Volledige versie bekijken : Quad Core Traag en andere problemen.
Pazziej 30 April 2009, 21:47 Hallo mensen,
De laatste tijd is mijn PC niet normaal traag, hij sluit af en toe ook zonder reden af en ik krijg ook steeds vaker virus meldingen.
ik heb mn computer al een paar keer grondig gescaned en opgeruimt maar dat moch niet baten.
hier onder staat mijn Hijackthis log, zouden jullie even willen kijken wat er mis is ???
alvast bedankt.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:56, on 30-4-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Unattended
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://aika.hanbiton.com/Game/HLauncher.cab
O16 - DPF: {B7CCB9D7-B3CE-48BF-9042-06F73DA581AC} (MoondoCtrl Class) - http://ecdownload.moondo.com/conrad/6813e/moondoax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes. dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopCont rolPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamContro l.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
--
End of file - 10748 bytes
Juisterr 1 May 2009, 22:50 Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik Tools
* Klik "General Settings" of Options
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
maak en plaats een nieuw HJT logje
Pazziej 2 May 2009, 00:33 ik heb even alle onbenodigde programmas gewist, mijn PC is nu iets sneller maar dat uitvallen en de foutmeldingen zijn nog niet verholpen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:30:55, on 2-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Unattended
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://aika.hanbiton.com/Game/HLauncher.cab
O16 - DPF: {B7CCB9D7-B3CE-48BF-9042-06F73DA581AC} (MoondoCtrl Class) - http://ecdownload.moondo.com/conrad/6813e/moondoax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes. dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopCont rolPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamContro l.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
--
End of file - 10056 bytes
Juisterr 2 May 2009, 18:59 Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.
OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Pazziej 3 May 2009, 12:12 als het Combofix programma ervoor moest zorgen dat mijn problemen werden verholpen heeft dat niet geholpen, ik heb namelijk nog steeds last van blue screen of death, en van die write of read errors.
maar hier is het CF logje:
ComboFix 09-05-02.4 - Gebruiker 03-05-2009 1:39.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2047.1036 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated)
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\launcher.exe
c:\windows\system32\x64
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-02 to 2009-05-02 ))))))))))))))))))))))))))))))
.
2009-04-30 19:43 . 2009-04-30 19:43 -------- d-----w c:\program files\Trend Micro
2009-04-30 14:10 . 2009-04-30 14:10 -------- d-----w c:\program files\Joymax
2009-04-30 12:01 . 2009-04-30 13:56 677457480 ----a-w c:\users\Gebruiker\DecoOnline_GlobalOfficial_v962. exe
2009-04-29 22:39 . 2009-04-30 09:30 1830912 ----a-w c:\windows\system32\EhSvc.dll
2009-04-29 22:38 . 2009-04-30 09:30 95232 ----a-w c:\windows\system32\EGRNAPX2.dll
2009-04-29 22:38 . 2009-04-30 09:35 -------- d-----w c:\windows\system32\HackShield
2009-04-29 22:38 . 2009-04-30 09:30 178273 ----a-w c:\windows\system32\EGRNAP.dll
2009-04-29 22:33 . 2009-04-30 09:27 303104 ----a-w c:\windows\system32\Win98sUpdateUtil.exe
2009-04-29 22:33 . 2009-04-29 22:33 -------- d-----w c:\windows\system32\Resource
2009-04-29 10:28 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-29 09:28 . 2000-06-22 11:09 56320 ------w c:\windows\system32\iyvu9_32.dll
2009-04-29 09:28 . 2000-06-23 12:05 136704 ----a-w c:\windows\system32\iacenc.dll
2009-04-29 09:28 . 2009-04-29 09:28 -------- d-----w c:\program files\Ligos
2009-04-29 09:02 . 2009-04-29 13:01 -------- d-----w c:\program files\Monster & Me 1.0
