Het heeft even geduurd, maar hier zijn de logjes:
Autoscan: completed 21 minutes ago (events: 27, objects: 2708093, time: 12:50:07)
4-9-2010 9:38:13 Task started
4-9-2010 9:45:18 Detected: Trojan-Dropper.Win32.Agent.cxtg C:\Documents and Settings\Administrator\Local Settings\Application Data\kuqprjomf\apfpxxishdw.exe
4-9-2010 9:52:54 Deleted: Trojan-Dropper.Win32.Agent.cxtg C:\Documents and Settings\Administrator\Local Settings\Application Data\kuqprjomf\apfpxxishdw.exe
4-9-2010 10:13:47 Detected: Trojan-Dropper.Win32.Agent.cxtg C:\Documents and Settings\Administrator\Local Settings\Application Data\tujpqqotc\ahaqqlxshdw.exe
4-9-2010 10:23:02 Detected: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5872441-yakety sax original studio version.mp3
4-9-2010 10:23:12 Detected: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\yakety sax (instrumental version).mp3
4-9-2010 12:45:28 Deleted: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\yakety sax (instrumental version).mp3
4-9-2010 12:45:29 Detected: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\yakety sax new hottest single.snd
4-9-2010 12:45:29 Deleted: Trojan-Dropper.Win32.Agent.cxtg C:\Documents and Settings\Administrator\Local Settings\Application Data\tujpqqotc\ahaqqlxshdw.exe
4-9-2010 12:45:41 Deleted: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Incomplete\T-5872441-yakety sax original studio version.mp3
4-9-2010 12:46:05 Deleted: Trojan-Downloader.WMA.GetCodec.u C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\yakety sax new hottest single.snd
4-9-2010 15:33:42 Detected: Trojan.Win32.Pincav.afqa C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002011.exe
4-9-2010 15:33:46 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002013.exe/UPX
4-9-2010 15:33:46 Detected: Trojan-Dropper.Win32.FrauDrop.bcy C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002034.exe
4-9-2010 16:32:42 Deleted: Trojan.Win32.Pincav.afqa C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002011.exe
4-9-2010 16:32:49 Deleted: Trojan-Dropper.Win32.FrauDrop.bcy C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002034.exe
4-9-2010 16:32:52 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002013.exe
4-9-2010 16:32:52 Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP2\A0002013.exe
4-9-2010 16:32:56 Detected: P2P-Worm.Win32.Palevo.avbt C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002114.exe
4-9-2010 16:33:01 Detected: Packed.Win32.Krap.hc C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002157.dll
4-9-2010 16:33:02 Deleted: P2P-Worm.Win32.Palevo.avbt C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002114.exe
4-9-2010 16:33:02 Detected: Trojan-Dropper.Win32.Agent.cxtg C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002163.exe
4-9-2010 16:33:03 Detected: Trojan-Dropper.Win32.Agent.cxtg C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002164.exe
4-9-2010 16:33:10 Deleted: Packed.Win32.Krap.hc C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002157.dll
4-9-2010 16:33:13 Deleted: Trojan-Dropper.Win32.Agent.cxtg C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002164.exe
4-9-2010 16:33:15 Deleted: Trojan-Dropper.Win32.Agent.cxtg C:\System Volume Information\_restore{C77C8E93-2FD5-4D3D-914D-07F1C97410BA}\RP3\A0002163.exe
4-9-2010 22:28:21 Task completed
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4541
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4-9-2010 9:26:09
mbam-log-2010-09-04 (09-26-09).txt
Scantype: Snelle scan
Objecten gescand: 143002
Verstreken tijd: 8 minuut/minuten, 6 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 6
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Documents and Settings\Administrator\Application Data\wscntfy.exe (Worm.VBNA) -> Quarantined and deleted successfully.
