Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Winpatrol alert: regedit.exe %1 wijzigen in regedit.exe %1%*

None
23 antwoorden
  • Na veel Googlen en lezen op dit forum ben ik nog niet veel wijzer geworden, dus ik deponeer mijn vraag maar hier.

    Gisteravond laat bleek mijn pc volgens Spybot S&D geïnfecteerd met o.a. Virtumonde, Trojan.Agent.BOW, Trojan-Downloader.mutant en Trojan.Pandex.ILG. Niet zo fraai, temeer omdat ik al jaren betaal voor de virusscan van McAfee die geen melding gaf. Ik ontdekte dat er iets mis was doordat ik van Planet een mail kreeg dat ze mijn emailaccount geblokkeerd hebben i.v.m. spam abuse vanaf mijn IP adres. Toen ben ik gaan Googlen wat er aan de hand kon zijn en heb Spybot en HJT gedownload.

    Na scannen met Spybot, nog voordat ik iets kon verwijderen, kwam er een melding dat services.exe moetst worden afgesloten, en daarna een alsmaar terugkerende melding NT AUTHORITY\SYSTEM sluit in 60 sec. het systeem af, statuscode 1073741819. Dit bleef repeteren, dus elke 60 sec. sloot de pc af en startte weer op. Daarbij kreeg ik ook steeds pop-ups van Antivirus XP 2008 en meldde McAfee elke 7 seconden dat het FakeAlert-AQ geblokkeerd en verwijderd had.

    Na veel gezoek via een oeroude pc die nog op zolder stond leer Google me dat ik MBAM moest installeren, en die heeft in de snelle scan e.e.a. verwijderd. Daarna kon ik gewoon weer opstarten en leek alles weer normaal. Ik heb voor de zekerheid ook nog de volledige scan door MBAM laten doen, en die heeft nog eens 5 files verwijderd.

    Tot zover lijkt alles dus in orde.
    Maar nu vraagt Winpatrol om de paar minuten toestemming om
    regedit.exe %1 te wijzigen in regedit.exe %1 %*
    en
    company name %1 /S te wijzigen in company name %1 /S %*
    (dit laatste betreft een .SCR file)

    Ik weiger steeds toestemming voor deze wijziging, maar het blijft maar terugkomen.

    Wat is het, en moet ik het toestaan???

    Sorry voor het lange verhaal, maar ik ben al vanaf vanmorgen 8.00 uur onafgebroken bezig met deze hele toestand, ik ben aan het eind van mijn latijn…
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:39:43, on 3-9-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe
    C:\Program Files\MemoKit\memokit2.exe
    C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin
    edirect/?country=NL&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline
    l.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
    O4 - Startup: Replicator.lnk = C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191858067593
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: mrldauc - mrldauc.dll (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe


    End of file - 11088 bytes
  • Aangezien ik al 3 dagen wacht en niemand de moeite heeft genomen te antwoorden mag dit topic gesloten worden. Ik probeer het wel ergens anders… :(
  • 3 dagen ? Je logje staat anders maar sinds gisteren op dit forum. Maar goed … als je wil kan je nog even dit doen.

    Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:7ee18f367d]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O9 - Extra button: (no name) - {2d663d1a-8670-49d9-a1a5-4c56b4e14e84} - (no file)
    O20 - Winlogon Notify: mrldauc - mrldauc.dll (file missing)[/b:7ee18f367d]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:7ee18f367d]MBAM (Malwarebytes' Anti-Malware)[/b:7ee18f367d] hier :
    http://www.besttechie.net/tools/mbam-setup.exe

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log. En laat meteen eens weten of je probleem hiermee opgelost is ?
  • Sorry voor het ongeduld, maar ik ben al vanaf zondagavond bezig met telkens weer resp. AdAware, Spybot, MBAM en daarna in veilige modus McAfee Virusscan er op los te laten, en na herstart komt steeds weer Antivirus XP 2008 te voorschijn en de regedit alert. Steeds wordt wat gevonden en verwijderd, maar het probleem bestaat nog steeds. Ik durf zo langzamerhand mijn pc niet meer te gebruiken en slaap er zelfs niet van…..

    Maar goed, ik heb gedaan wat je vroeg en hier dus de logs (MBAM heeft trouwens niet gevraagd de pc opnieuw op te starten na de scan en verwijdering van gevonden items):


    Malwarebytes' Anti-Malware 1.26
    Database versie: 1113
    Windows 5.1.2600 Service Pack 2

    5-9-2008 1:55:00
    mbam-log-2008-09-05 (01-55-00).txt

    Scan type: Snelle Scan
    Objecten gescand: 53802
    Verstreken tijd: 4 minute(s), 10 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 3
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 23
    Bestanden geïnfecteerd: 18

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc790j0e31c (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc790j0e31c (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    C:\Program Files\rhc790j0e31c (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\rhc790j0e31c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\rhc790j0e31c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\Program Files\rhc790j0e31c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\rhc790j0e31c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\rhc790j0e31c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc790j0e31c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphc390j0e31c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phc390j0e31c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureaublad\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:05:55, on 5-9-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe
    C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\MemoKit\memokit2.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin
    edirect/?country=NL&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline
    l.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
    O4 - Startup: Replicator.lnk = C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin
    pjpi160_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin
    pjpi160_05.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191858067593
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe


    End of file - 11337 bytes
  • Nog vergeten te vermelden: Winpatrol vraagt niet meer om toestemming regedit te mogen wijzigen, maar nog wel of company name %1 /S gewijzigd mag worden in company name %1 %*.

    Ik ben zo blij met je reactie, ik heb nu weer hoop dat het waarschijnlijk goed zal komen en ga nu dan toch maar proberen een oog dicht te doen… :wink:
  • [quote:5a80f9d258="Tuckertje"]Sorry voor het ongeduld, maar ik ben al vanaf zondagavond bezig … durf zo langzamerhand mijn pc niet meer te gebruiken en slaap er zelfs niet van….. [/quote:5a80f9d258] Heb er wel veel begrip voor dat je bij dergelijke problemen een beetje hopeloos wordt, maar anderzijds moet je ook begrijpen dat hier alleen maar vrijwilligers werken die ook nog andere zaken aan hun hoofd hebben. Maar dit terzijde …

    Eerst het goede nieuws : MBAM heeft flink huisgehouden tussen je besmettingen en je HJT-log ziet er prima uit. Wil je - voor alle zekerheid - nog eens het volgende uitvoeren :

    Download SDFix hier : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart je PC in veilige modus.
    Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.
    Typ Y om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten (dit duurt langer dan gewoonlijk).
    Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te b
    eëindigen en je bureaubladiconen weer te laden.
    Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.
    Kopieer en plak nu de inhoud van dat rapportje hier.

    En dan het slechte nieuws : na heel wat zoekwerk op Internet vind ik geen enkele aanwijzing voor de resterende foutmelding in Winpatrol en ook geen aanduidingen hoe je deze dan wel zou kunnen oplossen. Kan aan mij liggen, natuurlijk :( Kan je in de help van Winpatrol of de handleiding (indien aanwezig) geen spoor vinden van dit soort foutmeldingen en het waarom ervan ?
  • Goeiemorgen KAPE, erg bedankt voor je hulp! :)

    SDFix log:


    [b:ab67f2af86]SDFix: Version 1.221 [/b:ab67f2af86]
    Run by Gebruiker on vr 05-09-2008 at 09:10

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\SDFix

    [b:ab67f2af86]Checking Services [/b:ab67f2af86]:


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    [b:ab67f2af86]Checking Files [/b:ab67f2af86]:

    Trojan Files Found:

    C:\-67098~1 - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008\License Agreement.lnk - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008\Uninstall.lnk - Deleted
    C:\Documents and Settings\Gebruiker\Local Settings\Temp\.tt9.tmp.exe - Deleted
    C:\WINDOWS\Temp\.ttA.tmp.exe - Deleted
    C:\WINDOWS\Temp\.ttA.tmp.exe - Deleted
    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\.tt9.tmp.exe - Deleted
    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted
    C:\WINDOWS\system32\13.tmp - Deleted
    C:\WINDOWS\system32\15.tmp - Deleted
    C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008.lnk - Deleted
    C:\WINDOWS\wiaservb.log - Deleted



    Folder C:\Documents and Settings\All Users\Menu Start\Programma's\Antivirus XP 2008 - Removed


    Removing Temp Files

    [b:ab67f2af86]ADS Check [/b:ab67f2af86]:



    [b:ab67f2af86]Final Check [/b:ab67f2af86]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-05 09:20:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    [b:ab67f2af86]Remaining Services [/b:ab67f2af86]:




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\SoulseekNS\\slsk.exe"="C:\\Program Files\\SoulseekNS\\slsk.exe:*:Enabled:SoulSeek"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b:ab67f2af86]Remaining Files [/b:ab67f2af86]:


    File Backups: - C:\SDFix\backups\backups.zip

    [b:ab67f2af86]Files with Hidden Attributes [/b:ab67f2af86]:

    Sat 18 Nov 2006 208 A.SHR — "C:\BOOT.BAK"
    Tue 4 Jun 2002 84,992 A..HR — "C:\Program Files\Replay Converter\14_43260.dll"
    Tue 4 Jun 2002 44,032 A..HR — "C:\Program Files\Replay Converter\28_83260.dll"
    Tue 10 Dec 2002 73,766 A..HR — "C:\Program Files\Replay Converter\atrc3260.dll"
    Tue 10 Dec 2002 65,575 A..HR — "C:\Program Files\Replay Converter\cook3260.dll"
    Mon 27 Jun 2005 616,448 A.SHR — "C:\Program Files\Replay Converter\cygwin1.dll"
    Wed 22 Jun 2005 45,568 A.SHR — "C:\Program Files\Replay Converter\cygz.dll"
    Tue 4 Jun 2002 20,480 A..HR — "C:\Program Files\Replay Converter\dnet3260.dll"
    Tue 10 Dec 2002 176,165 A..HR — "C:\Program Files\Replay Converter\drv23260.dll"
    Tue 10 Dec 2002 94,208 A..HR — "C:\Program Files\Replay Converter\drv33260.dll"
    Tue 10 Dec 2002 217,127 A..HR — "C:\Program Files\Replay Converter\drv43260.dll"
    Sun 4 Nov 2001 225,280 A..HR — "C:\Program Files\Replay Converter\ivvideo.dll"
    Tue 10 Apr 2001 225,280 A..HR — "C:\Program Files\Replay Converter\qtmlClient.dll"
    Fri 20 Feb 2004 548,940 A..HR — "C:\Program Files\Replay Converter\raac.dll"
    Tue 10 Dec 2002 102,439 A..HR — "C:\Program Files\Replay Converter\sipr3260.dll"
    Mon 7 Jul 2008 1,429,840 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 18 Aug 2008 1,832,272 A.SHR — "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sat 16 Jun 2007 145,920 ..SHR — "C:\Program Files\WinPatrol\Setup.exe"
    Thu 14 Jul 2005 27,648 A.SH. — "C:\WINDOWS\system32\AVSredirect.dll"
    Tue 18 Sep 2007 145,920 ..SHR — "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
    Tue 22 Apr 2008 20,487 A.SHR — "C:\Program Files\McAfee\MQC\MRU.bak"
    Tue 22 Apr 2008 265 A.SHR — "C:\Program Files\McAfee\MQC\qcconf.bak"
    Wed 14 Nov 2007 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Wed 14 Nov 2007 0 A.SH. — "C:\Documents and Settings\All Users\DRM Backup\Cache\Indiv02.tmp"
    Sun 16 Jul 2006 20 A..H. — "C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn muziek\Back-up van licentie\drmv1lic.bak"
    Mon 20 Aug 2007 14,772 A.SH. — "C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn muziek\Back-up van licentie\drmv2key.bak"
    Wed 4 Apr 2001 28,738 A..HR — "C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\office2002\MSDE2000\SQLRESLD.DLL"

    [b:ab67f2af86]Finished![/b:ab67f2af86]


    Na het verschijnen van het SDFix log kreeg ik de melding:
    In Explorer.exe is een fout opgetreden en moet worden afgesloten.
    ———-

    Wat Winpatrol betreft:

    Bij de regedit alert krijg ik alleen de volgende informatie:

    Register-editor
    regedit.exe

    Company: Microsoft Corporation
    Copyright: © Microsoft Corporation. Alle rechten voorbehouden.
    Version: 5.1.2600.2180

    Created
    10/08/2004 17:42 First Detected
    File Size
    153,088
    Path: regedit.exe %1 %*


    En bij de no company alert:

    wpsaver.