2009-04-26 22:31 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-26 22:31 . 2009-03-09 13:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-26 22:31 . 2009-03-09 13:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-26 22:31 . 2009-03-16 12:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-26 22:31 . 2009-03-16 12:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-26 22:31 . 2009-03-16 12:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-26 22:31 . 2009-03-16 12:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-26 22:18 . 2009-04-26 22:18 -------- d-----w C:\CCR INC
2009-04-25 13:45 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-25 13:45 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-25 13:45 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-25 13:44 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-25 13:44 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-25 13:39 . 2008-12-05 04:25 428032 ----a-w c:\windows\system32\EncDec.dll
2009-04-25 13:39 . 2008-12-05 04:28 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-04-25 13:39 . 2008-12-05 04:26 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-04-25 13:39 . 2008-10-21 05:16 1645568 ----a-w c:\windows\system32\connect.dll
2009-04-25 13:38 . 2008-08-28 03:24 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-25 13:38 . 2008-08-28 03:22 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-25 13:38 . 2008-08-28 03:22 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-25 06:39 . 2009-04-25 15:50 65536 ----a-w c:\windows\IFinst27.exe
2009-04-24 13:14 . 2009-04-24 13:14 -------- d-----w c:\users\Gebruiker\AppData\Local\capcom
2009-04-22 18:14 . 2009-04-22 18:14 -------- d-----w c:\programdata\Blizzard
2009-04-22 18:14 . 2009-04-22 18:14 -------- d-----w c:\users\All Users\Blizzard
2009-04-18 18:56 . 2009-04-21 18:04 -------- d-----w c:\program files\GodsWar Online
2009-04-16 18:39 . 2009-02-13 07:13 1234432 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 18:39 . 2009-02-13 07:15 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 18:39 . 2009-02-13 04:58 7680 ----a-w c:\windows\system32\lsass.exe
2009-04-16 18:39 . 2009-03-17 03:16 14848 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 18:39 . 2009-03-17 03:16 25600 ----a-w c:\windows\system32\amxread.dll
2009-04-16 18:34 . 2008-06-06 03:21 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 18:34 . 2008-06-06 03:23 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 18:27 . 2009-03-03 04:22 3505120 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 18:27 . 2009-03-03 04:22 3471328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 18:27 . 2009-03-03 04:17 550400 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 18:27 . 2009-03-03 02:40 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 18:27 . 2009-03-03 04:19 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 18:27 . 2009-03-03 04:19 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 18:27 . 2009-03-03 04:16 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 18:27 . 2009-03-03 04:16 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 18:27 . 2009-03-03 04:16 53248 ----a-w c:\windows\system32\iasads.dll
2009-04-16 18:15 . 2008-12-08 04:19 377344 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 19:47 . 2009-04-18 16:09 -------- d-----w c:\users\Gebruiker\AppData\Local\Microsoft Game Studios
2009-04-15 19:47 . 2009-04-18 16:09 -------- d-----w c:\programdata\Microsoft Games
2009-04-15 19:47 . 2009-04-18 16:09 -------- d-----w c:\users\All Users\Microsoft Games
2009-04-15 19:47 . 2009-04-18 16:09 -------- d-----w c:\users\Gebruiker\AppData\Roaming\Microsoft Game Studios
2009-04-14 02:19 . 2009-04-14 02:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-06 13:42 . 2009-04-06 14:40 -------- d-----w C:\Rohan_Global
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-02 23:21 . 2008-08-12 10:02 -------- d-----w c:\program files\ESET
2009-05-02 19:01 . 2006-11-02 13:00 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 13:15 . 2008-08-12 17:36 -------- d-----w c:\program files\LimeWire
2009-05-01 10:19 . 2008-08-14 12:48 -------- d-----w c:\program files\SpeedFan
2009-05-01 09:57 . 2008-09-12 18:15 -------- d-----w c:\program files\Electronic Arts
2009-04-30 22:55 . 2006-11-02 16:18 692336 ----a-w c:\windows\system32\perfh013.dat
2009-04-30 22:55 . 2006-11-02 16:18 123636 ----a-w c:\windows\system32\perfc013.dat
2009-04-30 20:01 . 2008-08-18 11:59 -------- d-----w c:\program files\Cheat Engine
2009-04-30 14:10 . 2008-08-12 10:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 19:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-18 16:09 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-04-15 17:24 . 2008-08-15 19:12 -------- d-----w c:\program files\Vista Start Menu
2009-04-14 10:15 . 2008-09-04 14:40 -------- d-----w c:\program files\Xfire
2009-04-01 07:07 . 2009-02-09 18:42 222272 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-30 21:28 . 2009-03-30 21:28 -------- d-----w c:\program files\Perfect World Entertainment
2009-03-29 17:03 . 2009-02-14 01:49 -------- d-----w c:\program files\THQ
2009-03-28 17:17 . 2009-03-28 17:17 -------- d-----w c:\program files\WorldOfGoo
2009-03-22 13:14 . 2009-01-20 22:13 -------- d-----w c:\program files\EA GAMES
2009-03-21 19:37 . 2009-03-21 19:37 -------- d-----w c:\program files\Creative Labs
2009-03-19 22:51 . 2009-03-19 22:46 -------- d-----w c:\program files\Microsoft
2009-03-19 22:51 . 2009-03-19 22:51 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-19 22:50 . 2008-08-12 10:01 -------- d-----w c:\program files\Windows Live
2009-03-19 22:49 . 2009-03-19 22:49 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 22:48 . 2009-03-19 22:48 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 22:47 . 2008-08-12 10:00 -------- d-----w c:\program files\MSN Messenger
2009-03-19 22:46 . 2009-03-19 22:46 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 22:21 . 2009-03-19 22:21 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-17 17:00 . 2009-03-15 19:40 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-17 17:00 . 2009-03-15 19:40 56 --sh--r c:\windows\system32\8621D19E07.sys
2009-03-17 03:16 . 2009-04-16 18:39 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-15 20:12 . 2008-10-25 11:20 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-15 20:12 . 2008-10-25 11:21 -------- d-----w c:\program files\AGEIA Technologies
2009-03-15 19:38 . 2009-03-15 19:38 -------- d-----w c:\program files\Common Files\Enterbrain
2009-03-15 17:37 . 2009-02-10 08:14 -------- d-----w c:\program files\LucasArts
2009-03-09 17:00 . 2009-03-09 16:59 -------- d-----w c:\program files\AVS4YOU
2009-03-09 17:00 . 2009-03-09 16:59 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-04 21:57 . 2008-08-13 15:06 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 21:49 . 2009-03-04 21:49 0 ----a-w c:\windows\PowerReg.dat
2009-03-04 13:48 . 2009-03-04 13:39 -------- d-----w c:\program files\Left4Dead
2009-03-03 15:38 . 2009-03-03 15:38 286720 ------w c:\windows\Setup1.exe
2009-03-03 15:38 . 2009-03-03 15:38 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-03 04:18 . 2009-04-16 18:22 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:16 . 2009-04-16 18:22 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 18:22 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:16 . 2009-04-16 18:22 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-16 18:22 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:08 . 2009-04-16 18:22 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 18:22 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-16 13:00 . 2008-08-12 10:01 8224 ----a-w c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-02-09 12:58 . 2009-02-09 12:58 889856 ----a-w c:\windows\system32\wer.dll