C:\lsass.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\WMVAdv.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:01, on 4-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_10-22\setup_9.0.0.722_04.09.2010_10-22.exe
D:\Downloads\Opruiming\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tudelft.nl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -“http://www.spele.nl/game/magisch_gevecht/monopoly.html”
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘Default user’)
O4 - Startup: setup_9.0.0.722_04.09.2010_10-22.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_10-22\startup.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - D:\Downloads\Opruiming\The Cleaner\mhelper.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe
–
End of file - 7555 bytes
Waarom nog in “Safe mode ”
Download CCleaner en reinig je PC
Start CCleaner en klik “Gereedschap” klik nu rechtsonder op “opslaan als tekstbestand”en zet het logje op je Bureaublad
Post de inhoud van C:\Install.txt in je volgende antwoord
Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het “NirCmd” venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post het logje van ComboFix
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
Alleen hijack this was in safe mode toch? Als deze nog nodig is, dan draai ik hem ook even in normale mode.
Hierbij de log van combofix:
ComboFix 10-09-04.06 - Administrator 05-09-2010 10:25:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2046.1527
Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: F-Secure Client Security 7.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\.COMMgr
c:\documents and settings\Administrator\Application Data\F9C603223F0F6A4D8ACB707B17EA7A28
c:\documents and settings\Administrator\Application Data\F9C603223F0F6A4D8ACB707B17EA7A28\enemies-names.txt
c:\documents and settings\Administrator\Application Data\F9C603223F0F6A4D8ACB707B17EA7A28\local.ini
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\server.dat
c:\windows\system32\ReadMe.txt
c:\windows\system32\Thumbs.db
Besmet exemplaar van c:\windows\system32\drivers\wmiacpi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-05 to 2010-09-05 ))))))))))))))))))))))))))))))
.
2010-09-05 07:41 . 2010-09-05 07:41 ——– d—–w- c:\documents and settings\Administrator\Application Data\AVG9
2010-09-03 19:55 . 2010-09-03 20:00 664 —-a-w- c:\windows\system32\d3d9caps.dat
2010-09-03 09:13 . 2010-09-04 07:52 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\kuqprjomf
2010-09-03 09:13 . 2010-09-04 10:45 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\tujpqqotc
2010-08-31 13:51 . 2010-08-31 13:51 ——– d-sh–w- c:\documents and settings\NetworkService\IETldCache
2010-08-28 09:48 . 2010-08-28 09:48 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 07:38 . 2009-11-03 12:26 ——– d—–w- c:\documents and settings\All Users\Application Data\avg9
2010-09-04 06:57 . 2010-05-26 13:50 ——– d—–w- c:\documents and settings\All Users\Application Data\moosoft
2010-09-03 18:31 . 2010-03-15 12:26 ——– d—–w- c:\documents and settings\Administrator\Application Data\thecleaner
2010-09-03 10:11 . 2008-10-06 10:12 ——– d—–w- c:\program files\Common Files\Business Objects
2010-08-27 09:49 . 2009-03-10 10:54 ——– d—–w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-27 09:17 . 2009-05-03 14:45 ——– d—–w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-08-11 22:48 . 2008-10-06 10:11 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-16 15:16 . 2009-03-29 16:43 243024 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:16 . 2010-07-16 15:16 12536 —-a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:16 . 2009-03-29 16:43 216400 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 1980-01-01 00:00 149504 —-a-w- c:\windows\system32\schannel.dll
2010-06-24 21:32 . 2010-06-24 21:31 1975408 —-a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-06-24 21:32 . 2010-06-24 21:31 2605008 —-a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-06-24 12:22 . 1980-01-01 00:00 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 00:00 1851904 —-a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 —-a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-10-06 08:25 744448 —-a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 00:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
2008-04-07 06:59 . 2008-10-06 09:00 67696 —-a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2008-10-06 09:00 54376 —-a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2008-10-06 09:00 34952 —-a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2008-10-06 09:00 46720 —-a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2008-10-06 09:00 172144 —-a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-11-09 15:10 . 2007-11-09 15:10 30288 —-a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 . 2007-11-09 15:10 79440 —-a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 . 2007-11-09 15:10 75344 —-a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 . 2007-11-09 15:10 140880 —-a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 . 2007-11-09 15:10 42576 —-a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 . 2007-11-09 15:10 50768 —-a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 . 2007-11-09 15:10 34384 —-a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 15:11 . 2007-11-09 15:11 685648 —-a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 . 2007-11-09 15:11 30288 —-a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
——- Sigcheck ——-
2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . . . c:\windows\system32\drivers\atapi.sys
2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . . . c:\windows\system32\dllcache\asyncmac.sys
2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . . . c:\windows\system32\drivers\asyncmac.sys
2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . . . c:\windows\system32\dllcache\beep.sys
2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . . . c:\windows\system32\drivers\beep.sys
2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . . . c:\windows\system32\drivers\kbdclass.sys
2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . . . c:\windows\system32\dllcache\ndis.sys
2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . . . c:\windows\system32\drivers\ndis.sys
2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . . . c:\windows\system32\dllcache\ntfs.sys
2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . . . c:\windows\system32\drivers\ntfs.sys
2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . . . c:\windows\system32\dllcache\null.sys
2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . . . c:\windows\system32\drivers\null.sys
2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . . . c:\windows\system32\dllcache\tcpip.sys
2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . . . c:\windows\system32\drivers\tcpip.sys
2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . . . c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . . . c:\windows\system32\browser.dll
2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . . . c:\windows\system32\dllcache\browser.dll
2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . . . c:\windows\system32\lsass.exe
2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . . . c:\windows\system32\dllcache\lsass.exe
2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . . . c:\windows\system32\netman.dll
2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . . . c:\windows\system32\dllcache\netman.dll
2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . . . c:\windows\system32\qmgr.dll
2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . . . c:\windows\system32\dllcache\qmgr.dll
2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . . . c:\windows\system32\rpcss.dll
2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . . . c:\windows\system32\dllcache\rpcss.dll
2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . . . c:\windows\$NtUninstallKB956572$\rpcss.dll
2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . . . c:\windows\system32\services.exe
2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . . . c:\windows\system32\dllcache\services.exe
2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . . . c:\windows\$NtUninstallKB956572$\services.exe
2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . . . c:\windows\system32\spoolsv.exe
2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . . . c:\windows\system32\dllcache\spoolsv.exe
2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . . . c:\windows\system32\winlogon.exe
2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . . . c:\windows\system32\dllcache\winlogon.exe
2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . . . c:\windows\system32\comctl32.dll
2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . . . c:\windows\system32\dllcache\comctl32.dll
2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . . . c:\windows\system32\cryptsvc.dll
2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . . . c:\windows\system32\dllcache\cryptsvc.dll
2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . . . c:\windows\system32\es.dll
2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . . . c:\windows\system32\dllcache\es.dll
2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
2008-04-14 05:41 . 19A799805B24990867B00C120D300C3A . 246272 . . . . c:\windows\$NtUninstallKB950974$\es.dll
2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . . . c:\windows\system32\imm32.dll
2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . . . c:\windows\system32\dllcache\imm32.dll
2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . . . c:\windows\system32\kernel32.dll
2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . . . c:\windows\system32\dllcache\kernel32.dll
2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . . . c:\windows\$NtUninstallKB959426$\kernel32.dll
2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . . . c:\windows\system32\linkinfo.dll
2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . . . c:\windows\system32\dllcache\linkinfo.dll
2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . . . c:\windows\system32\lpk.dll
2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . . . c:\windows\system32\dllcache\lpk.dll
2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . . . c:\windows\system32\msvcrt.dll
2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . . . c:\windows\system32\dllcache\msvcrt.dll
2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . . . c:\windows\system32\mswsock.dll
2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . . . c:\windows\system32\dllcache\mswsock.dll
2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . . . c:\windows\$NtUninstallKB951748$\mswsock.dll
2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . . . c:\windows\system32\netlogon.dll