    Company:
    Copyright:
    Version:

    Created
    First Detected
    File Size

    Path: %1 /S


    Het vreemde is dat mijn oeroude reserve pc, die zelden of nooit gebruikt wordt en af en toe wordt aangezet om Windows en McAfee updates binnen te halen deze meldingen ook ineens geeft. Misschien handig dat ik daar ook een HJT-log van neerzet nadat deze pc gecleaned is?
  • Heb net de pc afgesloten en opnieuw gestart, en kreeg de melding:

    Instructie lsass.exe toepassingsfout:
    Instructie 0x00401000 verwijst naar geheugen op 0x00401000.
    De lees- of schrijfbewerking ("written") op het geheugen is mislukt.

    De Winpatrol alerts blijven vrolijk komen. Ik raak al aan ze gewend, straks ga ik ze nog missen… :lol:
  • KAPE, ik heb m.b.t. het regedit-probleem iets gevonden waar ik weinig van snap maar misschien zet het jou op het goede spoor:

    http://forums.techguy.org/malware-removal-hijackthis-logs/730705-solved-reg-editor-wants-change.html
  • [quote:9b56abfc95="Tuckertje"]KAPE, ik heb m.b.t. het regedit-probleem iets gevonden waar ik weinig van snap maar misschien zet het jou op het goede spoor [/quote:9b56abfc95] In mijn zoektocht naar verdere info over jouw probleem was ik daar ook al beland. Maar daar zit niet meteen een oplossing in (en een aantal van de daar voorgestelde zaken hebben we hier ook al uitgevoerd, zonder definitief resultaat). Maar we zoeken verder …

    Wil je dit nog een proberen : Download Combofix hier http://download.bleepingcomputer.com/sUBs/ComboFix.exe en zet het op je bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Hang het log van Combofix aan je volgende bericht.
  • Het is wel een toestand…

    Ik heb in de zeer summiere gebruiksaanwijzing van de gratis-versie van Winpatrol nog het volgende gevonden:

    [i:a1f1506565]"Lock File Types"
    Some programs continue to insist on changing your file type association even when you say no. When this option is checked WinPatrol will automatically restore your original file type settings without alerting you. [/i:a1f1506565]

    Ik heb daaruit begrepen (voor zover mijn Engels reikt) dat als ik eenmaal een voorgestelde wijziging van Winpatrol heb geweigerd dat de vraag dan niet steeds opnieuw gesteld zal worden en Winpatrol deze wijziging niet zal uitvoeren. Is dat juist?
    Ik heb in Winpatrol net deze optie aangevinkt en inderdaad schijnen de popups nu weg te blijven…

    Ik moet nu even de deur uit, ik zal in de loop van de middag de Combofix uitvoeren en een log plaatsen.

    Tot later…

    PS Las ergens dat je ook iets dat herstelconsole o.i.d. heet moet downloaden voordat je Combofix gebruikt als je geen XP cd-rom bezit. Ik heb nl. die cd-rom niet omdat XP op mijn pc geïnstalleerd zat bij aanschaf. Downloaden dus maar voor de zekerheid?
  • Combofix log:

    ComboFix 08-09-05.02 - Gebruiker 2008-09-06 16:17:39.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.27.1043.18.1333 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\Gebruiker\Application Data\inst.exe
    C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))
    .

    2008-09-05 09:05 . 2008-09-05 09:06 <DIR> d——– C:\WINDOWS\ERUNT
    2008-09-05 09:04 . 2008-09-05 09:25 <DIR> d——– C:\SDFix
    2008-09-04 11:32 . 2008-09-04 11:32 552 –a—— C:\WINDOWS\system32\d3d8caps.dat
    2008-09-04 11:21 . 2008-09-04 18:51 21,504 –a—— C:\WINDOWS\system32\mrldauc.dll
    2008-09-04 10:29 . 2008-09-04 10:38 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-09-04 09:09 . 2008-09-04 09:09 <DIR> d——– C:\Program Files\Lavasoft
    2008-09-04 09:09 . 2008-09-04 09:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-04 09:07 . 2008-09-04 09:07 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-02 11:34 . 2008-09-02 00:16 38,528 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-02 11:34 . 2008-09-02 00:16 17,200 –a—— C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-01 19:17 . 2008-09-02 10:43 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Lavasoft
    2008-09-01 19:13 . 2008-09-02 10:30 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-01 19:12 . 2008-09-01 19:12 164 –a—— C:\install.dat
    2008-09-01 19:10 . 2008-09-04 11:02 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-01 19:09 . 2008-09-01 19:09 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2008-09-01 18:57 . 2008-09-01 18:57 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2008-08-27 19:53 . 2008-08-27 19:53 268 –ah—– C:\sqmdata07.sqm
    2008-08-27 19:53 . 2008-08-27 19:53 244 –ah—– C:\sqmnoopt07.sqm
    2008-08-25 10:55 . 2008-08-25 10:55 29 –a—— C:\WINDOWS\system32\tayigqhf.tmp
    2008-08-25 10:47 . 2008-09-05 09:55 32,256 –a—— C:\WINDOWS\system32\drivers\Qdy17.sys
    2008-08-20 16:35 . 2008-08-20 16:45 <DIR> d——– C:\Program Files\Power MIDI to MP3
    2008-08-18 22:48 . 2008-08-18 22:49 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Barak's SignMe!
    2008-08-18 22:46 . 2008-08-19 11:56 <DIR> d——– C:\Program Files\Barak's SignME
    2008-08-14 08:54 . 2008-05-01 16:33 331,776 ——— C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-07 19:34 . 2008-08-07 19:34 <DIR> d——– C:\Program Files\Apple Software Update
    2008-08-07 19:33 . 2008-08-07 19:33 <DIR> d——– C:\Program Files\iPod

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 14:17 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\DMCache
    2008-09-04 14:42 44,239 —-a-w C:\sound32.dll
    2008-09-04 06:58 ——— d—–w C:\Program Files\Java
    2008-09-03 20:07 ——— d—–w C:\Documents and Settings\All Users\Application Data\Soulseek
    2008-08-29 12:59 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-08-25 08:47 14,336 —-a-w C:\WINDOWS\system32\svchost.exe
    2008-08-20 14:59 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\U3
    2008-08-17 16:56 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
    2008-08-07 17:33 ——— d—–w C:\Program Files\iTunes
    2008-07-26 13:06 ——— d—–w C:\Program Files\SoulseekNS
    2008-07-24 12:39 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\Apple Computer
    2008-07-20 07:44 ——— d—–w C:\Program Files\Common Files\Logitech
    2008-07-20 07:44 ——— d—–w C:\Program Files\Common Files\Logishrd
    2008-07-20 07:43 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-07-18 20:10 94,920 —-a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 —-a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 —-a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 —-a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 —-a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 —-a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 —-a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 —-a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 —-a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 —-a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 —-a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 —-a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 —-a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 —-a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 —-a-w C:\WINDOWS\system32\muweb.dll
    2008-07-16 19:17 ——— d—–w C:\Program Files\Clickster
    2008-07-15 20:01 ——— d—–w C:\Program Files\QuickTime
    2008-07-15 20:01 ——— d—–w C:\Program Files\Bonjour
    2008-07-14 19:44 ——— d—–w C:\Program Files\FreeUndelete
    2008-07-14 06:53 ——— d—–w C:\Program Files\Recover My Files
    2008-07-11 17:39 ——— d—–w C:\Program Files\FastStone Photo Resizer
    2008-07-11 17:39 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\FastStone
    2008-07-11 11:14 ——— d—–w C:\Program Files\TNT Post Fotoservice
    2008-07-11 11:14 ——— d—–w C:\Program Files\Nokia
    2008-07-11 11:14 ——— d—–w C:\Program Files\Common Files\Nokia
    2008-07-11 11:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\TNT Post Fotoservice
    2008-07-10 12:21 ——— d—–w C:\Program Files\MemoKit
    2008-07-10 12:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-10 07:35 32,000 —-a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-07-07 20:32 253,952 —-a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:32 253,952 ——w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-06 14:28 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\ZoomBrowser EX
    2008-06-24 16:24 74,240 —-a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:24 74,240 ——w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 09:53 18,432 —-a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-06-20 17:43 247,296 —-a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:43 247,296 ——w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:43 148,992 —-a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 —-a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ——w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 —-a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 18:00 272,640 ——w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-02-07 09:27 47,360 —-a-w C:\Documents and Settings\Gebruiker\Application Data\pcouffin.sys
    2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
    .
    [code:1:056c6a87d0]<pre>
    —-a-w 50,176 2008-04-18 17:42:32 C:\Documents and Settings\Gebruiker\Mijn documenten\N82\184_Symbian_Keygens\Keygens\skyforce v1.1 .exe
    </pre>[/code:1:056c6a87d0]


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 15360]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-05 2566656]
    "NSeries.PCSync"="C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe" [2007-07-11 1748992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
    "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-17 292152]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-05 36904]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 C:\WINDOWS\RTHDCPL.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 15360]

    C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
    MemoKit.lnk - C:\Program Files\MemoKit\mk.exe [2007-03-20 28672]
    Replicator.lnk - C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe [2008-02-26 1009136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qdy17.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpb30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\SoulseekNS\\slsk.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Qdy17;Qdy17;C:\WINDOWS\system32\Drivers\Qdy17.sys [2008-09-05 32256]
    S1 87467582;87467582;C:\WINDOWS\system32\drivers\87467582.sys [ ]
    S2 vnwgwtnu;vnwgwtnu;C:\WINDOWS\system32\drivers\vnwgwtnu.sys [ ]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers
    mwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers
    mwcdnsuc.sys [2008-02-01 8320]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\WINDOWS\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
    S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    *Newly Created Service* - PROCEXP90
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    .
    ——- Supplementary Scan ——-
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.planet.nl/
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost;*.local
    O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
    C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
    C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 16:19:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\RGI145.tmp 7137 bytes

    Scan succesvol afgerond
    verborgen bestanden: 1

    **************************************************************************
    .
    Voltooingstijd: 2008-09-06 16:20:51
    ComboFix-quarantined-files.txt 2008-09-06 14:20:38

    Pre-Run: 75,537,305,600 bytes beschikbaar
    Post-Run: 75,626,811,392 bytes beschikbaar

    231 — E O F — 2008-09-02 14:28:54
  • Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:78451c2443]File::
    C:\sqmdata07.sqm
    C:\sqmnoopt07.sqm
    C:\WINDOWS\system32\tayigqhf.tmp
    C:\WINDOWS\system32\drivers\Qdy17.sys

    Folder::
    SDFix[/b:78451c2443]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
    Post na herstart de inhoud van de Combofix.txt in je volgende bericht
  • ComboFix 08-09-05.02 - Gebruiker 2008-09-06 21:43:52.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.27.1043.18.1356 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\sqmdata07.sqm
    C:\sqmnoopt07.sqm
    C:\WINDOWS\system32\drivers\Qdy17.sys
    C:\WINDOWS\system32\tayigqhf.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_Qdy17
    ——-\Service_Qdy17


    (((((((((((((((((((( Bestanden Gemaakt van 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))
    .

    2008-09-05 09:05 . 2008-09-05 09:06 <DIR> d——– C:\WINDOWS\ERUNT
    2008-09-05 09:04 . 2008-09-05 09:25 <DIR> d——– C:\SDFix
    2008-09-04 11:32 . 2008-09-04 11:32 552 –a—— C:\WINDOWS\system32\d3d8caps.dat
    2008-09-04 11:21 . 2008-09-04 18:51 21,504 –a—— C:\WINDOWS\system32\mrldauc.dll
    2008-09-04 10:29 . 2008-09-04 10:38 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-09-04 09:09 . 2008-09-04 09:09 <DIR> d——– C:\Program Files\Lavasoft
    2008-09-04 09:09 . 2008-09-04 09:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-04 09:07 . 2008-09-04 09:07 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
    2008-09-02 11:34 . 2008-09-02 11:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-02 11:34 . 2008-09-02 00:16 38,528 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-02 11:34 . 2008-09-02 00:16 17,200 –a—— C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-01 19:17 . 2008-09-02 10:43 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Lavasoft
    2008-09-01 19:13 . 2008-09-02 10:30 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-01 19:12 . 2008-09-01 19:12 164 –a—— C:\install.dat
    2008-09-01 19:10 . 2008-09-04 11:02 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-01 19:09 . 2008-09-01 19:09 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2008-09-01 18:57 . 2008-09-01 18:57 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2008-08-20 16:35 . 2008-08-20 16:45 <DIR> d——– C:\Program Files\Power MIDI to MP3
    2008-08-18 22:48 . 2008-08-18 22:49 <DIR> d——– C:\Documents and Settings\Gebruiker\Application Data\Barak's SignMe!
    2008-08-18 22:46 . 2008-08-19 11:56 <DIR> d——– C:\Program Files\Barak's SignME
    2008-08-14 08:54 . 2008-05-01 16:33 331,776 ——— C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-07 19:34 . 2008-08-07 19:34 <DIR> d——– C:\Program Files\Apple Software Update
    2008-08-07 19:33 . 2008-08-07 19:33 <DIR> d——– C:\Program Files\iPod