2009-02-09 01:54 . 2009-03-10 18:55 2030080 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:55 . 2009-02-06 18:55 308616 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:08 . 2009-03-19 22:50 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2008-12-11 19:04 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2007-11-04 18:09 . 2007-11-03 12:19 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2007-11-05 11:07 70656 AA95F24946558AC70B89137BD11ABE06 c:\windows\System32\ctfmon.exe
[-] 2007-11-05 11:07 70656 AA95F24946558AC70B89137BD11ABE06 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9ca d793a67953\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-12 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-11-04 514048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-13 2171392]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-12 949376]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-4-14 3111248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{51865AFB-E83B-4A51-B6E0-028624D87001}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{BE90395E-90FA-4781-A982-B353ABAC3024}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{4BD57196-7777-4DF5-815F-3A05B9947932}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{7251F499-8AC6-4DA6-AE45-C1CACFBA9A09}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D9D5366B-418F-4E67-AFED-2944812287A0}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5E9CAC2F-A510-4841-B20C-0CA5D6C7F07F}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{FEA45B45-42AB-41C0-A909-10FB284B81D4}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{3C1CE68A-898E-47AB-845A-CC643D32B1C8}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{15868D6F-87BB-406D-975F-02B3DE59E0C5}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{B1CEB68F-134C-4C40-A06A-211B5B06585E}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{4FF1BA4F-F87A-4E98-A54D-FEF4998A1528}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{68C6D85F-4437-49E0-9ABB-8BCEEEBCC543}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4FCECE7E-A28E-463E-8638-F191E868E038}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B16BF13E-06E5-48CA-856B-5A96C9FA6E7E}c:\\program files\\mta san andreas\\server\\mta server.exe"= UDP:c:\program files\mta san andreas\server\mta server.exe:MTA Server
"UDP Query User{11920616-A914-450A-9C12-ACBDA312C481}c:\\program files\\mta san andreas\\server\\mta server.exe"= TCP:c:\program files\mta san andreas\server\mta server.exe:MTA Server
"TCP Query User{6984BF5C-0FF2-4A19-9F8C-6217CF0D90E9}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{8CBC3DEA-BCC3-4FA9-9483-FB7E746E26AD}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{725F41ED-E404-4FA3-89EA-F5E5C5C5A1B9}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{F32BB7DC-EC25-4D99-8554-6B84049D639B}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{B9C504C5-162E-4FAF-AA41-122440D797FE}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{19A96A9A-426D-421F-8A22-D6143A064505}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B1EB6890-9276-4AC6-8F9E-D0BA068C4D1B}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2A222F60-661C-41BE-BA4F-69D628598FF0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{1ED84857-A5BC-4F8A-893F-241349B8D937}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{83D4141D-8EF5-4C19-BB0D-95E3BF4B66BC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{43C5DDAD-B6A9-467D-9FCF-A019CDEB2BDC}c:\\users\\gebruiker\\downloads\\caba ltemp\\estsetuploader.exe"= UDP:c:\users\gebruiker\downloads\cabaltemp\estsetu ploader.exe:estsetuploader.exe
"UDP Query User{01BC7D4C-06D9-48B4-9CB5-3BFB8D37FC6A}c:\\users\\gebruiker\\downloads\\caba ltemp\\estsetuploader.exe"= TCP:c:\users\gebruiker\downloads\cabaltemp\estsetu ploader.exe:estsetuploader.exe
"TCP Query User{45AB534D-D271-4C0E-91CF-34E8F9E22CA3}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{67D3DE92-6E8E-4B0F-ADFE-9E99B8F52628}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{D5CBCAC6-D8F9-4BC3-A7F8-865A489E07F4}c:\\program files\\adobe\\adobe flash cs3\\flash.exe"= UDP:c:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"UDP Query User{BC87CED1-7C9D-41CA-94BA-4A2FED125724}c:\\program files\\adobe\\adobe flash cs3\\flash.exe"= TCP:c:\program files\adobe\adobe flash cs3\flash.exe:Adobe Flash CS3
"TCP Query User{8D1073DD-60E1-4564-996A-4F4672D0A559}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{33EA632B-3326-4BA9-B7EE-1881A9E67587}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{B2358134-5EF8-416B-B4DD-CFFE270BC167}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{BEAD4938-7B37-4176-9B06-77BC0E975AAE}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{F985DD5D-B7A3-4633-86E0-338E15741E40}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{EBB78D53-9305-4EEA-ADD0-041552AEF05D}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{AAD744BB-6015-4314-A44B-A4A90DB10ADE}"= UDP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{73F7FBF5-6744-41EB-8561-253593B26B13}"= TCP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C3C2A0BC-AC71-4387-B7D4-D18152D643A1}"= UDP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6C221C99-5FD4-4EB1-B1FE-DF5BD56C27A3}"= TCP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{246B1944-B7AA-413F-9B5C-79113067CE16}"= UDP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{C1E2FC6C-1C11-4B3B-8AB8-9395AA861817}"= TCP:c:\users\Gebruiker\AppData\Roaming\Ubisoft\Ass assin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{0EC8DD98-66BB-4AAD-8DDC-BC8A62ADD2FE}"= UDP:13456:BitCometLite 13456 TCP
"{079618D7-A5B2-48F6-9F32-DA8EBA75ED65}"= TCP:13456:BitCometLite 13456 UDP
"TCP Query User{7D1F5283-F170-4AF3-80AB-E67DD6BF05A4}c:\\users\\gebruiker\\appdata\\local\ \microsoft\\windows\\temporary internet files\\content.ie5\\20kvms6z\\conquer_v5069_bc[1].exe"= UDP:c:\users\gebruiker\appdata\local\microsoft\win dows\temporary internet files\content.ie5\20kvms6z\conquer_v5069_bc[1].exe:conquer_v5069_bc[1].exe
"UDP Query User{8BB8259C-321D-43DF-A751-9033C6FE5EE4}c:\\users\\gebruiker\\appdata\\local\ \microsoft\\windows\\temporary internet files\\content.ie5\\20kvms6z\\conquer_v5069_bc[1].exe"= TCP:c:\users\gebruiker\appdata\local\microsoft\win dows\temporary internet files\content.ie5\20kvms6z\conquer_v5069_bc[1].exe:conquer_v5069_bc[1].exe
"{57CCAF4E-4605-43EA-AD03-B130350CAA58}"= UDP:21034:BitComet 21034 TCP
"{D8DDBC48-7178-47C4-8536-46C578D8FA7F}"= TCP:21034:BitComet 21034 UDP
"{5FC14541-E2B7-4DD1-B8D5-DE3EB88FFD75}"= UDP:c:\program files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{81A2E884-723F-4CD3-95F8-5642434596F8}"= TCP:c:\program files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{44B801D2-14B2-4BEB-A46B-02F41104777F}"= UDP:21034:BitComet 21034 TCP
"{90CF8886-969B-48C9-9A3C-D83F9871464C}"= TCP:21034:BitComet 21034 UDP
"TCP Query User{F27403AD-8019-4069-9FED-04DB010CEB06}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C7B9FCE5-FEDF-4536-B4DB-DC5F7C0B199A}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{E617FED9-5BA8-44DC-89A4-948F2BB349A4}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C889C03D-6FAC-4E35-8C4D-45C421AD396A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{5C4AF98C-BC9F-4AB1-87A9-68E4BFD7516F}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{3D885CE5-63C1-48D6-A5AF-FF08296844A4}c:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"{E821A900-C2D6-4FE4-82A4-5E494C1235FD}"= Disabled:UDP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"{A51F955E-1E80-4792-8FF8-C9B6A01778CA}"= Disabled:TCP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"TCP Query User{4CC2FA51-8C58-48C6-8489-D6A9A2575AE5}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{61B733CD-8887-4E01-8E54-BB674C9CF528}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{BBAFF606-BB81-4F21-B907-ACBC88B15BDE}c:\\program files\\inixsoft\\vanillagate\\client.exe"= UDP:c:\program files\inixsoft\vanillagate\client.exe:Client
"UDP Query User{A4A6B280-A4C5-44F5-B50E-1B0455DD4010}c:\\program files\\inixsoft\\vanillagate\\client.exe"= TCP:c:\program files\inixsoft\vanillagate\client.exe:Client
"TCP Query User{EFA43D9D-F9A4-4071-BBE5-3E25A9C9F909}c:\\program files\\gametribe\\infinity\\xclient.exe"= UDP:c:\program files\gametribe\infinity\xclient.exe:xclient