2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . . . c:\windows\system32\dllcache\netlogon.dll
2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . . . c:\windows\system32\powrprof.dll
2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . . . c:\windows\system32\dllcache\powrprof.dll
2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . . . c:\windows\system32\scecli.dll
2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . . . c:\windows\system32\dllcache\scecli.dll
2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . . . c:\windows\system32\sfc.dll
2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . . . c:\windows\system32\dllcache\sfc.dll
2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . . . c:\windows\system32\svchost.exe
2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . . . c:\windows\system32\dllcache\svchost.exe
2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . . . c:\windows\system32\tapisrv.dll
2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . . . c:\windows\system32\dllcache\tapisrv.dll
2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . . . c:\windows\system32\user32.dll
2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . . . c:\windows\system32\dllcache\user32.dll
2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . . . c:\windows\system32\userinit.exe
2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . . . c:\windows\system32\dllcache\userinit.exe
2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . . . c:\windows\system32\ws2_32.dll
2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . . . c:\windows\system32\dllcache\ws2_32.dll
2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . . . c:\windows\system32\ws2help.dll
2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . . . c:\windows\system32\dllcache\ws2help.dll
2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . . . c:\windows\explorer.exe
2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . . . c:\windows\system32\dllcache\explorer.exe
2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . . . c:\windows\system32\ole32.dll
2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . . . c:\windows\system32\dllcache\ole32.dll
2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . . . c:\windows\system32\srsvc.dll
2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . . . c:\windows\system32\dllcache\srsvc.dll
2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . . . c:\windows\system32\wscntfy.exe
2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . . . c:\windows\system32\dllcache\wscntfy.exe
2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . . . c:\windows\system32\xmlprov.dll
2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . . . c:\windows\system32\dllcache\xmlprov.dll
2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . . . c:\windows\system32\eventlog.dll
2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . . . c:\windows\system32\dllcache\eventlog.dll
2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . . . c:\windows\system32\sfcfiles.dll
2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . . . c:\windows\system32\dllcache\sfcfiles.dll
2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . . . c:\windows\system32\ctfmon.exe
2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . . . c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . . . c:\windows\system32\shsvcs.dll
2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . . . c:\windows\system32\dllcache\shsvcs.dll
2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . . . c:\windows\system32\regsvc.dll
2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . . . c:\windows\system32\dllcache\regsvc.dll
2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . . . c:\windows\system32\schedsvc.dll
2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . . . c:\windows\system32\dllcache\schedsvc.dll
2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . . . c:\windows\system32\ssdpsrv.dll
2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . . . c:\windows\system32\dllcache\ssdpsrv.dll
2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . . . c:\windows\system32\termsrv.dll
2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . . . c:\windows\system32\dllcache\termsrv.dll
2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . . . c:\windows\system32\appmgmts.dll
2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . . . c:\windows\system32\dllcache\appmgmts.dll
2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . . . c:\windows\system32\drivers\acpiec.sys
2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . . . c:\windows\system32\dllcache\aec.sys
2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . . . c:\windows\system32\drivers\aec.sys
2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . . . c:\windows\system32\dllcache\ip6fw.sys
2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . . . c:\windows\system32\drivers\ip6fw.sys
2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . . . c:\windows\system32\mfc40u.dll
2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . . . c:\windows\system32\dllcache\mfc40u.dll
2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . . . c:\windows\system32\msgsvc.dll
2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . . . c:\windows\system32\dllcache\msgsvc.dll
2008-04-14 05:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . . . c:\windows\system32\mspmsnsv.dll
2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . . . c:\windows\system32\dllcache\mspmsnsv.dll
2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . . . c:\windows\system32\ntmssvc.dll
2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . . . c:\windows\system32\dllcache\ntmssvc.dll
2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . . . c:\windows\system32\upnphost.dll
2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . . . c:\windows\system32\dllcache\upnphost.dll
2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . . . c:\windows\system32\dsound.dll
2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . . . c:\windows\system32\dllcache\dsound.dll
2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . . . c:\windows\system32\d3d9.dll
2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . . . c:\windows\system32\dllcache\d3d9.dll
2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . . . c:\windows\system32\ddraw.dll
2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . . . c:\windows\system32\dllcache\ddraw.dll
2008-04-14 05:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . . . c:\windows\system32\olepro32.dll
2008-04-14 05:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . . . c:\windows\system32\dllcache\olepro32.dll
2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . . . c:\windows\system32\perfctrs.dll
2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . . . c:\windows\system32\dllcache\perfctrs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
“Shockwave Updater”=“c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
“NeroHomeFirstStart”=“c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe”
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
backup=c:\windows\pss\Philips SA19xx Apparaatbeheer.lnkCommon Startup
2008-01-11 20:16 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
2007-03-09 16:53 153136 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
2008-11-02 07:39 167936 —-a-w- d:\downloads\PowerISO\PWRISOVM.EXE
2008-11-02 07:39 167936 —-a-w- d:\downloads\PowerISO\PWRISOVM.EXE
2007-12-11 08:56 286720 —-a-w- c:\program files\QuickTime\QTTask.exe
2009-04-29 10:28 468408 —-a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
2009-10-09 12:11 25623336 —-a-r- c:\program files\Skype\Phone\Skype.exe
2004-11-05 08:59 155648 —-a-w- c:\program files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
2009-10-11 03:17 149280 —-a-w- c:\program files\Java\jre6\bin\jusched.exe
2010-03-14 19:07 2810368 —-a-w- d:\downloads\Opruiming\The Cleaner\tcap.exe
“EnableFirewall”= 0 (0x0)
“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“d:\\Games\\Unreal Tournament\\System\\UT2004.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\AVG\\AVG9\\avgupd.exe”=
“c:\\Program Files\\AVG\\AVG9\\avgnsx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“d:\\Downloads\\Muziek\\Utorrent\\uTorrent.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe”=
“d:\\UnrealTournament\\System\\UnrealTournament.exe”=
“d:\\Downloads\\Muziek\\Limewire\\LimeWire.exe”=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe
R2 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe
R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe
S2 moohelp;The Cleaner 2011 Helper Service;d:\downloads\Opruiming\The Cleaner\mhelper.exe
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
2008-08-19 09:32 130169 —-a-w- c:\program files\CES EduPack 2008\ActivateCesedupack2008.EXE
2009-03-08 02:32 128512 —-a-w- c:\windows\system32\advpack.dll
.
Inhoud van de ‘Gedeelde Taken’ map
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{83337DB9-B62B-4B8D-A770-CD1ECDF23B8D}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.tudelft.nl/
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2dhw1qc5.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
——- Bestandsassociaties ——-
.
.scr=AutoCADScriptFile
.
**************************************************************************
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (2) (Administrator)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,a9,64,ff,71,21,aa,4f,aa,c0,38,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,a9,64,ff,71,21,aa,4f,aa,c0,38,\
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101”
“Enabled”=dword:00000001
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
@=“{00020424-0000-0000-C000-000000000046}”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
Voltooingstijd: 2010-09-05 10:38:56
ComboFix-quarantined-files.txt 2010-09-05 08:38
Pre-Run: 4.574.535.680 bytes free
Post-Run: 4.548.452.352 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
- - End Of File - - 37FF374C2FFBF8D36E3372B5594A3561
Open een kladblokbestand.
Kopieer het onderstaande(vet gedrukte) en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\kuqprjomf
c:\documents and settings\Administrator\Local Settings\Application Data\tujpqqotc
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
Maak een nieuwe hijackthislog en post deze ook.(normale Modus)
Combofix:
ComboFix 10-09-04.06 - Administrator 05-09-2010 15:09:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2046.1347
Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: F-Secure Client Security 7.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\Application Data\kuqprjomf
c:\documents and settings\Administrator\Local Settings\Application Data\tujpqqotc
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-05 to 2010-09-05 ))))))))))))))))))))))))))))))
.
