. Alvast bedankt
maar weer
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 17-2-2009 om 23:21 |
|
|
Zitten er geen fouten op die externe HD dan
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 17-2-2009 om 23:28 |
|
|
Tja, hoe kom ik daar achter. Hij is eigenlijk net nieuw 1,5 maand of zo
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 18-2-2009 om 06:17 |
|
|
Heb je dit probleem sinds je een cardreader hebt geinstalleerd Kijk eens in taakbeheer of deze programma's ook draaien:
dit.exe
dit.dll
dit.ini
ditxp.exe
Dit probleem kan ook veroorzaakt worden door Norton antivirus. Er zit soms een probleem in de installer van Norton. De uninstaller geeft een error bij
het verwijderen van de componenten en laat windows media player "gehavend" achter. Gebruik je de 3 maanden versie die vaak meegeleverd wordt 
Zo ja dan kun je het probleem zo oplossen:
a) Deinstalleer Norton Antivirus.
b) Sluit Windows media player
c) Herinstalleer Windows Media Player
d) Neem contact op met Symantec en meld een klacht over dit probleem. Zodat ze hun produkt kunnen verbeteren.
Wat je ook kunt doen is Norton volgens a) deinstalleren.
En Freeware antivirus installeren
Doe b) en c) alsnog indien de melding blijft 
Voorkom een kater, blijf dronken 
 |
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 18-2-2009 om 19:02 |
|
|
Hoi Lucas,
1. geen van de programma's staan in taakbeheer.
2. ik heb een originele versie van Norton 2008 (loopt bijna af)
3. ik weet dat Norton deinstalleren moeilijk is omdat er altijd "restjes achterblijven"
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 18-2-2009 om 21:31 |
|
|
| Quote: | origineel gepost door Solf
Hoi Lucas,
1. geen van de programma's staan in taakbeheer.
2. ik heb een originele versie van Norton 2008 (loopt bijna af)
3. ik weet dat Norton deinstalleren moeilijk is omdat er altijd "restjes achterblijven" |
Dan is dit het overwegen waard toch 
Wat je ook kunt doen is Norton volgens a) deinstalleren.
En Freeware antivirus installeren
Doe b) en c) alsnog indien het probleem blijft
Met de hier genoemde removal tool haal je juist de resten van Norton weg 
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 18-2-2009 om 21:35 |
|
|
Hoi,
Ga ik doen, maar ik mis de removal tool. Gr. en bedankt maar weer. ES
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 18-2-2009 om 21:39 |
|
|
| Quote: | origineel gepost door Solf
Hoi,
Ga ik doen, maar ik mis de removal tool. Gr. en bedankt maar weer. ES |
De link van de removal tool staat hier toch 
| Quote: | origineel gepost door lucas
a) Deinstalleer Norton Antivirus.
|
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 18-2-2009 om 22:56 |
|
|
Hy,
operatie geslaagd maar helaas nog stees een foutmelding. Ik zag wel dat vanuit de fabrieksinstellingen er nog steeds een snelkoppeling van norton
security scan staat op het bureaublad; maar niet in het configuratiescherm. Sorry ik had ook gewild dat het opgelost was. Ben er nu al weken mee
bezig.. maar de volhouder wint... toch?!
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 19-2-2009 om 22:31 |
|
|
Plaats even een HijackThis logje
Kijk eens even in je logboeken plaats de gebeurtenissen met een rood kruisje even hier. Wel eerst de gebeurtenis openen.
Na het openen klik je op de kopieer knop (die met de witte blaadjes (zie bijlage) en plak je de melding(en) in het volgende bericht
lucas Heeft deze bijlage toegevoegd:
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 19-2-2009 om 22:55 |
|
|
Hier is het hijackthis logbestand, tja hoe krijg ik de bijlage toegevoegdl?
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 19-2-2009 om 23:12 |
|
|
het log gewoon kopiëren en hier plakken
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 20-2-2009 om 06:36 |
|
|
| Quote: | origineel gepost door Solf
Hier is het hijackthis logbestand, tja hoe krijg ik de bijlage toegevoegdl? |
Zie HijackThis Handleiding 
3.2 - De Hijack-log opslaan
Er opent een Kladblok venster, houd gelijkt tijdig de CTRL en A toets ingedrukt, nu is alles geselecteerd.
Houd gelijkt tijdig de CTRL en C toets ingedrukt, nu is alles gekopieerd.
3.3 - Het HijackThis-log plaatsen
Plak nu (CTRL-V) het HJT logje in het in het Onderwerp/Bericht dat u gaat plaatsen in ons HijackThis subforum.
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 08:13 |
|
|
Goedemorgen,
Hier onderstaand het HJT-log. Nu nog het logboek.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:53, on 19-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Netpresenter\NetPlay.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family
Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator
Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Netpresenter Player.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\system32\SpamExpertsLSP.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - (no file)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 11719 bytes
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 14:15 |
|
|
Hoi,
Schrik  in het logboek staan 5715 gebeurtenissen!? Hoe wil je dat ik
de meestvoorkomende stuur?
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 20-2-2009 om 14:39 |
|
|
Alleen de rode kruizen van de afgelopen week en geen waarschuwingen
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 14:52 |
|
|
Volgens mij zijn dit ze:
Logboeknaam: System
Bron: Service Control Manager
Datum: 20-2-2009 12:43:53
Gebeurtenis-id:7000
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
De Planner voor Automatische LiveUpdate-service kan vanwege de volgende fout niet worden gestart:
Het systeem kan het opgegeven pad niet vinden.
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-20T11:43:53.000Z" />
<EventRecordID>214072</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Planner voor Automatische LiveUpdate</Data>
<Data Name="param2">%%3</Data>
</EventData>
</Event>
Logboeknaam: System
Bron: Microsoft-Windows-HttpEvent
Datum: 20-2-2009 12:42:13
Gebeurtenis-id:15016
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
Kan het beveiligingspakket Kerberos voor verificatie vanaf de server niet initialiseren. Het foutnummer is opgenomen in het gegevensveld.
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HttpEvent" Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
<EventID Qualifiers="49152">15016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-20T11:42:13.950Z" />
<EventRecordID>214017</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="68" />
<Channel>System</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
<Data Name="SecurityPackage">Kerberos</Data>
<Binary>000004000200300000000000A83A00C00000000000000000000000000000000000000000000000000E030980</Binary>
</EventData>
</Event>
Logboeknaam: System
Bron: volmgr
Datum: 20-2-2009 12:42:06
Gebeurtenis-id:46
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
Crashdumpinitialisatie is mislukt!
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volmgr" />
<EventID Qualifiers="49156">46</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-20T11:42:06.228Z" />
<EventRecordID>214013</EventRecordID>
<Channel>System</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data>\Device\HarddiskVolume1</Data>
<Binary>0000000001000000000000002E0004C001100000010000C000000000000000000000000000000000</Binary>
</EventData>
</Event>
Logboeknaam: Application
Bron: MsiInstaller
Datum: 20-2-2009 6:50:28
Gebeurtenis-id:1024
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: SYSTEEM
Computer: PC_van_selma
Beschrijving:
Product: Microsoft Office Professional Editie 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB959614): OUTLFLTR' kan niet worden
geïnstalleerd. Foutcode: 1603. Windows Installer kan logboekbestanden maken om te helpen bij het oplossen van problemen tijdens het installeren van
softwarepakketten. Raadpleeg de volgende koppeling voor aanwijzingen over het inschakelen van ondersteuning via logboekregistratie: http://go.microsoft.com/fwlink/?LinkId=23127
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1024</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-20T05:50:28.000Z" />
<EventRecordID>87423</EventRecordID>
<Channel>Application</Channel>
<Computer>PC_van_selma</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>Microsoft Office Professional Editie 2003</Data>
<Data>Update for Outlook 2003: Junk E-mail Filter (KB959614): OUTLFLTR</Data>
<Data>1603</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B39313131303431332D363030302D313144332D384346452D3031353030343833383343397D207B45423631394146452D433743322D343845362D383042442D42373132
30414234413734417D2031363033</Binary>
</EventData>
</Event>
Logboeknaam: System
Bron: Microsoft-Windows-DistributedCOM
Datum: 19-2-2009 21:59:10
Gebeurtenis-id:10010
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
De server {C2BFE331-6739-4270-86C9-493D9A04CD38} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd.
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-19T20:59:10.000Z" />
<EventRecordID>213678</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{C2BFE331-6739-4270-86C9-493D9A04CD38}</Data>
</EventData>
</Event>
Logboeknaam: Application
Bron: Microsoft-Windows-Search
Datum: 19-2-2009 19:41:45
Gebeurtenis-id:3013
Taakcategorie: Gegevensverzamelaar
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
De vermelding <MAPI://{S-1-5-21-1933367248-3533517485-1370306796-1000}/PERSOONLIJKE MAPPEN($B599D669)/X/POSTVAK
IN/가가가가갔갲겐객공곭걞걇겂곘갊공걏갚�
4227;검간겑갪가> in de hash-toewijzing kan niet worden bijgewerkt.
Context: toepassing , catalogus SystemIndex
Details:
Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f)
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
<EventID Qualifiers="49152">3013</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>3</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-19T18:41:45.000Z" />
<EventRecordID>87363</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data Name="ExtraInfo">
Context: toepassing , catalogus SystemIndex
Details:
Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f)
</Data>
<Data Name="Entry">MAPI://{S-1-5-21-1933367248-3533517485-1370306796-1000}/PERSOONLIJKE MAPPEN($B599D669)/X/POSTVAK
IN/가가가가갔갲겐객공곭걞걇겂곘갊공걏갚�
4227;검간겑갪가</Data>
</EventData>
</Event>
Logboeknaam: System
Bron: volsnap
Datum: 19-2-2009 7:02:27
Gebeurtenis-id:20
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
De schaduwkopieën van volume C: zijn afgebroken omdat het berekenen van de beschikbare ruimte is mislukt.
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volsnap" />
<EventID Qualifiers="49158">20</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-19T06:02:27.393Z" />
<EventRecordID>213303</EventRecordID>
<Channel>System</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<EventData>
<Data>\Device\HarddiskVolumeShadowCopy6</Data>
<Data>C:</Data>
<Binary>000000000200300000000000140006C001000000340000C000000000000000000000000000000000</Binary>
</EventData>
</Event>
Logboeknaam: Security
Bron: Microsoft-Windows-Eventlog
Datum: 18-2-2009 18:46:58
Gebeurtenis-id:1101
Taakcategorie: Gebeurtenissen verwerken
Niveau: Fout
Trefwoorden: Controle geslaagd
Gebruiker: n.v.t.
Computer: PC_van_selma
Beschrijving:
Tijdens het transport zijn controlegebeurtenissen verloren gegaan. Het realtime back-upbestand is beschadigd vanwege een ongeldige afsluiting..
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2009-02-18T17:46:58.937Z" />
<EventRecordID>101820</EventRecordID>
<Correlation />
<Execution ProcessID="1240" ThreadID="1492" />
<Channel>Security</Channel>
<Computer>PC_van_selma</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events"
xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>34</Reason>
</AuditEventsDropped>
</UserData>
</Event>
|
|
|
lucas
Super Moderator
Posts: 7871
Registreerde: 21-4-2006
Lid is offline
Stemming: niet te harden
|
| Gepost op 20-2-2009 om 14:55 |
|
|
Start HijackThis en kies voor "do a system scan only" vink alleen de volgende gegevens aan:
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - (no file)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
Klik op fixed checked en sluit HijackThis.
Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.Zodra het programma gestart is, ga dan naar het
tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in
het programma. Post dit logje in je volgende reactie.
Download Combofix naar je
Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix
wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere
realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix
gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door op Ja (continue) te klikken.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Voorkom een kater, blijf dronken
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 15:30 |
|
|
Begint goed, een foutmelding
Please help us improve HijackThis by reporting this error
Click 'Yes' to submit
Error Details:
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab)
Error #75 - Path/File access error
Windows version: Windows NT 6.00.1905
MSIE version: 7.0.6001.18000
HijackThis version: 2.0.2
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 20-2-2009 om 15:44 |
|
|
Probeer het HJT gedeelte eens in veilige modus uit te voeren.
