novice
27 July 2007, 20:26
Windows Beveiligingscentrum toont de aanwezigheid
van twee antivirusprogramma's terwijl er maar 1 is geinstalleerd,NOD32.
het tweede is Bitdefender 9,maar deze is al een jaar verwijderd.
alles is opgekuist,ook manueel.
hier mijn logje:
Logfile of HijackThis v1.99.1
Scan saved at 20:17:39, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\carine\Mijn documenten\set-ups\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122409378265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
ondertussen liet ik DoctorWeb cure-it lopen met dit resultaat:
(heuristic stond aangevinkt)
"A0003060.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003065.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003066.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003067.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003068.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003070.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003087.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003088.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003089.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003090.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003091.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003092.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003093.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003094.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003095.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003096.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003097.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003098.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003099.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003100.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003101.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003102.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003103.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003104.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003105.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003106.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003107.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003108.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003110.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003112.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003113.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0004583.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP21;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"fscax.dll;C:\WINDOWS\Downloaded Program Files;Probably BINARYRES;Incurable.Moved.;"
mag ik deze in de quarantaine-map laten staan,of moeten ze teruggeplaatst worden?
(cracksearcher en isp-monitor zijn al geruime tijd verwijderd van de pc)
alvast bedankt.:bow:
van twee antivirusprogramma's terwijl er maar 1 is geinstalleerd,NOD32.
het tweede is Bitdefender 9,maar deze is al een jaar verwijderd.
alles is opgekuist,ook manueel.
hier mijn logje:
Logfile of HijackThis v1.99.1
Scan saved at 20:17:39, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\carine\Mijn documenten\set-ups\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122409378265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
ondertussen liet ik DoctorWeb cure-it lopen met dit resultaat:
(heuristic stond aangevinkt)
"A0003060.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003065.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003066.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003067.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003068.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Tool.CrackSearch;Incurable.Move d.;"
"A0003070.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003087.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003088.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003089.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003090.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003091.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003092.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003093.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003094.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003095.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003096.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003097.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003098.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003099.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003100.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003101.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003102.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003103.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003104.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003105.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003106.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003107.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0003108.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003110.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"A0003112.dll;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably DLOADER.Trojan;Incurable.Moved.;"
"A0003113.reg;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP13;Probably BATCH.Virus;Incurable.Moved.;"
"A0004583.exe;C:\System Volume Information\_restore{549B0DAA-7BE6-4588-A25D-5FB6778FE697}\RP21;Probably BACKDOOR.Trojan;Incurable.Moved.;"
"fscax.dll;C:\WINDOWS\Downloaded Program Files;Probably BINARYRES;Incurable.Moved.;"
mag ik deze in de quarantaine-map laten staan,of moeten ze teruggeplaatst worden?
(cracksearcher en isp-monitor zijn al geruime tijd verwijderd van de pc)
alvast bedankt.:bow: