Volledige versie bekijken : Installatie venster wanneer rechtermuis klik.
4stroker 16 April 2008, 17:04 Hallo
Ik heb hetvolgende probleem.
Wanneer ik mijn computer opstart en op een bestand rechts klik in een folder (dit kan eender welk bestand zijn), opent er zich een installatie venster:
screenshot:
http://img229.imageshack.us/img229/5530/screenme9.jpg (http://imageshack.us/)
Als ik deze "setup" laat lopen, gebeurt er niks, er komt enkel weer ditzelfde venster.
Daarna kan meestal gewoon op rechter bestanden klikken.
Men heeft mij al verteld dat dit een virus zou zijn en waarschijnlijk iets in het register moet zoeken. Mijn adobe versie is de laatste nieuwste dus daaraan kan het ook niet liggen.
Mijn OS is windows Vista.
Hopelijk kan er mij iemand helpen.
Vriendelijke groetjes.
Mijn Hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 17:02:48, on 16/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System\w98eject.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
K:\spyware\hijack.this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206120725283
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
http://www.minatica.be/styles/lagoon/buttons/quote.gif (http://www.minatica.be/newreply.php?do=newreply&p=386601)
Juisterr 16 April 2008, 19:40 * Download Trend Micro Hijack This™ (http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe)
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.
Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
4stroker 17 April 2008, 18:12 * Download Trend Micro Hijack This™ (http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe)
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.
Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
M'n probleem is nog niet opgelost,,
Volgende log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:29, on 17/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System\w98eject.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206120725283
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8889 bytes
Juisterr 17 April 2008, 19:00 Download Java Runtime Environment (JRE) 6u5 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):
Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:
Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen
Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven
C:\Windows\Temp
C:\Documents and Settings\<user>\Local Settings\Temp
C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
<user> staat hier voor je profielnaam !!
Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.
Maak je prullenbak leeg.
Download Malwarebytes' Anti-Malware via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Start sowieso opnieuw op en plaats ook een nieuw HJT logje
succes
4stroker 17 April 2008, 20:23 Malwarebytes' Anti-Malware 1.11
Database versie: 642
Scan type: Snelle Scan
Objecten gescand: 34513
Verstreken tijd: 6 minute(s), 5 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:35, on 17/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System\w98eject.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conime.exe
C:\Program Files\mIRCNew\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206120725283
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9122 bytes
Juisterr 18 April 2008, 11:56 Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Hoop dat ik nu wel wat vind.
4stroker 20 April 2008, 21:12 ComboFix 08-04-20.2 - Kevin 2008-04-20 21:03:51.1 - NTFSx86
Gestart vanuit: C:\Users\Kevin\Desktop\NEW rs ACCOUNT xD\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Kevin\AppData\Roaming\inst.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-20 18:11 --------- d-----w C:\Program Files\mIRCNew
2008-04-20 18:10 --------- d-----w C:\Program Files\Steam
2008-04-17 17:31 --------- d-----w C:\Users\Kevin\AppData\Roaming\Malwarebytes
2008-04-17 17:31 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-17 17:31 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-17 17:30 --------- d-----w C:\Program Files\Java
2008-04-16 18:00 --------- d-----w C:\Program Files\HLSW
2008-04-16 17:56 --------- d-----w C:\Program Files\Trend Micro
2008-04-16 16:03 22,016 ----a-w C:\Windows\System32\Partizan.exe
2008-04-16 15:59 25,773 ----a-w C:\Windows\system32\drivers\regguard.sys
2008-04-14 19:44 --------- d-----w C:\Program Files\Lavalys
2008-04-13 14:21 --------- d---a-w C:\ProgramData\TEMP
2008-04-13 09:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 09:10 --------- d-----w C:\Program Files\Windows Live
2008-04-13 09:07 --------- d-----w C:\ProgramData\WLInstaller
2008-04-09 18:48 --------- d-----w C:\Program Files\ElcomSoft
2008-04-09 15:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 14:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 19:14 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-03 10:29 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-30 17:30 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 17:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-25 18:34 --------- d-----w C:\Program Files\VirtualDJ
2008-03-21 17:40 --------- d-----w C:\ProgramData\NVIDIA
2008-03-19 15:52 --------- d-----w C:\Users\Kevin\AppData\Roaming\Thunderbird
2008-03-19 15:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-15 11:56 --------- d-----w C:\Program Files\CSStrat
2008-03-10 17:54 --------- d-----w C:\Program Files\BitTorrent
2008-03-05 17:36 --------- d-----w C:\Program Files\ClubDJ Pro
2008-03-04 20:41 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-04 17:54 --------- d-----w C:\Users\Kevin\AppData\Roaming\FileZilla
2008-03-04 17:30 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-04 17:27 --------- d-----w C:\Program Files\SmartFTP FTP Library
2008-03-02 18:46 --------- d-----w C:\Program Files\Real
2008-03-02 18:46 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-02 18:46 --------- d-----w C:\Program Files\Common Files\Real
2008-03-02 18:41 --------- d-----w C:\Program Files\RM Converter
2008-03-01 17:36 --------- d-----w C:\Program Files\MegauploadToolbar
2008-03-01 17:36 --------- d-----w C:\Program Files\FlashGet
2008-03-01 12:44 --------- d-----w C:\Program Files\Trials 2
2008-03-01 12:43 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-01 12:43 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-01 12:39 --------- d-----w C:\Program Files\OpenAL
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-26 18:10 1,152,963 ----a-w C:\Users\Kevin\PcactiveDecember.zip
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 14:21 --------- d-----w C:\Users\Kevin\AppData\Roaming\SystemRequirementsL ab
2008-02-20 14:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 16:45 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 16:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 16:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 16:44 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 16:44 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 16:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 16:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 16:44 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 16:44 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-03 08:05 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-02-01 20:28 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2007-12-13 16:03 17,966 ----a-w C:\Users\Kevin\Economie.zip
2007-11-13 21:03 22,328 ----a-w C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
2007-11-10 21:39 5,231,811 ----a-w C:\Users\Kevin\BMW_M6_Modif.zip
2007-11-02 09:09 47,360 ----a-w C:\Users\Kevin\AppData\Roaming\pcouffin.sys
2007-08-30 11:40 174 --sha-w C:\Program Files\desktop.ini
2000-06-10 14:29 2,306,048 ----a-w C:\Program Files\LensDoc.8bf
2007-11-14 14:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2007-11-14 14:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-14 14:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
2008-01-18 15:43 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\Cookies\index.dat
2008-01-18 15:43 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\History\History.IE5\index.dat
2008-01-18 15:43 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 09:25 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 20:46 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - C:\Windows\System\w98eject.exe [2008-01-20 21:35:51 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CFHD"= cfhd.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Reader Snelle start.lnk]
backup=C:\Windows\pss\Adobe Reader Snelle start.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\Windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^NCProTray.lnk]
backup=C:\Windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=C:\Windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-21 04:28 243200 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2006-05-28 01:37 425472 C:\Program Files\ISP Monitor\isp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-11 18:06 81920 C:\Windows\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-04-08 15:22 721656 c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-20 22:08 228088 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-01-10 11:00 18944 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{FDC7DD36-00AD-4235-9F8C-E0FC42F86913}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{81E53894-473F-4D15-9FF4-C3FD189FFD3C}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71F2F1A3-A106-447E-B5CA-F307B1FA38E0}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B0B637EB-D438-4640-9B10-549205AFDED9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{86D5D743-9509-4A6C-9CBA-1BE55469565A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C845A4EE-BC90-41F0-B810-09066651879A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{16780F47-8AED-4EF7-9E1D-5316092D1061}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{53541048-D143-487E-9A63-8E940AFD5DF8}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{10DBD48C-8C5F-4111-A1D3-8D531DF6BA67}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{7E5246E2-F65D-4655-BAD6-A2FB110C01F2}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{01E39137-4A9A-4DEC-A63C-6C85F8FF9211}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{7660086D-E4B6-4611-96E0-5AEBD227B19D}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{B85DBEFE-774F-4452-9F51-5DFDBB37469B}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{17C32C91-002F-4C16-910D-4C7D73B00285}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{A70911BC-2C31-40B3-B957-F6A6D73F42AF}"= UDP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCall s.exe:InternetCalls
"{B9A71C84-45B5-4B85-98F9-A5B6BABC83FB}"= TCP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCall s.exe:InternetCalls
"{2D8FB9F7-3591-4F01-822C-715E2FB166F7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{26469744-497E-4EAF-A71B-C0D6D98A9DD6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ADC0AFAE-7C32-4231-A463-198008E650A8}"= UDP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{3EAE0FE0-402A-4311-8D4A-98485B75D9E0}"= TCP:C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{3D349F78-EBD9-4F92-B3F4-FC071B52B981}"= UDP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{903CAD11-0B56-4EED-97CC-EEE5B3ECED3F}"= TCP:C:\Program Files\Cyanide\Pro Cycling Manager 2007\PCM.exe:Pro Cycling Manager 2007