2010-09-05 07:41 . 2010-09-05 07:41 ——– d—–w- c:\documents and settings\Administrator\Application Data\AVG9
2010-09-03 19:55 . 2010-09-03 20:00 664 —-a-w- c:\windows\system32\d3d9caps.dat
2010-08-31 13:51 . 2010-08-31 13:51 ——– d-sh–w- c:\documents and settings\NetworkService\IETldCache
2010-08-28 09:48 . 2010-08-28 09:48 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 12:44 . 2009-05-03 14:45 ——– d—–w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-09-05 07:38 . 2009-11-03 12:26 ——– d—–w- c:\documents and settings\All Users\Application Data\avg9
2010-09-04 06:57 . 2010-05-26 13:50 ——– d—–w- c:\documents and settings\All Users\Application Data\moosoft
2010-09-03 18:31 . 2010-03-15 12:26 ——– d—–w- c:\documents and settings\Administrator\Application Data\thecleaner
2010-09-03 10:11 . 2008-10-06 10:12 ——– d—–w- c:\program files\Common Files\Business Objects
2010-08-27 09:49 . 2009-03-10 10:54 ——– d—–w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-11 22:48 . 2008-10-06 10:11 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-16 15:16 . 2009-03-29 16:43 243024 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:16 . 2010-07-16 15:16 12536 —-a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:16 . 2009-03-29 16:43 216400 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 1980-01-01 00:00 149504 —-a-w- c:\windows\system32\schannel.dll
2010-06-24 21:32 . 2010-06-24 21:31 1975408 —-a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-06-24 21:32 . 2010-06-24 21:31 2605008 —-a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-06-24 12:22 . 1980-01-01 00:00 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 00:00 1851904 —-a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 —-a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-10-06 08:25 744448 —-a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 00:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
2008-04-07 06:59 . 2008-10-06 09:00 67696 —-a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2008-10-06 09:00 54376 —-a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2008-10-06 09:00 34952 —-a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2008-10-06 09:00 46720 —-a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2008-10-06 09:00 172144 —-a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-11-09 15:10 . 2007-11-09 15:10 30288 —-a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 . 2007-11-09 15:10 79440 —-a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 . 2007-11-09 15:10 75344 —-a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 . 2007-11-09 15:10 140880 —-a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 . 2007-11-09 15:10 42576 —-a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 . 2007-11-09 15:10 50768 —-a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 . 2007-11-09 15:10 34384 —-a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 15:11 . 2007-11-09 15:11 685648 —-a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 . 2007-11-09 15:11 30288 —-a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
——- Sigcheck ——-
2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . . . c:\windows\system32\drivers\atapi.sys
2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . . . c:\windows\system32\dllcache\asyncmac.sys
2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . . . c:\windows\system32\drivers\asyncmac.sys
2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . . . c:\windows\system32\dllcache\beep.sys
2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . . . c:\windows\system32\drivers\beep.sys
2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . . . c:\windows\system32\drivers\kbdclass.sys
2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . . . c:\windows\system32\dllcache\ndis.sys
2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . . . c:\windows\system32\drivers\ndis.sys
2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . . . c:\windows\system32\dllcache\ntfs.sys
2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . . . c:\windows\system32\drivers\ntfs.sys
2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . . . c:\windows\system32\dllcache\null.sys
2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . . . c:\windows\system32\drivers\null.sys
2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . . . c:\windows\system32\dllcache\tcpip.sys
2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . . . c:\windows\system32\drivers\tcpip.sys
2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . . . c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . . . c:\windows\system32\browser.dll
2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . . . c:\windows\system32\dllcache\browser.dll
2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . . . c:\windows\system32\lsass.exe
2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . . . c:\windows\system32\dllcache\lsass.exe
2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . . . c:\windows\system32\netman.dll
2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . . . c:\windows\system32\dllcache\netman.dll
2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . . . c:\windows\system32\qmgr.dll
2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . . . c:\windows\system32\dllcache\qmgr.dll
2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . . . c:\windows\system32\rpcss.dll
2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . . . c:\windows\system32\dllcache\rpcss.dll
2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . . . c:\windows\$NtUninstallKB956572$\rpcss.dll
2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . . . c:\windows\system32\services.exe
2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . . . c:\windows\system32\dllcache\services.exe
2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . . . c:\windows\$NtUninstallKB956572$\services.exe
2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . . . c:\windows\system32\spoolsv.exe
2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . . . c:\windows\system32\dllcache\spoolsv.exe
2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . . . c:\windows\system32\winlogon.exe
2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . . . c:\windows\system32\dllcache\winlogon.exe
2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . . . c:\windows\system32\comctl32.dll