Dan weer opstarten in normale modus en de rest uitvoeren
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 18:00 |
|
|
Hier is alles.
Malwarebytes' Anti-Malware 1.34
Database versie: 1780
Windows 6.0.6001 Service Pack 1
20-2-2009 15:27:50
mbam-log-2009-02-20 (15-27-50).txt
Scan type: Snelle Scan
Objecten gescand: 66247
Verstreken tijd: 4 minute(s), 38 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) ->
Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) ->
Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
ComboFix 09-02-19.01 - selma 2009-02-20 16:34:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1014.233 [GMT 1:00]
Gestart vanuit: c:\users\selma\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\users\selma\AppData\Roaming\addons.dat
c:\users\selma\AppData\Roaming\inst.exe
c:\windows\system32\x64
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
.
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\users\selma\AppData\Roaming\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 15:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-20 15:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 21:46 . 2009-02-19 21:46 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 21:31 . 2009-02-18 21:31 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-02-18 21:31 . 2009-02-18 21:31 <DIR> d-------- c:\programdata\NortonInstaller
2009-02-18 20:46 . 2009-02-18 20:46 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-02-17 08:30 . 2009-02-17 08:30 <DIR> d-------- c:\program files\MSECache
2009-02-15 15:35 . 2009-02-15 15:35 <DIR> d-------- c:\program files\Comodo
2009-02-15 15:35 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2009-02-15 15:35 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2009-02-15 15:35 . 2008-01-19 08:37 15,360 --a------ c:\windows\System32\wsock32.dlb
2009-02-15 12:59 . 2009-02-15 12:59 <DIR> d-------- c:\users\selma\AppData\Roaming\IObit
2009-02-15 12:59 . 2009-02-15 12:59 <DIR> d-------- c:\program files\IObit
2009-02-14 23:07 . 2009-02-14 23:07 <DIR> d-------- c:\program files\Intel
2009-02-13 18:14 . 2009-02-13 18:14 <DIR> d-------- c:\program files\Microsoft
2009-02-13 17:16 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-13 17:16 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-13 17:16 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-13 17:16 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 17:16 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-13 17:16 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-13 17:16 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-13 17:16 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-13 17:06 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-13 17:06 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-13 17:06 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-13 17:05 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-13 17:05 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-13 16:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 16:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 16:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 16:58 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 16:58 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 14:53 . 2009-02-13 14:53 <DIR> d-------- c:\users\All Users\ContentWatch
2009-02-13 14:53 . 2009-02-13 14:53 <DIR> d-------- c:\programdata\ContentWatch
2009-02-13 14:53 . 2006-09-06 10:00 40,960 --a------ c:\windows\System32\SPORDER.EXE
2009-02-13 14:53 . 2006-09-11 16:39 11,264 --a------ c:\windows\System32\SPORDER.DLL
2009-02-11 07:07 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 07:07 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-28 19:48 . 2009-01-29 06:56 <DIR> d-------- c:\users\All Users\NOS
2009-01-28 19:48 . 2009-01-29 06:56 <DIR> d-------- c:\programdata\NOS
2009-01-28 19:47 . 2009-01-29 06:56 <DIR> d-------- c:\program files\NOS
2009-01-28 17:58 . 2009-01-28 17:58 <DIR> d-------- c:\windows\System32\IOSUBSYS
2009-01-28 07:35 . 2009-01-28 07:35 <DIR> d-------- c:\program files\CCleaner
2009-01-26 23:39 . 2009-01-26 23:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-23 22:57 . 2009-01-23 22:57 <DIR> d-------- c:\users\selma\AppData\Roaming\Windows Live Writer
2009-01-23 11:04 . 2009-01-23 11:04 <DIR> d-------- c:\program files\AVG
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 20:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-13 19:51 --------- d-----w c:\users\selma\AppData\Roaming\dvdcss
2009-02-12 05:48 --------- d-----w c:\program files\Windows Mail
2009-02-09 16:34 --------- d-----w c:\program files\Google
2009-02-07 19:48 --------- d-----w c:\users\selma\AppData\Roaming\Vso
2009-01-28 18:52 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 11:29 --------- d-----w c:\programdata\FLEXnet
2009-01-27 11:29 --------- d-----w c:\program files\Zuma Deluxe
2009-01-27 11:29 --------- d-----w c:\program files\UnderCoverXP
2009-01-27 11:29 --------- d-----w c:\program files\NewsLeecher
2009-01-27 11:29 --------- d-----w c:\program files\Netpresenter
2009-01-27 11:29 --------- d-----w c:\program files\FTDv3.8
2009-01-25 20:52 --------- d-----w c:\users\selma\AppData\Roaming\Image Zone Express
2009-01-15 09:27 --------- d---a-w c:\programdata\TEMP
2009-01-15 09:18 2,560 ----a-w c:\windows\system32\drivers\mchInjDrv.sys
2009-01-13 06:05 --------- d-----w c:\users\selma\AppData\Roaming\vlc
2009-01-13 06:05 --------- d-----w c:\programdata\HP Product Assistant
2009-01-13 06:05 --------- d-----w c:\program files\Microsoft Works
2009-01-13 06:05 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-11 19:04 --------- d-----w c:\programdata\ParetoLogic
2009-01-11 19:04 --------- d-----w c:\program files\Common Files\ParetoLogic
2009-01-11 18:36 247,832 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 18:36 18,346,528 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-11 12:15 --------- d-----w c:\program files\Enigma Software Group
2009-01-09 19:12 --------- d-----w c:\users\selma\AppData\Roaming\RegTool
2009-01-09 14:37 --------- d-----w c:\program files\Norton Security Scan
2009-01-08 22:33 --------- d-----w c:\program files\GamesBar
2008-11-20 19:43 230,432 ----a-w C:\PA207.DAT
2008-10-09 14:41 47,360 ----a-w c:\users\selma\AppData\Roaming\pcouffin.sys
2008-09-28 16:53 66,872 ----a-w c:\users\selma\g2ax_customer_downloadhelper_win32_x86.exe
2008-08-25 15:39 662 ----a-w c:\users\selma\AppData\Roaming\wklnhst.dat
2008-06-18 14:13 174 --sha-w c:\program files\desktop.ini
2008-02-13 20:39 90,464 ----a-w c:\users\selma\AppData\Roaming\GDIPFONTCACHEV1.DAT
2003-12-24 10:36 555,008 ----a-w c:\users\selma\Zuma.exe
2008-01-20 00:16 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-20_16.24.55.72 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 14:49:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-20 15:28:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-20 14:49:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-20 15:28:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-20 14:51:34 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-20 15:30:17 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-20
14:50:03 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-20
15:28:50 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 14:50:03 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\index.dat
+ 2009-02-20 15:28:50 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\index.dat
- 2009-02-20 14:50:03 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 15:28:50 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 15:23:08 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-20 15:30:59 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-02-20
14:52:24 19,944 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933367248-3533517485-1370306796-1000_UserData.bi
n
+ 2009-02-20
15:31:14 19,944 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933367248-3533517485-1370306796-1000_UserData.bi
n
- 2009-02-20 14:52:24 95,826 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 15:31:13 95,826 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-20 14:52:21 73,198 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 15:31:10 73,206 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\users\selma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-18 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Netpresenter Player.lnk - c:\windows\Installer\{416FE982-1ABE-431C-881D-2E34EBAB5836}\Icon98829F5E.exe [2008-11-13 115200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