"{CEEEA3AC-DF5A-4014-A97D-CEB3A7A5F65F}"= UDP:3703:Adobe Version Cue CS3 Server
"{06677EF7-A3EE-4946-B144-C6BD7B7A964C}"= UDP:3704:Adobe Version Cue CS3 Server
"{BC062F9B-95E5-4142-A8AE-28A0CFF74C16}"= UDP:50900:Adobe Version Cue CS3 Server
"{F741B873-4FBE-4090-BD36-21A86AE38FBC}"= UDP:50901:Adobe Version Cue CS3 Server
"{BC30526A-3B68-4D97-8F16-039A8BF6D5DC}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{559CC585-1FF7-4B65-9F02-CEE6330A2AE3}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{3F2B3C95-E686-43B7-B7F6-462A3F422C28}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{79334CC5-E154-4E37-B7B0-3113977BB545}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{805D85D1-5791-490F-8D66-2D8A3E542BED}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2C22AA9E-D0D2-4614-88F1-0143E2A8A272}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{F907430D-0F91-48ED-90B8-7C8F474F8436}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{701BC2DB-70DF-4C2A-89E6-DEC6F7727697}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7D16B6DF-2CA6-41C9-9AAB-2FBB80B14B16}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7FFB192F-05E9-4C0B-9C6E-09ED56116036}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{EF2ED405-B325-4A56-8AE9-621F76EBB475}"= UDP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{BAFD7BB8-7AC3-4802-949D-990AA81D9C79}"= TCP:C:\Program Files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{1A4AAFD7-63EE-457D-AEAA-5C78C56C8DE1}"= UDP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{19EA80D5-C5C7-4724-91AF-FBE6826A5E90}"= TCP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{9A6114FB-7990-4369-A5E3-2A949E606AAB}"= UDP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"{732F7F32-111B-412E-9871-F5C83A018255}"= TCP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotc ore3.sys [2007-03-07 14:27]
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\Windows\system32\drivers\pe3akt6c.sy s [2007-08-02 15:27]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\Windows\system32\drivers\pf2akt6c.sy s [2007-08-02 15:27]
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\Windows\system32\drivers\ps6akt6c.sy s [2007-08-02 15:26]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);C:\Windows\system32\drivers\ps7akt6c.sy s [2007-09-28 12:05]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-03-29 19:32]
R2 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.s ys [2006-09-30 11:35]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SrvCDEject;SrvCDEject;C:\Program Files\Packard Bell\SrvCDEject.exe [2006-07-25 11:48]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 06:33]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\Windows\system32\DRIVERS\LV53 2AV.SYS [2005-01-31 11:13]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio. sys [2006-09-28 11:20]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 12:33]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]
S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 05:13]
S3 ADM851x;ADMtek ADM8513 USB To Fast Ethernet Adapter;C:\Windows\system32\DRIVERS\ADM851x.SYS [2002-04-04 12:14]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regg uard.sys [2008-04-16 17:59]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\Windows\system32\Drivers\StMp3Rec.sys [2006-06-02 14:14]
S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\Windows\system32\pr2akt6c.exe svc []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{02f15f94-c42c-11dc-992a-0019db4068c1}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b5efc30-982a-11dc-900c-0019db4068c1}]
\shell\AutoRun\command - P:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{11992cc8-4d78-11dc-ad90-0019db4068c1}]
\shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8fc7c77a-d70c-11db-84ae-0019db4068c1}]
\shell\AutoRun\command - K:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d3eb3609-dd4e-11db-90eb-0003e1408238}]
\shell\AutoRun\command - J:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db573d9e-4cda-11dc-9c0d-0019db4068c1}]
\shell\AutoRun\command - L:\setup\rsrc\Autorun.exe
\shell\dinstall\command - L:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db573da0-4cda-11dc-9c0d-0019db4068c1}]
\shell\AutoRun\command - M:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db573da2-4cda-11dc-9c0d-0019db4068c1}]
\shell\AutoRun\command - N:\setup.exe
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-11 17:59:59 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Kevin.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-04-20 18:59:59 C:\Windows\Tasks\Uitgebreide garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 21:08:47
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-04-20 21:10:21
ComboFix-quarantined-files.txt 2008-04-20 19:10:13
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
300 --- E O F --- 2008-04-09 12:22:56
Hijack.this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:54, on 20/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System\w98eject.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206120725283
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8877 bytes
Juisterr 21 April 2008, 18:45 Logje is prima zo, nog klachten ?
4stroker 22 April 2008, 18:17 Logje is prima zo, nog klachten ?
Nee heb nog steeds hetzelfde probleem...
Juisterr 23 April 2008, 14:57 Ziet er toch goed uit zo ?
Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) en sla het op je bureaublad op.
Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
[list]
Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij 'Prompt bij actie'.
Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is be?indigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post
|
|