2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . . . c:\windows\system32\dllcache\comctl32.dll
2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . . . c:\windows\system32\cryptsvc.dll
2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . . . c:\windows\system32\dllcache\cryptsvc.dll
2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . . . c:\windows\system32\es.dll
2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . . . c:\windows\system32\dllcache\es.dll
2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
2008-04-14 05:41 . 19A799805B24990867B00C120D300C3A . 246272 . . . . c:\windows\$NtUninstallKB950974$\es.dll
2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . . . c:\windows\system32\imm32.dll
2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . . . c:\windows\system32\dllcache\imm32.dll
2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . . . c:\windows\system32\kernel32.dll
2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . . . c:\windows\system32\dllcache\kernel32.dll
2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . . . c:\windows\$NtUninstallKB959426$\kernel32.dll
2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . . . c:\windows\system32\linkinfo.dll
2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . . . c:\windows\system32\dllcache\linkinfo.dll
2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . . . c:\windows\system32\lpk.dll
2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . . . c:\windows\system32\dllcache\lpk.dll
2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . . . c:\windows\system32\msvcrt.dll
2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . . . c:\windows\system32\dllcache\msvcrt.dll
2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . . . c:\windows\system32\mswsock.dll
2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . . . c:\windows\system32\dllcache\mswsock.dll
2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . . . c:\windows\$NtUninstallKB951748$\mswsock.dll
2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . . . c:\windows\system32\netlogon.dll
2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . . . c:\windows\system32\dllcache\netlogon.dll
2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . . . c:\windows\system32\powrprof.dll
2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . . . c:\windows\system32\dllcache\powrprof.dll
2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . . . c:\windows\system32\scecli.dll
2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . . . c:\windows\system32\dllcache\scecli.dll
2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . . . c:\windows\system32\sfc.dll
2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . . . c:\windows\system32\dllcache\sfc.dll
2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . . . c:\windows\system32\svchost.exe
2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . . . c:\windows\system32\dllcache\svchost.exe
2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . . . c:\windows\system32\tapisrv.dll
2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . . . c:\windows\system32\dllcache\tapisrv.dll
2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . . . c:\windows\system32\user32.dll
2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . . . c:\windows\system32\dllcache\user32.dll
2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . . . c:\windows\system32\userinit.exe
2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . . . c:\windows\system32\dllcache\userinit.exe
2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . . . c:\windows\system32\ws2_32.dll
2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . . . c:\windows\system32\dllcache\ws2_32.dll
2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . . . c:\windows\system32\ws2help.dll
2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . . . c:\windows\system32\dllcache\ws2help.dll
2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . . . c:\windows\explorer.exe
2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . . . c:\windows\system32\dllcache\explorer.exe
2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . . . c:\windows\system32\ole32.dll
2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . . . c:\windows\system32\dllcache\ole32.dll
2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . . . c:\windows\system32\srsvc.dll
2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . . . c:\windows\system32\dllcache\srsvc.dll
2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . . . c:\windows\system32\wscntfy.exe
2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . . . c:\windows\system32\dllcache\wscntfy.exe
2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . . . c:\windows\system32\xmlprov.dll
2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . . . c:\windows\system32\dllcache\xmlprov.dll
2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . . . c:\windows\system32\eventlog.dll
2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . . . c:\windows\system32\dllcache\eventlog.dll
2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . . . c:\windows\system32\sfcfiles.dll
2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . . . c:\windows\system32\dllcache\sfcfiles.dll
2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . . . c:\windows\system32\ctfmon.exe
2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . . . c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . . . c:\windows\system32\shsvcs.dll
2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . . . c:\windows\system32\dllcache\shsvcs.dll
2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . . . c:\windows\system32\regsvc.dll
2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . . . c:\windows\system32\dllcache\regsvc.dll
2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . . . c:\windows\system32\schedsvc.dll
2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . . . c:\windows\system32\dllcache\schedsvc.dll
2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . . . c:\windows\system32\ssdpsrv.dll
2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . . . c:\windows\system32\dllcache\ssdpsrv.dll
2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . . . c:\windows\system32\termsrv.dll
2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . . . c:\windows\system32\dllcache\termsrv.dll