c:\program files\Winamp Remote\bin\OrbTray.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1933367248-3533517485-1370306796-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F64177EF-6234-494D-BDC0-9727B5239C1F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A0463802-CA8F-48AC-9CBF-B72F63B3530E}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{CE145C97-3034-420B-A70A-3CA648DD037E}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D61019C1-7204-446B-9884-D4F68D2A946A}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C397EDD0-9B2E-4356-BC57-7E011C7C4E1D}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{53E447DE-7311-467C-8D86-C77366C98339}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{681DF0A3-CD09-453C-8BC9-DBA19590E17B}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3396CCF8-83B6-4D40-8118-41D1A5951D59}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{66C40312-BEE6-4347-96D5-1EB6663BC56D}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{976500E4-3A5D-41B4-AC4C-827A635A9AAB}"= UDP:5353:Adobe CSI CS4
"{5A777184-B023-424D-90DF-BCD1AB570942}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{84888C96-BC55-49DB-A15A-F12D186B9AA7}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A42AC438-FFB2-4776-8134-4D027A1696DB}"= UDP:c:\users\selma\AppData\Local\Temp\7zSFC6A.tmp\SymNRT.exe:Norton Removal Tool
"{96D6475B-9DBA-4014-850F-6272E55F504B}"= TCP:c:\users\selma\AppData\Local\Temp\7zSFC6A.tmp\SymNRT.exe:Norton Removal Tool
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2007-12-23 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-08-16 2831232]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\System32\drivers\k600bus.sys [2005-03-04 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\System32\drivers\k600mdfl.sys [2008-10-26 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\System32\drivers\k600mdm.sys [2008-10-26 87456]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\System32\drivers\k600obex.sys [2008-10-26 77072]
S3 PAC207;Trust Webcam Live;c:\windows\System32\drivers\PFC027.SYS [2007-04-12 507264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6eb9a9e-b157-11dc-8734-001d6012fc88}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 15:54]
2009-02-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-15 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []
2009-02-15 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
2009-02-20 c:\windows\Tasks\RegTool Startup.job
- c:\program files\RegTool\RegTool.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 16:38:13
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
**************************************************************************
.
Voltooingstijd: 2009-02-20 16:44:08
ComboFix-quarantined-files.txt 2009-02-20 15:42:50
Pre-Run: 347,511,353,344 bytes beschikbaar
Post-Run: 347,473,383,424 bytes beschikbaar
252 --- E O F --- 2009-02-20 05:50:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:42, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Netpresenter\NetPlay.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family
Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator
Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Netpresenter Player.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9825 bytes
|
|
|
Alex
Super Administrator
Posts: 21104
Registreerde: 18-9-2003
Locatie: Leeuwarden
Lid is offline
Stemming: Liever een muisarm dan een @
|
| Gepost op 20-2-2009 om 18:15 |
|
|
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Mag ik ook vragen waar je virusscanner is
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 18:55 |
|
|
Ik had symantec maar die is er af. AVG heb ik voor ik alle handelingen ging uitvoeren eraf gegooid. Goed gedaan of niet? Nu heb ik dus even niets!!
Au, au ... niet verder vertellen
|
|
|
Solf
Lid
Posts: 121
Registreerde: 16-2-2009
Lid is offline
Stemming: Geen stemming
|
| Gepost op 20-2-2009 om 19:14 |
|
|
Als ik goed meekijk, zie ik dat de O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) in het HJT-logboek er nog steeds
in staat. Klopt dit?
ComboFix 09-02-19.01 - selma 2009-02-20 17:59:39.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1014.314 [GMT 1:00]
Gestart vanuit: c:\users\selma\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\selma\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
.