"UDP Query User{4FEE62B8-59D4-4C8E-BFCE-3EE67699A7C9}c:\\program files\\gametribe\\infinity\\xclient.exe"= TCP:c:\program files\gametribe\infinity\xclient.exe:xclient
"{3C39F9E5-89D2-49A4-B2CD-0FAD4DC3AC75}"= UDP:18150:BitCometLite 18150 TCP
"{5BD97CCB-3E3C-48FA-9E3C-D6D4254CDF77}"= TCP:18150:BitCometLite 18150 UDP
"TCP Query User{79942470-FC8D-43B5-A058-47EE48448BBD}c:\\users\\gebruiker\\desktop\\200811 14eudemonsv1153_bitcomet.exe"= UDP:c:\users\gebruiker\desktop\20081114eudemonsv11 53_bitcomet.exe:20081114eudemonsv1153_bitcomet.exe
"UDP Query User{FF811D14-AE85-48A6-83A4-BD4C028D3B20}c:\\users\\gebruiker\\desktop\\200811 14eudemonsv1153_bitcomet.exe"= TCP:c:\users\gebruiker\desktop\20081114eudemonsv11 53_bitcomet.exe:20081114eudemonsv1153_bitcomet.exe
"{C28905CA-00AA-434D-8914-03C4A1EFF8A4}"= UDP:c:\program files\Speed Rose Online\SRose launcher.exe:Speed Rose Online (2)
"{A50B0DCB-B5BB-4F6A-8E03-1D1C726B61BF}"= TCP:c:\program files\Speed Rose Online\SRose launcher.exe:Speed Rose Online (2)
"{23BBDE68-25FE-45A1-83D9-36EB34A3AA44}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{791C9951-03F9-41D3-A7CD-D98E8A19FA9C}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{41B5BF3E-E31D-42BE-BA89-D87DACEAE585}"= UDP:57495:Pando Media Booster
"{A2C051E9-2879-4DCB-BF7B-A2F7A0618210}"= TCP:57495:Pando Media Booster
"{26AF8150-CEDF-458F-B191-021472A2B231}"= UDP:13714:BitCometLite 13714 TCP
"{D0A0A99D-330A-4398-8D53-65136A0B426F}"= TCP:13714:BitCometLite 13714 UDP
"{E4F6E385-3EFB-45B3-824F-BA4C56A14D39}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"{920C3916-3038-4369-9A51-5158BD7052EC}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth™ II
"TCP Query User{26D2FDF5-EB5C-47D7-8AAB-ED08A51A1257}c:\\program files\\left4dead\\hl2.exe"= UDP:c:\program files\left4dead\hl2.exe:hl2
"UDP Query User{F318DF08-E235-4B32-AD6E-D9672E09D439}c:\\program files\\left4dead\\hl2.exe"= TCP:c:\program files\left4dead\hl2.exe:hl2
"{405400CE-F000-4B44-96DC-F8BEE6328AE3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{FB0D6C1E-C944-4239-B65D-CAA0DEB5B1E1}"= UDP:60000:BitComet 60000 TCP
"{5A51AA58-9B85-4255-9A14-370151E731C5}"= TCP:60000:BitComet 60000 UDP
"{D63E6754-D233-4A5C-9EDE-F7F5BBE300FA}"= UDP:60000:BitComet 60000 TCP
"{189517E9-7C1E-47E8-9A3D-7703037261D2}"= TCP:60000:BitComet 60000 UDP
"TCP Query User{2F8038B4-17F6-44E0-817A-8A18B7C10C21}c:\\users\\gebruiker\\appdata\\local\ \temp\\rar$ex00.348\\shadowrun\\shadowrun.exe"= UDP:c:\users\gebruiker\appdata\local\temp\rar$ex00 .348\shadowrun\shadowrun.exe:shadowrun.exe
"UDP Query User{7D2D92F4-98E4-4F21-8B42-4591634D7180}c:\\users\\gebruiker\\appdata\\local\ \temp\\rar$ex00.348\\shadowrun\\shadowrun.exe"= TCP:c:\users\gebruiker\appdata\local\temp\rar$ex00 .348\shadowrun\shadowrun.exe:shadowrun.exe
"{12E092F7-A230-44ED-B8C0-C296397D563E}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColonies DX9.exe:LOSTPLANETCOLONIES_DX9
"{AF7AD40F-6C63-44F5-9F6B-3EEA68F2CC65}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColonies DX9.exe:LOSTPLANETCOLONIES_DX9
"{2050A5AA-ADD9-4675-8B96-1C96ECF9EC5E}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColonies DX10.exe:LOSTPLANETCOLONIES_DX10
"{2A3B1FA4-6CBF-4AE3-B552-45F5BEC8138C}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColonies DX10.exe:LOSTPLANETCOLONIES_DX10
"{C8BB4B0F-51C4-4BB6-92DB-E8854B0425EA}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{FFD8EB41-0A3D-4CBF-AB43-B1700FB8A873}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{0CB372F9-9937-495A-8BC0-04F5E9826690}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{34A765E1-DF75-4258-BF21-BCE17D4928FF}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{77ED6EFA-82DC-4F80-AD71-80D7A6D5774E}"= UDP:16625:BitCometLite 16625 TCP
"{9D9DF468-4D44-478F-8244-2A86D0ACD6D5}"= TCP:16625:BitCometLite 16625 UDP
"TCP Query User{4A2C931F-BBD2-42D7-B74A-4EA557D78B7A}c:\\users\\gebruiker\\desktop\\hl1.0_ eg_setup_bc.exe"= UDP:c:\users\gebruiker\desktop\hl1.0_eg_setup_bc.e xe:hl1.0_eg_setup_bc.exe