2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . . . c:\windows\system32\appmgmts.dll
2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . . . c:\windows\system32\dllcache\appmgmts.dll
2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . . . c:\windows\system32\drivers\acpiec.sys
2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . . . c:\windows\system32\dllcache\aec.sys
2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . . . c:\windows\system32\drivers\aec.sys
2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . . . c:\windows\system32\dllcache\ip6fw.sys
2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . . . c:\windows\system32\drivers\ip6fw.sys
2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . . . c:\windows\system32\mfc40u.dll
2008-04-14 05:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . . . c:\windows\system32\dllcache\mfc40u.dll
2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . . . c:\windows\system32\msgsvc.dll
2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . . . c:\windows\system32\dllcache\msgsvc.dll
2008-04-14 05:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . . . c:\windows\system32\mspmsnsv.dll
2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . . . c:\windows\system32\dllcache\mspmsnsv.dll
2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . . . c:\windows\system32\ntmssvc.dll
2008-04-14 05:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . . . c:\windows\system32\dllcache\ntmssvc.dll
2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . . . c:\windows\system32\upnphost.dll
2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . . . c:\windows\system32\dllcache\upnphost.dll
2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . . . c:\windows\system32\dsound.dll
2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . . . c:\windows\system32\dllcache\dsound.dll
2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . . . c:\windows\system32\d3d9.dll
2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . . . c:\windows\system32\dllcache\d3d9.dll
2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . . . c:\windows\system32\ddraw.dll
2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . . . c:\windows\system32\dllcache\ddraw.dll
2008-04-14 05:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . . . c:\windows\system32\olepro32.dll
2008-04-14 05:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . . . c:\windows\system32\dllcache\olepro32.dll
2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . . . c:\windows\system32\perfctrs.dll
2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . . . c:\windows\system32\dllcache\perfctrs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
“Shockwave Updater”=“c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
“NeroHomeFirstStart”=“c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe”
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
backup=c:\windows\pss\Philips SA19xx Apparaatbeheer.lnkCommon Startup
2008-01-11 20:16 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
2007-03-09 16:53 153136 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
2008-11-02 07:39 167936 —-a-w- d:\downloads\PowerISO\PWRISOVM.EXE
2008-11-02 07:39 167936 —-a-w- d:\downloads\PowerISO\PWRISOVM.EXE
2007-12-11 08:56 286720 —-a-w- c:\program files\QuickTime\QTTask.exe
2009-04-29 10:28 468408 —-a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
2009-10-09 12:11 25623336 —-a-r- c:\program files\Skype\Phone\Skype.exe
2004-11-05 08:59 155648 —-a-w- c:\program files\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
2009-10-11 03:17 149280 —-a-w- c:\program files\Java\jre6\bin\jusched.exe
2010-03-14 19:07 2810368 —-a-w- d:\downloads\Opruiming\The Cleaner\tcap.exe
“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“d:\\Games\\Unreal Tournament\\System\\UT2004.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\AVG\\AVG9\\avgupd.exe”=
“c:\\Program Files\\AVG\\AVG9\\avgnsx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“d:\\Downloads\\Muziek\\Utorrent\\uTorrent.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe”=
“d:\\UnrealTournament\\System\\UnrealTournament.exe”=
“d:\\Downloads\\Muziek\\Limewire\\LimeWire.exe”=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe
R2 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe
R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe
S2 moohelp;The Cleaner 2011 Helper Service;d:\downloads\Opruiming\The Cleaner\mhelper.exe
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
2008-08-19 09:32 130169 —-a-w- c:\program files\CES EduPack 2008\ActivateCesedupack2008.EXE
2009-03-08 02:32 128512 —-a-w- c:\windows\system32\advpack.dll
.
Inhoud van de ‘Gedeelde Taken’ map
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{83337DB9-B62B-4B8D-A770-CD1ECDF23B8D}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = hxxp://www.tudelft.nl/
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2dhw1qc5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 15:16
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (2) (Administrator)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,a9,64,ff,71,21,aa,4f,aa,c0,38,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,a9,64,ff,71,21,aa,4f,aa,c0,38,\
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101”
“Enabled”=dword:00000001
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
@=“{00020424-0000-0000-C000-000000000046}”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘explorer.exe’(5000)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-09-05 15:19:08
ComboFix-quarantined-files.txt 2010-09-05 13:19
ComboFix2.txt 2010-09-05 08:38
Pre-Run: 4.422.688.768 bytes free
Post-Run: 4.494.053.376 bytes beschikbaar
- - End Of File - - 4D733C7BC2798AC84A0163186F5F9673
Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:21:40, on 5-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\Opruiming\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tudelft.nl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -“http://www.spele.nl/game/magisch_gevecht/monopoly.html”
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - D:\Downloads\Opruiming\The Cleaner\mhelper.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe
–
End of file - 8185 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