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\users\selma\AppData\Roaming\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-20 15:13 . 2009-02-20 15:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 15:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-20 15:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 21:46 . 2009-02-19 21:46 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 21:31 . 2009-02-18 21:31 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-02-18 21:31 . 2009-02-18 21:31 <DIR> d-------- c:\programdata\NortonInstaller
2009-02-18 20:46 . 2009-02-18 20:46 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-02-17 08:30 . 2009-02-17 08:30 <DIR> d-------- c:\program files\MSECache
2009-02-15 15:35 . 2009-02-15 15:35 <DIR> d-------- c:\program files\Comodo
2009-02-15 15:35 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2009-02-15 15:35 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2009-02-15 15:35 . 2008-01-19 08:37 15,360 --a------ c:\windows\System32\wsock32.dlb
2009-02-15 12:59 . 2009-02-15 12:59 <DIR> d-------- c:\users\selma\AppData\Roaming\IObit
2009-02-15 12:59 . 2009-02-15 12:59 <DIR> d-------- c:\program files\IObit
2009-02-14 23:07 . 2009-02-14 23:07 <DIR> d-------- c:\program files\Intel
2009-02-13 18:14 . 2009-02-13 18:14 <DIR> d-------- c:\program files\Microsoft
2009-02-13 17:16 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-13 17:16 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-13 17:16 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-13 17:16 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 17:16 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-13 17:16 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-13 17:16 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-13 17:16 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-13 17:06 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-13 17:06 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-13 17:06 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-13 17:05 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-13 17:05 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-13 16:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 16:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 16:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 16:58 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 16:58 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 14:53 . 2009-02-13 14:53 <DIR> d-------- c:\users\All Users\ContentWatch
2009-02-13 14:53 . 2009-02-13 14:53 <DIR> d-------- c:\programdata\ContentWatch
2009-02-13 14:53 . 2006-09-06 10:00 40,960 --a------ c:\windows\System32\SPORDER.EXE
2009-02-13 14:53 . 2006-09-11 16:39 11,264 --a------ c:\windows\System32\SPORDER.DLL
2009-02-11 07:07 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 07:07 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-28 19:48 . 2009-01-29 06:56 <DIR> d-------- c:\users\All Users\NOS
2009-01-28 19:48 . 2009-01-29 06:56 <DIR> d-------- c:\programdata\NOS
2009-01-28 19:47 . 2009-01-29 06:56 <DIR> d-------- c:\program files\NOS
2009-01-28 17:58 . 2009-01-28 17:58 <DIR> d-------- c:\windows\System32\IOSUBSYS
2009-01-28 07:35 . 2009-01-28 07:35 <DIR> d-------- c:\program files\CCleaner
2009-01-26 23:39 . 2009-01-26 23:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-23 22:57 . 2009-01-23 22:57 <DIR> d-------- c:\users\selma\AppData\Roaming\Windows Live Writer
2009-01-23 11:04 . 2009-01-23 11:04 <DIR> d-------- c:\program files\AVG
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 20:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-13 19:51 --------- d-----w c:\users\selma\AppData\Roaming\dvdcss
2009-02-12 05:48 --------- d-----w c:\program files\Windows Mail
2009-02-09 16:34 --------- d-----w c:\program files\Google
2009-02-07 19:48 --------- d-----w c:\users\selma\AppData\Roaming\Vso
2009-01-28 18:52 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 11:29 --------- d-----w c:\programdata\FLEXnet
2009-01-27 11:29 --------- d-----w c:\program files\Zuma Deluxe
2009-01-27 11:29 --------- d-----w c:\program files\UnderCoverXP
2009-01-27 11:29 --------- d-----w c:\program files\NewsLeecher
2009-01-27 11:29 --------- d-----w c:\program files\Netpresenter
2009-01-27 11:29 --------- d-----w c:\program files\FTDv3.8
2009-01-25 20:52 --------- d-----w c:\users\selma\AppData\Roaming\Image Zone Express
2009-01-15 09:27 --------- d---a-w c:\programdata\TEMP
2009-01-15 09:18 2,560 ----a-w c:\windows\system32\drivers\mchInjDrv.sys
2009-01-13 06:05 --------- d-----w c:\users\selma\AppData\Roaming\vlc
2009-01-13 06:05 --------- d-----w c:\programdata\HP Product Assistant
2009-01-13 06:05 --------- d-----w c:\program files\Microsoft Works
2009-01-13 06:05 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-11 19:04 --------- d-----w c:\programdata\ParetoLogic
2009-01-11 19:04 --------- d-----w c:\program files\Common Files\ParetoLogic
2009-01-11 18:36 247,832 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-11 18:36 18,346,528 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-11 12:15 --------- d-----w c:\program files\Enigma Software Group
2009-01-09 19:12 --------- d-----w c:\users\selma\AppData\Roaming\RegTool
2009-01-09 14:37 --------- d-----w c:\program files\Norton Security Scan
2009-01-08 22:33 --------- d-----w c:\program files\GamesBar
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-11-20 19:43 230,432 ----a-w C:\PA207.DAT
2008-10-09 14:41 47,360 ----a-w c:\users\selma\AppData\Roaming\pcouffin.sys