"UDP Query User{59796341-359C-4684-8DB7-A713677990EB}c:\\users\\gebruiker\\desktop\\hl1.0_ eg_setup_bc.exe"= TCP:c:\users\gebruiker\desktop\hl1.0_eg_setup_bc.e xe:hl1.0_eg_setup_bc.exe
"TCP Query User{B6DF420D-52ED-48F6-A20C-5BA3505599B2}c:\\users\\gebruiker\\desktop\\do_ful l-client_downloader.exe"= UDP:c:\users\gebruiker\desktop\do_full-client_downloader.exe:do_full-client_downloader.exe
"UDP Query User{BFBF4B89-FA3A-4402-BFB3-31159837C4CB}c:\\users\\gebruiker\\desktop\\do_ful l-client_downloader.exe"= TCP:c:\users\gebruiker\desktop\do_full-client_downloader.exe:do_full-client_downloader.exe
"{09BE135F-A2D3-4FC2-BE86-F1CC5BC7FED3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CBDAA0E5-749E-4DEF-BFD9-2AC5A7D0B85F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssflt r.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamt03.sys [2007-04-11 40848]
R3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtv.sys [2007-04-11 38288]
R3 nenum13E;nenum13E; [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-26 3027706]
R3 npkycryp;npkycryp; [x]
R3 XDva164;XDva164; [x]
R3 XDva222;XDva222; [x]
R4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtxp.sys [2007-04-11 47496]
R4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2007-05-31 36744]
R4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\system32\drivers\issetup.sys [2007-06-19 75672]
R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128]
R4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\si3124.sys [2006-11-02 76208]
R4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\si3124r5.sy s [2006-09-20 207152]
R4 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\si3132r5.sy s [2007-06-01 215856]
R4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\si3531.sys [2007-06-01 210736]
R4 ViBus;ViBus;c:\windows\system32\drivers\vibus.sys [2007-03-26 16896]
R4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\viprt.sys [2007-03-26 52224]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-31 107272]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod3 2drv.sys [2008-08-12 15424]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 19:37 41456]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{383672a4-6f6c-11dd-a44a-001fd001ab72}]
\shell\AutoRun\command - H:\aow2Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: gscdn.com\rfonline-full
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://aika.hanbiton.com/Game/HLauncher.cab
DPF: {B7CCB9D7-B3CE-48BF-9042-06F73DA581AC} - hxxp://ecdownload.moondo.com/conrad/6813e/moondoax.cab
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\b3kaa1vj.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 01:43
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1244931110-2936662180-404078959-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,94,8b,cd,f1,59,c5,a0,e4,67,2d,80,00,c3,38, f9,c3,c8,17,99,19,
22,9e,23,3d,73,5e,dc,d7,fa,ec,80,c4,80,e5,47,76,56 ,bd,8f,47,86,53,11,45,3e,\
"rkeysecu"=hex:a1,f5,90,65,a5,97,e0,1c,d1,63,cc,a5,8d,70,21, 6e
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil 10a.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil1 0a.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.o cx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.o cx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.o cx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.o cx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SOFTWARE\’�t*’�0 ’�� ’�X*’�p*’�� \’�0 ’�O*’�i*’�*’�N*’�o*’�g*’�9 ’�I*’�t*’�0 ’�C*’�� ]
"Path"="c:\\Program Files\\ƒtƒ‰ƒ“ƒXƒpƒ“\\ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(6008)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Xfire\xfire_toucan_36644.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes. dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.d ll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopCont rolPanel.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamContro l.dll
.
