Vraag & Antwoord

Beveiliging & privacy

automatisch abort search Spybot?? en weer trage PC opstart

12 antwoorden
  • Hallo, Ik heb nav allerlei downloads door hubbie (oa Skype) vandaag eerst ATF Cleaner gebruikt en daarna AVG antivirus, AVG antispyware en Ad-aware gedaan. Allen zonder resultaat cq. er zijn geen gevonden problemen/virussen. Als laatste wilde ik Spybot doen. Tot mijn verbazing zegt hij vrij snel na starten van de search: search aborted by user. en dat terwijl ik niets gedaan heb. Daarbij zit het beeld vast, ik kan er alleen uit via Taakbeheer. Daarbij is lijkt het opstarten van de verschillende software ook weer vertraagd. Enig idee? Hierbij een mijn HIJACKTHIS file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:54:58, on 16-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localho;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Snelkoppeling naar FoxHot.lnk = C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/02d65e075e23b2c34705/netzip/RdxIE601.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 8888 bytes
  • Hallo [b:b36fb4320f]Schakel tijdelijk Windows Defender uit[/b:b36fb4320f] Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan) * Open Windows Defender > Klik [b:b36fb4320f]Tools[/b:b36fb4320f] * Klik [b:b36fb4320f]"General Settings"[/b:b36fb4320f] * Scroll naar [b:b36fb4320f]"Real Time Protection Options"[/b:b36fb4320f] * Haal het vinkje weg bij [b:b36fb4320f]"Turn on Real Time Protection (recommended)"[/b:b36fb4320f] > Klik [b:b36fb4320f]"Save"[/b:b36fb4320f] * Sluit Windows Defender (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten) Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:b36fb4320f] O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/02d65e075e23b2c34705/netzip/RdxIE601.cab [/b:b36fb4320f] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://java.sun.com/javase/downloads/index.jsp][b:b36fb4320f][color=blue:b36fb4320f]Java Runtime Environment (JRE) 6u4[/color:b36fb4320f][/b:b36fb4320f][/url]. [list:b36fb4320f][*:b36fb4320f]Scroll omlaag naar : "[i:b36fb4320f]Java Runtime Environment (JRE) 6u4[/i:b36fb4320f]". [*:b36fb4320f]Klik op de "[b:b36fb4320f]Download[/b:b36fb4320f]" knop aan de rechterkant. [*:b36fb4320f]In het uitklapmenu rechts naast [b:b36fb4320f]Platform[/b:b36fb4320f], selecteer [color=blue:b36fb4320f][b:b36fb4320f]Windows[/b:b36fb4320f][/color:b36fb4320f] [*:b36fb4320f]Vink aan: "[b:b36fb4320f]I agree to the Java SE Runtime Environment 6 License Agreement[/b:b36fb4320f]", en klik op [b:b36fb4320f]Continue[/b:b36fb4320f]. [*:b36fb4320f]De pagina zal herladen. [*:b36fb4320f]Klik op de [b:b36fb4320f]jre-6u4-windows-i586-p.exe[/b:b36fb4320f] link ONDER [b:b36fb4320f]Windows Offline Installation[/b:b36fb4320f] en bewaar het naar je Bureaublad. [*:b36fb4320f]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:b36fb4320f]Ga dan naar [b:b36fb4320f]Start[/b:b36fb4320f] > [b:b36fb4320f]Configuratiescherm[/b:b36fb4320f] > [b:b36fb4320f]Software[/b:b36fb4320f] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:b36fb4320f]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:b36fb4320f]Klik dan op [b:b36fb4320f]Verwijderen[/b:b36fb4320f] of op de [b:b36fb4320f]Wijzig/Verwijder[/b:b36fb4320f] knop. [*:b36fb4320f]Herhaal dit tot alle oudere versies verdwenen zijn. [*:b36fb4320f]Na het verwijderen van alle oudere versies, [b:b36fb4320f]herstart[/b:b36fb4320f] je pc. [*:b36fb4320f]Dubbelklik vervolgens op [b:b36fb4320f]jre-6u4-windows-i586-p.exe[/b:b36fb4320f] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:b36fb4320f] plaats even een nieuw LOGje en vertel even hoe het nu gaat.
  • Hi, Er stond inderdaad een hele berg aan oude JAVA. Het opstarten lijkt iets verbeterd, maar lijkt nog niet wat het eerst was. Hierbij mijn log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:34:00, on 21-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localho;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Snelkoppeling naar FoxHot.lnk = C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8880 bytes Fijn dat je meekijkt, Roos.
  • Goede middag Roos. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:0ddb59dbf3]Combofix[/b:0ddb59dbf3][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:0ddb59dbf3]download Combofix opnieuw[/b:0ddb59dbf3]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:0ddb59dbf3] Dubbelklik op [b:0ddb59dbf3]Combofix.exe[/b:0ddb59dbf3] Volg de instructies, aanvaard de disclaimer door [b:0ddb59dbf3]1[/b:0ddb59dbf3] (continue) te typen, gevolgd door [b:0ddb59dbf3]ENTER[/b:0ddb59dbf3]. Tijdens het runnen van de fix, [b:0ddb59dbf3]NIET[/b:0ddb59dbf3] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:0ddb59dbf3] Wanneer de fix voltooid is en na herstart, zal de log [b:0ddb59dbf3]combofix.txt[/b:0ddb59dbf3] openen. [i:0ddb59dbf3]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:0ddb59dbf3] succes
  • Hoi, Combofix uitvoeren ging prima, alleen kon ik het internet niet meer op. Door controle van de verbinding via Windows kon de verbinding worden hersteld, maar ik snap er niets van. Hierbij het log van combofix: ComboFix 08-01-20.1 - RonaldH 2008-01-21 14:41:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.509 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\RonaldH\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red:40bad364e2][b:40bad364e2]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:40bad364e2][/color:40bad364e2] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))) . 2008-01-21 14:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-21 14:35 . 2008-01-21 14:35 <DIR> dr-h-c--- C:\Documents and Settings\RonaldH\Onlangs geopend 2008-01-21 08:29 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-21 08:28 . 2008-01-21 08:28 <DIR> d-------- C:\Program Files\Common Files\Java 2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d----c--- C:\Documents and Settings\RonaldH\Application Data\TuneUp Software 2008-01-16 14:30 . 2008-01-16 14:32 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-01-16 14:30 . 2008-01-16 14:30 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-01-16 14:30 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-01-12 21:33 . 2008-01-12 21:33 <DIR> d----c--- C:\Documents and Settings\RonaldH\Application Data\skypePM 2008-01-12 21:33 . 2008-01-12 21:33 32 --a--c--- C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-12 21:31 . 2008-01-12 21:31 <DIR> d-------- C:\Program Files\Skype 2008-01-12 21:31 . 2008-01-12 21:31 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-01-12 21:31 . 2008-01-12 21:35 <DIR> d----c--- C:\Documents and Settings\RonaldH\Application Data\Skype 2008-01-12 21:31 . 2008-01-12 21:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Skype 2008-01-11 14:25 . 2008-01-21 09:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 14:25 . 2008-01-11 14:25 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-10 20:39 . 2008-01-10 20:39 <DIR> d-------- C:\Program Files\iPod 2008-01-10 20:38 . 2008-01-10 20:44 <DIR> d-------- C:\Program Files\iTunes 2008-01-10 20:36 . 2008-01-10 20:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-01-10 20:36 . 2008-01-10 20:36 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-05 16:57 . 2008-01-05 16:57 <DIR> d----c--- C:\KIKKER 2008-01-03 10:44 . 2008-01-03 10:44 <DIR> d----c--- C:\DE_REUZENDVD . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 09:00 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-01-21 08:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 07:29 --------- d-----w C:\Program Files\Java 2008-01-20 23:00 --------- dc----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-16 13:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-16 11:06 --------- d-----w C:\Program Files\RogueRemover FREE 2008-01-13 12:48 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-13 12:47 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-10 19:38 --------- d-----w C:\Program Files\QuickTime 2008-01-10 19:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-07 20:16 --------- dc----w C:\Documents and Settings\RonaldH\Application Data\AVG7 2008-01-03 09:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-31 13:26 --------- d-----w C:\Program Files\SpywareBlaster 2007-12-21 20:22 --------- dc----w C:\Documents and Settings\RonaldH\Application Data\AdobeUM 2007-12-06 22:53 --------- d-----w C:\Program Files\PhotoFiltre 2007-11-29 14:20 --------- d-----w C:\Program Files\a-squared HiJackFree 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 17:46 164 -c--a-w C:\install.dat 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-31_ 8.59.09.40 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys + 2007-07-06 13:10:33 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll + 2007-07-06 13:10:33 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll + 2007-07-06 13:10:33 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll + 2007-07-06 13:10:33 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll + 2007-07-06 13:10:33 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll + 2007-07-06 13:10:33 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll + 2007-07-06 13:10:33 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll + 2007-07-06 13:10:33 504,832 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll + 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll + 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe + 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll + 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe + 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll + 2007-10-29 22:41:52 1,291,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll + 2007-10-10 23:42:26 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll + 2007-10-10 23:42:26 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll + 2007-10-10 23:42:26 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll + 2007-10-10 23:42:26 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll + 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe + 2007-10-10 23:42:26 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll + 2007-10-10 23:42:26 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll + 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat + 2007-10-10 23:42:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll + 2007-10-10 23:42:27 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll + 2007-10-10 23:42:31 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll + 2007-10-10 23:42:31 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll + 2007-10-10 23:42:32 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll + 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe + 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe + 2007-10-10 23:42:33 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll + 2007-10-10 23:42:33 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll + 2007-10-10 23:42:33 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll + 2007-10-30 23:42:26 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll + 2007-10-10 23:42:36 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll + 2007-10-10 23:42:36 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll + 2007-10-10 23:42:37 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll + 2007-10-10 23:42:37 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll + 2007-10-10 23:42:37 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll + 2007-10-10 23:42:38 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll + 2007-10-10 23:42:39 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll + 2007-10-10 23:42:39 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2008-01-21 13:41:10 1,437,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000001\NTUSER.DAT + 2008-01-21 13:41:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000002\UsrClass.dat + 2008-01-21 13:41:11 6,684,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000003\NTUSER.DAT + 2008-01-21 13:41:11 180,224 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000004\UsrClass.dat + 2008-01-21 13:41:11 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000005\NTUSER.DAT + 2008-01-21 13:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:40bad364e2]0[/u:40bad364e2]0000006\UsrClass.dat + 2007-08-20 10:02:06 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll + 2007-08-20 10:02:06 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll + 2007-08-20 10:02:06 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll + 2007-08-20 10:02:06 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll + 2007-08-17 10:23:18 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe + 2007-08-20 10:02:06 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll + 2007-08-20 10:02:06 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll + 2007-08-20 10:02:06 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll + 2007-08-20 10:02:06 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll + 2007-08-20 10:02:07 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll + 2007-08-20 10:02:07 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll + 2007-08-20 10:02:07 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll + 2007-08-17 10:23:18 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe + 2007-08-17 10:23:36 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe + 2007-08-20 10:02:07 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll + 2007-08-20 10:02:07 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll + 2007-08-20 10:02:07 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll + 2007-08-20 10:02:07 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll + 2007-08-20 10:02:07 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll + 2007-08-20 10:02:07 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll + 2007-08-20 10:02:08 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll + 2007-08-20 10:02:08 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll + 2007-03-06 01:58:28 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe + 2007-03-06 01:59:37 389,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll + 2007-08-20 10:02:08 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll + 2007-08-20 10:02:08 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll + 2007-08-20 10:02:08 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll + 2007-08-20 10:02:08 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll + 2008-01-10 19:39:30 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe + 2007-11-17 21:49:12 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe - 2007-09-17 12:17:10 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe + 2007-11-01 09:18:18 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe - 2007-09-17 12:17:10 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe + 2007-11-01 09:18:18 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe + 2007-11-01 09:18:18 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe + 2007-11-01 09:18:18 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe - 2007-08-20 10:02:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-10-10 23:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-08-20 10:02:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2007-08-20 10:02:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-10-10 23:53:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-20 10:02:06 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-10-10 23:53:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-08-20 10:02:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2007-10-10 23:53:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-08-17 10:23:18 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-10-10 11:02:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-08-20 10:02:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-10-10 23:53:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-08-20 10:02:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2007-10-10 23:53:52 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2007-08-20 10:02:06 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-08-20 10:02:06 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-10-10 23:53:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-08-20 10:02:07 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2007-08-20 10:02:07 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-10-10 23:53:54 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-08-20 10:02:07 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-08-17 10:23:18 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2007-08-17 10:23:36 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-08-20 10:02:07 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-10-10 23:53:55 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2006-08-17 12:30:16 727,040 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:30:24 727,040 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys + 2007-07-06 12:52:21 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll + 2007-07-06 12:52:21 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll + 2007-07-06 12:52:21 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll + 2007-07-06 12:52:21 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll + 2007-07-06 12:52:21 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll + 2007-07-06 12:52:22 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll + 2007-07-06 12:52:22 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll + 2007-07-06 12:52:22 504,832 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll - 2007-08-20 10:02:07 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2007-10-10 23:53:55 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2007-08-20 10:02:07 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2007-10-10 23:53:55 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-08-20 10:02:07 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-10-30 23:27:15 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-20 10:02:07 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-10-10 23:53:57 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-08-20 10:02:07 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-10-10 23:53:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-20 10:02:08 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-10-10 23:53:58 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-08-20 10:02:08 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2007-10-10 23:53:58 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2007-10-29 22:45:24 1,291,776 -c----w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-12-19 21:51:37 8,500,736 -c----w C:\WINDOWS\system32\dllcache\shell32.dll + 2007-10-25 16:44:49 8,507,392 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll - 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys - 2007-08-20 10:02:08 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2007-10-10 23:53:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-08-20 10:02:08 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-10-10 23:53:59 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-08-20 10:02:08 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2007-10-10 23:53:59 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-08-20 10:02:08 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-10-10 23:54:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll + 2007-10-25 08:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll - 2006-12-11 09:08:10 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys + 2007-12-21 08:12:35 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys - 2007-06-25 17:59:43 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys + 2007-12-21 08:12:26 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys + 2007-07-11 13:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys - 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys + 2007-08-07 12:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys + 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - 2004-08-04 05:58:20 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys - 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys + 2007-08-07 12:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys - 2007-04-09 13:16:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys + 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-31 13:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys - 2007-08-20 10:02:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-10-10 23:53:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-20 10:02:06 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-10-10 23:53:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2006-10-03 18:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll - 2007-08-20 10:02:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2007-10-10 23:53:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-08-17 10:23:18 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-10-10 11:02:26 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-08-20 10:02:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-10-10 23:53:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-08-20 10:02:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-10-10 23:53:52 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-08-20 10:02:06 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-10-10 23:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-08-20 10:02:06 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-10-10 23:53:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-08-20 10:02:07 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-10-10 23:53:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-20 10:02:07 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-10-10 23:53:54 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-08-20 10:02:07 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-10-10 23:53:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-08-17 10:23:18 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2007-12-13 23:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-12-13 23:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-12-14 00:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-08-20 10:02:07 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-10-10 23:53:55 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-06-11 12:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2007-06-11 12:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2004-08-04 08:03:13 138,240 ----a-w C:\WINDOWS\system32\mqad.dll + 2007-07-06 12:52:21 138,240 ----a-w C:\WINDOWS\system32\mqad.dll - 2004-08-04 08:03:13 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll + 2007-07-06 12:52:21 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll - 2004-08-04 08:03:13 16,896 ----a-w C:\WINDOWS\system32\mqise.dll + 2007-07-06 12:52:21 16,896 ----a-w C:\WINDOWS\system32\mqise.dll - 2004-08-04 08:03:14 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll + 2007-07-06 12:52:21 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll - 2004-08-04 08:03:14 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll + 2007-07-06 12:52:21 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll - 2004-08-04 08:03:14 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll + 2007-07-06 12:52:22 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll - 2004-08-04 08:03:14 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll + 2007-07-06 12:52:22 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll - 2004-08-04 08:03:14 504,832 ----a-w C:\WINDOWS\system32\mqutil.dll + 2007-07-06 12:52:22 504,832 ----a-w C:\WINDOWS\system32\mqutil.dll - 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-08-20 10:02:07 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-10-10 23:53:55 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-08-20 10:02:07 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-10-10 23:53:55 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-08-20 10:02:07 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 23:27:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-20 10:02:07 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-10-10 23:53:57 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-20 10:02:07 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-10-10 23:53:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-20 10:02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-10-10 23:53:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-08-20 10:02:08 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2007-10-10 23:53:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll - 2006-12-19 21:51:37 8,500,736 ----a-w C:\WINDOWS\system32\shell32.dll + 2007-10-25 16:44:49 8,507,392 ----a-w C:\WINDOWS\system32\shell32.dll - 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe - 2006-11-29 16:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe + 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe - 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe - 2007-08-20 10:02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-10-10 23:53:58 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-20 10:02:08 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-10-10 23:53:59 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2006-11-27 01:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe - 2007-08-20 10:02:08 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-10-10 23:53:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-08-20 10:02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-10-10 23:54:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll - 2007-06-18 22:24:36 369,664 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-10-29 15:07:26 369,664 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496] "CountrySelection"="pctptt.exe" [2000-08-31 12:59 71168 C:\WINDOWS\system32\pctptt.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-09-27 14:38 4214784] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50 28672] "Cmaudio"="cmicnfg.cpl" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:12 579072] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:47 219136] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 05:53 34880] C:\Documents and Settings\RonaldH\Menu Start\Programma's\Opstarten\ Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-03 51984] Snelkoppeling naar FoxHot.lnk - C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe [2007-11-03 22:04:50 167936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime R2 Pctspk;W2k PCtel speaker phone;C:\WINDOWS\system32\pctspk.exe [2000-08-31 12:59] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03] S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 22:31] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-16 14:30] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map "2008-01-18 16:16:48 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-01-11 22:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-21 08:29:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 14:42:52 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-21 14:43:41 ComboFix-quarantined-files.txt 2008-01-21 13:43:25 . 2008-01-17 21:14:21 --- E O F --- En het log van HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:52, on 21-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\rsvp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localho;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Snelkoppeling naar FoxHot.lnk = C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9175 bytes Enig idee? groetjes, Roos.
  • Hallo, Helaas een kleine aanvulling op mijn vorige berichtje. Spybot was nu helemaal niet meer te openen en Ad-aware bevroor. Gelukkig kon ik er via Taakbeheer nog uit. Ik heb spybot verwijderd en opnieuw geïnstalleerd. Eerst bevroor Spybot ook, maar het lijkt nu weer oké. Ad-aware kreeg ik nu pas weer aan de praat, nàdat ik de firewall weer aan had gezet. Gezien bovenstaand HIJACKlog, kan iemand hier iets mee? groet, Roos.
  • Hallo Roos, Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:9654d2d819][b:9654d2d819]RVAXO.exe[/b:9654d2d819][/color:9654d2d819][/url] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Je kunt het programma laten uitpakken naar je bureaublad. Open nu de map RVAXO op je bureaublad en dubbelklik [b:9654d2d819]RVAXO.cmd[/b:9654d2d819] Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:9654d2d819]Mogelijk[/b:9654d2d819] start er ook een uninstaller van een rogue scanner op, [b:9654d2d819]sluit deze niet af[/b:9654d2d819] maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent. Deze is eventueel ook hier te vinden: C:\[b:9654d2d819]RVAXO-results.log[/b:9654d2d819] Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis. Herstart je PC niet? Laat [b:9654d2d819]RVAXO[/b:9654d2d819] nog een keer lopen en post dan het nieuwe logje: [b:9654d2d819]C:\rvaxo-results.log [/b:9654d2d819] succes
  • Hallo juisterr, Hierbij de logjes: ---RVAXO.exe Updated: [color=red:11710178c5]2008-01-22[/color:11710178c5]---first run--- Files found: Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished---------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:58, on 22-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localho;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Snelkoppeling naar FoxHot.lnk = C:\Documents and Settings\RonaldH\Mijn documenten\Foxhot\FoxHot.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8715 bytes En, zie je bijzondere dingen die eea zouden kunnen verklaren? groet, Roos.
  • Nee, logje ziet er schoon uit zo.
  • Hallo, Dan snap ik niet hoe het beeld dan kan bevriezen..... de snelheid lijkt weer in orde. Mijn dank is groot. Mochten zich nog problemen voordoen dan laat ik het je weten. Wel heb ik nog een vraag: eind oktober hebben we ook een akkefietje gehad met een trage PC na virusverwijdering. Toen heb ik ook combofix gebruikt. In het recentste logje staat WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! Hoewel ik niet het idee heb dat deze tussentijds verwijderd is. Ik zie deze opmerking/waarschuwing niet staan in het logje uit oktober. Hoe zit dat? En is dat gewoon te 'herstellen' of moet dit persé met een windows CD? Na de laatste verhuizing zijn deze CD's nl. ff zoek. groetjes, Roos.
  • trek je er maar niet teveel van aan. belangrijker is dat je systeem het nu weer doet. Je cd zoek, balen, ik ken dat van mij is hij stuk, net zo erg.
  • Dank je Juisterr!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.