2008-09-28 16:53 66,872 ----a-w c:\users\selma\g2ax_customer_downloadhelper_win32_x86.exe
2008-08-25 15:39 662 ----a-w c:\users\selma\AppData\Roaming\wklnhst.dat
2008-06-18 14:13 174 --sha-w c:\program files\desktop.ini
2008-02-13 20:39 90,464 ----a-w c:\users\selma\AppData\Roaming\GDIPFONTCACHEV1.DAT
2003-12-24 10:36 555,008 ----a-w c:\users\selma\Zuma.exe
2008-01-20 00:16 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-20_16.24.55.72 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 14:49:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-20 15:47:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-20 14:49:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-20 15:47:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-20 14:51:34 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-20 15:51:34 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-20
14:50:03 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-20
15:48:05 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 14:50:03 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\index.dat
+ 2009-02-20 15:48:05 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\index.dat
- 2009-02-20 14:50:03 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 15:48:05 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 15:23:08 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-20 15:52:05 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-02-20
14:52:24 19,944 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933367248-3533517485-1370306796-1000_UserData.bi
n
+ 2009-02-20
15:52:32 19,944 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933367248-3533517485-1370306796-1000_UserData.bi
n
- 2009-02-20 14:52:24 95,826 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 15:52:31 95,826 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-20 14:52:21 73,198 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 15:52:28 73,214 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\users\selma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-18 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Netpresenter Player.lnk - c:\windows\Installer\{416FE982-1ABE-431C-881D-2E34EBAB5836}\Icon98829F5E.exe [2008-11-13 115200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
c:\program files\Winamp Remote\bin\OrbTray.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1933367248-3533517485-1370306796-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F64177EF-6234-494D-BDC0-9727B5239C1F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A0463802-CA8F-48AC-9CBF-B72F63B3530E}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{CE145C97-3034-420B-A70A-3CA648DD037E}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D61019C1-7204-446B-9884-D4F68D2A946A}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C397EDD0-9B2E-4356-BC57-7E011C7C4E1D}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{53E447DE-7311-467C-8D86-C77366C98339}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{681DF0A3-CD09-453C-8BC9-DBA19590E17B}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3396CCF8-83B6-4D40-8118-41D1A5951D59}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{66C40312-BEE6-4347-96D5-1EB6663BC56D}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{976500E4-3A5D-41B4-AC4C-827A635A9AAB}"= UDP:5353:Adobe CSI CS4
"{5A777184-B023-424D-90DF-BCD1AB570942}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{84888C96-BC55-49DB-A15A-F12D186B9AA7}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A42AC438-FFB2-4776-8134-4D027A1696DB}"= UDP:c:\users\selma\AppData\Local\Temp\7zSFC6A.tmp\SymNRT.exe:Norton Removal Tool
"{96D6475B-9DBA-4014-850F-6272E55F504B}"= TCP:c:\users\selma\AppData\Local\Temp\7zSFC6A.tmp\SymNRT.exe:Norton Removal Tool
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2007-12-23 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-08-16 2831232]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\System32\drivers\k600bus.sys [2005-03-04 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\System32\drivers\k600mdfl.sys [2008-10-26 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\System32\drivers\k600mdm.sys [2008-10-26 87456]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\System32\drivers\k600obex.sys [2008-10-26 77072]
S3 PAC207;Trust Webcam Live;c:\windows\System32\drivers\PFC027.SYS [2007-04-12 507264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6eb9a9e-b157-11dc-8734-001d6012fc88}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 15:54]
2009-02-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-15 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []
2009-02-15 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
2009-02-20 c:\windows\Tasks\RegTool Startup.job
- c:\program files\RegTool\RegTool.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 18:03:48
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
[0] 0x4000147D
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-02-20 18:08:25
ComboFix-quarantined-files.txt 2009-02-20 17:08:21
ComboFix2.txt 2009-02-20 15:44:11
Pre-Run: 346.567.487.488 bytes beschikbaar
Post-Run: 346,528,104,448 bytes beschikbaar
250 --- E O F --- 2009-02-20 05:50:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:56, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Netpresenter\NetPlay.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family
Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator
Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Netpresenter Player.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9739 bytes
|
|
|
| Pagina's: 1 2 3 .. 9 |