Voltooingstijd: 2009-05-02 1:46
ComboFix-quarantined-files.txt 2009-05-02 23:46
Pre-Run: 257.099.014.144 bytes beschikbaar
Post-Run: 261.143.064.576 bytes beschikbaar
444 --- E O F --- 2009-05-01 12:09
EN HIER DE HIJACKTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:59, on 3-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://aika.hanbiton.com/Game/HLauncher.cab
O16 - DPF: {B7CCB9D7-B3CE-48BF-9042-06F73DA581AC} (MoondoCtrl Class) - http://ecdownload.moondo.com/conrad/6813e/moondoax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes. dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopCont rolPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamContro l.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
--
End of file - 8990 bytes
Juisterr 3 May 2009, 18:17 Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Driver::
npkycryp
XDva164
XDva222
npggsvc
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{383672a4-6f6c-11dd-a44a-001fd001ab72}]
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://home.hetnet.nl/~stefsmeenk/CFScript.gif
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.
plaats ook een nieuw HJT logje
Pazziej 3 May 2009, 23:20 Beste Juisterr,
Ik heb je instructies opgevolgd en alles gedaan zoals het moest.
toen Combofix klaar was en mijn computer opnieuw opstarte kreeg ik een melding dat er iets beschadigd was en windows niet op kon starten, wat ik moest doen was windows met de installatie CD opstarten.
toen ik dat gedaan had kreeg ik een Toepassingsfout van winlogon.exe en kon ik dus niet inloggen.
is nu de enige optie om mijn PC gewoon maar te formatteren of zijn er nog andere opties?
Pazziej 4 May 2009, 11:37 ok ik heb het weten te fixen, ik kan nu weer inloggen en toen Combofix na het inloggen een log aan het maken was kreeg ik een BSoD van Memory_management 0x01a
ik heb dus geen log van CF voor je maar hier is een HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:51, on 4-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241377002559
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241377035366
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://aika.hanbiton.com/Game/HLauncher.cab
O16 - DPF: {B7CCB9D7-B3CE-48BF-9042-06F73DA581AC} (MoondoCtrl Class) - http://ecdownload.moondo.com/conrad/6813e/moondoax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes. dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopCont rolPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamContro l.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
--
End of file - 9067 bytes
Pazziej 4 May 2009, 12:50 ik heb er nu een error bij gekregen:cry::cry::cry:
flash10a.ocx
en dan iets met internet explorer
Juisterr 4 May 2009, 19:06 update je windows eens aub.
Pazziej 5 May 2009, 00:44 http://img8.imageshack.us/img8/1588/windowsupdate.th.jpg (http://img8.imageshack.us/my.php?image=windowsupdate.jpg)
en de BSoD die ik de heletijd krijg zijn:
PFN_LIST_CORRUPT 0x0000004E
PAGE_FAULT_IN_NONPAGED_AREA 0x00000050
MEMORY_MANAGEMENT 0x0000001A
(geen naam) 0x0000008E
Pazziej 5 May 2009, 13:20 http://img12.imageshack.us/img12/3230/windowsupdatez.th.jpg (http://img12.imageshack.us/my.php?image=windowsupdatez.jpg)
en de BSoD die ik krijg zijn:
PFN_FILE_CORRUPT 0x0000004E
PAGE_FAULT_IN_NONPAGED_AREA 0x0000008E
MEMORY_MANAGEMENT 0x0000001A
(nog een zonder naam) 0x0000008E
Juisterr 5 May 2009, 13:50 Ik denk toch dat ik je beter kan doorsturen naar hardware, vermoedelijk is er iets stuk.
|
|