Ga naar inhoud

Opstarten AVG Malwerebytes Hi jack this...............enz


joska

Aanbevolen berichten

  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Zo die mbam heb ik gedaan alleen log stond uit, heb je dat perse nodig ??

Heeft wel 3 besmettingen verwijderd.

Hier Hijack logje :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:23:19, on 10-5-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

C:\Program Files\2G\GBS Digitaal\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Plus500\main\InvestSoftProject.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {6eba7ab6-9866-4c07-a735-5fa9845f81d3} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab

O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{375E3FB0-C333-4184-B53A-9E7070F62BF5}: NameServer = 84.2.44.1 84.2.46.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: GBSApache - Apache Software Foundation - C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

O23 - Service: GBSMySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

--

End of file - 10083 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {6eba7ab6-9866-4c07-a735-5fa9845f81d3} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{375E3FB0-C333-4184-B53A-9E7070F62BF5}: NameServer = 84.2.44.1 84.2.46.1

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites

combi log

ComboFix 11-05-09.04 - Gebruiker 10-05-2011 23:29:20.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2940.2391 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Mijn documenten\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Gebruiker\Application Data\PriceGong

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Gebruiker\Local Settings\Application Data\tmu.exe

c:\documents and settings\Gebruiker\Sjablonen\s4pa1d277v48kplk6

c:\documents and settings\Gebruiker\WINDOWS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-10 to 2011-05-10 ))))))))))))))))))))))))))))))

.

.

2011-05-10 21:09 . 2011-05-10 21:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG

2011-05-10 16:51 . 2011-05-10 20:15 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2011-05-10 16:51 . 2011-05-10 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-04-15 19:58 . 2011-04-15 19:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-14 23:10 . 2011-04-14 23:10 -------- d-----w- C:\$AVG

2011-04-13 12:42 . 2011-04-13 12:42 -------- d-----w- C:\Microgaming

2011-04-13 12:42 . 2011-04-13 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2009-02-17 09:24 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2009-02-17 09:25 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2009-02-17 09:25 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2009-02-17 09:25 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2009-02-17 09:24 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2009-02-17 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2009-02-17 09:24 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2009-02-17 09:25 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2009-02-17 09:25 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2009-02-17 09:24 290432 ----a-w- c:\windows\system32\atmfd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-04-25 2253112]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Registry Reviver"="c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe" [2011-01-22 1716032]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-13 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-13 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-13 141848]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 16860672]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\2G\\GBS Digitaal\\apache\\bin\\apache.exe"=

"c:\\Documents and Settings\\Gebruiker\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Gebruiker\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\WebCallDirect.com\\WebCallDirect\\WebCallDirect.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\FileHippo.com\\UpdateChecker.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R2 GBSApache;GBSApache;c:\program files\2G\GBS Digitaal\apache\bin\apache.exe [9-11-2006 10:39 16896]

R2 GBSMySQL;GBSMySQL;"c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\2G\GBS Digitaal\mysql\bin\myGBS.cnf" GBSMySQL --> c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt [?]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17-2-2009 11:25 20160]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [7-10-2009 22:32 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WUAUSERV

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004Core.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 17:14]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004UA.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 17:14]

.

2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

2011-05-10 c:\windows\Tasks\Registry Reviver-Gebruiker-Startup.job

- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2011-02-04 14:33]

.

2011-05-10 c:\windows\Tasks\User_Feed_Synchronization-{02361792-D5A7-4357-9E1C-AADB8871148C}.job

- c:\windows\system32\msfeedssync.exe [2009-02-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: 127.0.0.1

Trusted Zone: localhost

DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab

DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{6EBA7AB6-9866-4C07-A735-5FA9845F81D3} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-10 23:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

c:\windows\TEMP\TMP000000151587F2A92E0DC7D3 524288 bytes

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GBSMySQL]

"ImagePath"="\"c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\2G\GBS Digitaal\mysql\bin\myGBS.cnf\" GBSMySQL"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]

@Denied: (Full) (Everyone)

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

@="Internet Explorer-versie bijwerken"

"ComponentID"="IEUDINIT"

"DontAsk"=dword:00000002

"IsInstalled"=dword:00000001

"Locale"="*"

"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"

"Version"="8,0,6001,0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

"DontAsk"=dword:00000002

"Version"="11,0,5721,5145"

"IsInstalled"=dword:00000000

"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"

@="Microsoft Windows Media Player"

"ComponentID"="WMPACCESS"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

@="Internet Explorer"

"ComponentID"="IEACCESS"

"Dontask"=dword:00000002

"IsInstalled"=dword:00000001

"Locale"="*"

"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -UserIconConfig"

"Version"="8,0,6001,18702"

"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

@="Browser Customizations"

"ComponentiD"="BRANDING.CAB"

"IsInstalled"=dword:00000001

"Locale"="*"

"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052"

"StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

"Version"="8,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

@="Browser-aanpassingen"

"ComponentID"="BRANDING.CAB"

"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

"Version"="6,0,2900,5512"

"Locale"="*"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

@="Outlook Express"

"ComponentID"="OEACCESS"

"Dontask"=dword:00000002

"IsInstalled"=dword:00000001

"Locale"="*"

"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"

"Version"="2,0,0,0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

@="Java (Sun)"

"ComponentID"="JAVAVM"

"IsInstalled"=dword:00000001

"KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll"

"Version"="5,0,5000,0"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]

@="Vector Graphics Rendering (VML)"

"ComponentID"="MSVML"

"Version"="6,0,2462,0001"

"IsInstalled"=hex:01,00,00,00

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}]

@=".NET Framework"

"ComponentID"=".NETFramework"

"Version"="1,0,4322,0"

"Locale"=""

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]

@=""

"ComponentID"="NetShow"

"IsInstalled"=dword:00000001

"DontAsk"=dword:00000002

"Locale"="NL"

"StubPath"=""

"Version"="11,0,5721,5145"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

"ComponentID"="Microsoft Windows Media Player"

"DontAsk"=dword:00000002

"Locale"="NLD"

"StubPath"=""

"IsInstalled"=dword:00000001

@="Microsoft Windows Media Player 6.4"

"Version"="11,0,5721,5145"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]

@="DirectAnimation"

"IsInstalled"=dword:00000001

"Version"="6,0,3,531"

"Locale"="NL"

"ComponentID"="DirectAnimation"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

@="Themes Setup"

"ComponentID"="Theme Component"

"IsInstalled"=dword:00000001

"Locale"="NL"

"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"

"Version"="1,1,1,7"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]

@="Dynamische HTML met gegevensbinding voor Java"

"ComponentID"="TridataJava"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,7,0,0320"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

"Version"="8,0,6001,18702"

@="Offline Browsing Pack"

"ComponentID"="MobilePk"

"IsInstalled"=dword:00000001

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]

@="Uniscribe"

"ComponentID"="USP10"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="1,397,2406,1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]

@="Geavanceerd bewerken"

"ComponentID"="AdvAuth"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="6,0,2900,5512"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"Version"="6,0,2900,5512"

@="Microsoft Outlook Express 6"

"IsInstalled"=dword:00000001

"Locale"="nl"

"ComponentID"="MailNews"

"CloneUser"=dword:00000001

"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

@="NetMeeting 3.01"

"ComponentID"="NetMeeting"

"IsInstalled"=hex:01,00,00,00

"Version"="4,4,0,3400"

"Locale"="NL"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]

@="DirectShow"

"ComponentID"="activemovie"

"IsInstalled"=dword:00000001

"DontAsk"=dword:00000002

"Locale"="NL"

"Version"="11,0,5721,5145"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,71,1113,0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

@="Internet Explorer Help"

"ComponentID"="HelpCont"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="8,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]

@="DirectAnimation Java Classes"

"ComponentID"="DAJava"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="6,00,01,0223"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

@="Microsoft Windows Script 5.8"

"ComponentID"="MSVBScript"

"IsInstalled"=dword:00000001

"Locale"="NL"

"Version"="5,8,6001,23000"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]

@="Beveiligingsupdate voor Windows XP (KB923789)"

"IsInstalled"=dword:00000001

"Version"="6,0,88,0"

"ComponentID"="KB923789"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"

@="Windows Messenger 4.7"

"ComponentID"="Messenger"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"

"Locale"="NL"

"Version"="4,7,0,3000"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]

"(Default)"="Internet Connection Wizard"

"ComponentID"="ICW"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="5,00,2918,1900"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

@="Internet Explorer Setup Tools"

"ComponentID"="GenSetup"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="8,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"Version"="8,0,6001,18702"

@="Browsing Enhancements"

"ComponentID"="ExtraPack"

"IsInstalled"=dword:00000001

"Locale"="*"

"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

@="Microsoft Windows Media Player"

"ComponentID"="Microsoft Windows Media Player"

"DontAsk"=dword:00000002

"Locale"="NLD"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"

"IsInstalled"=dword:00000001

"Version"="11,0,5721,5145"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

@="MSN Site Access"

"ComponentID"="MSN_Auth"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,9,9,2"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"Version"="6,0,2600,0000"

@="Adresboek 6"

"IsInstalled"=dword:00000001

"Locale"="NL"

"ComponentID"="WAB"

"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

"Version"="6,0,2900,5512"

@="Windows Desktop Update"

"ComponentID"="IE4Shell_NT"

"IsInstalled"=dword:00000001

"Locale"="nl"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

"Version"="8,0,6001,18702"

@="Internet Explorer"

"ComponentID"="BASEIE40_W2K"

"IsInstalled"=dword:00000001

"Locale"="en"

"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"

"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"DontAsk"=dword:00000002

"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"

"IsInstalled"=dword:00000001

"ComponentID"="DOTNETFRAMEWORKS"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]

"ComponentID"="M928366"

"Version"="1,1,4322"

@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

"Locale"="*"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

@="Dynamic HTML Data Binding"

"ComponentID"="Tridata"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="8,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}]

"ComponentID"=".NETFramework"

@=".NET Framework"

"Locale"=""

"Version"="2,0,50727,1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

"Version"="6,0,2800,5512"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]

"Locale"=""

"Version"="2,0,50727,0"

"ComponentID"=".NETFramework"

@=".NET Framework"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]

"Locale"=""

"Version"="2,0,50727,0"

"ComponentID"=".NETFramework"

@=".NET Framework"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

@="Internet Explorer Core Fonts"

"ComponentID"="Fontcore"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="8,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]

@="Taakplanner"

"ComponentID"="MSTASK"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,71,1968,1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]

"ComponentID"="Windows Movie Maker v2.1"

"IsInstalled"=hex:01,00,00,00

"Version"="2,1,4026,0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@="Adobe Flash Player"

"ComponentID"="Flash"

"IsInstalled"=hex:01,00,00,00

"Version"="10.0.45.2"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

@="HTML Help"

"ComponentID"="HTMLHelp"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="6,0,6001,18702"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

@="Active Directory Service Interface"

"ComponentID"="ADSI"

"IsInstalled"=hex:01,00,00,00

"Locale"="EN"

"Version"="5,0,00,0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}]

@="RootsUpdate"

"IsInstalled"=dword:00000001

"Version"="19,0,2195,0"

"Locale"="*"

"ComponentID"="Windows Roots Update"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(5316)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\windows\system32\acs.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Voltooingstijd: 2011-05-10 23:38:50 - machine werd herstart

ComboFix-quarantined-files.txt 2011-05-10 21:38

.

Pre-Run: 106.995.212.288 bytes beschikbaar

Post-Run: 107.212.083.200 bytes beschikbaar

.

- - End Of File - - DCD2DDFB35DD1753C570BCD586B3A93F

Hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:42:00, on 10-5-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

C:\Program Files\2G\GBS Digitaal\mysql\bin\mysqld-nt.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab

O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{375E3FB0-C333-4184-B53A-9E7070F62BF5}: NameServer = 84.2.46.1 84.2.44.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: GBSApache - Apache Software Foundation - C:\Program Files\2G\GBS Digitaal\apache\bin\apache.exe

O23 - Service: GBSMySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

--

End of file - 8779 bytes

Hoop dat alles in orde is !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.