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 19:44 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\DMCache
    2008-09-04 14:42 44,239 —-a-w C:\sound32.dll
    2008-09-04 06:58 ——— d—–w C:\Program Files\Java
    2008-09-03 20:07 ——— d—–w C:\Documents and Settings\All Users\Application Data\Soulseek
    2008-08-29 12:59 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-08-20 14:59 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\U3
    2008-08-17 16:56 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
    2008-08-07 17:33 ——— d—–w C:\Program Files\iTunes
    2008-07-26 13:06 ——— d—–w C:\Program Files\SoulseekNS
    2008-07-24 12:39 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\Apple Computer
    2008-07-20 07:44 ——— d—–w C:\Program Files\Common Files\Logitech
    2008-07-20 07:44 ——— d—–w C:\Program Files\Common Files\Logishrd
    2008-07-20 07:43 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-07-16 19:17 ——— d—–w C:\Program Files\Clickster
    2008-07-15 20:01 ——— d—–w C:\Program Files\QuickTime
    2008-07-15 20:01 ——— d—–w C:\Program Files\Bonjour
    2008-07-14 19:44 ——— d—–w C:\Program Files\FreeUndelete
    2008-07-14 06:53 ——— d—–w C:\Program Files\Recover My Files
    2008-07-11 17:39 ——— d—–w C:\Program Files\FastStone Photo Resizer
    2008-07-11 17:39 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\FastStone
    2008-07-11 11:14 ——— d—–w C:\Program Files\TNT Post Fotoservice
    2008-07-11 11:14 ——— d—–w C:\Program Files\Nokia
    2008-07-11 11:14 ——— d—–w C:\Program Files\Common Files\Nokia
    2008-07-11 11:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\TNT Post Fotoservice
    2008-07-10 12:21 ——— d—–w C:\Program Files\MemoKit
    2008-07-10 12:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-10 07:35 32,000 —-a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-07-06 14:28 ——— d—–w C:\Documents and Settings\Gebruiker\Application Data\ZoomBrowser EX
    2008-02-07 09:27 47,360 —-a-w C:\Documents and Settings\Gebruiker\Application Data\pcouffin.sys
    2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-06_16.20.15.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 —-a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2008-09-06 10:52:18 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-06 19:23:52 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-09-06 10:52:18 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2008-09-06 19:23:52 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-05 2566656]
    "NSeries.PCSync"="C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe" [2007-07-11 1748992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
    "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-17 292152]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-05 36904]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 C:\WINDOWS\RTHDCPL.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 15360]

    C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
    MemoKit.lnk - C:\Program Files\MemoKit\mk.exe [2007-03-20 28672]
    Replicator.lnk - C:\Program Files\Karen's Power Tools backup\Replicator\PTReplicator.exe [2008-02-26 1009136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qdy17.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpb30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\SoulseekNS\\slsk.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S1 87467582;87467582;C:\WINDOWS\system32\drivers\87467582.sys [ ]
    S2 vnwgwtnu;vnwgwtnu;C:\WINDOWS\system32\drivers\vnwgwtnu.sys [ ]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers
    mwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers
    mwcdnsuc.sys [2008-02-01 8320]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\WINDOWS\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
    S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-LDM - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 21:50:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6172\saHook.dll
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    C:\Program Files\MemoKit\MemoKit2.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-09-06 21:57:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-06 19:57:05
    ComboFix2.txt 2008-09-06 14:20:52

    Pre-Run: 75,550,838,784 bytes beschikbaar
    Post-Run: 75,493,548,032 bytes beschikbaar

    230 — E O F — 2008-09-02 14:28:54
  • Nu zou alles opgeruimd moeten zijn. Blijft je Winpatrol nu nog altijd moeilijk doen :?
  • Sinds ik in Winpatrol "lock file types" heb aangevinkt zijn de alerts weggebleven. Hoop dat alles nu weg is….

    Mag ik ook een HJT log van mijn andere pc neerzetten, die hetzelfde probleem had (maar dan gelukkig zonder de Antivirus XP 2008 popups)?
  • Winpatrol vroeg nadat ik het Combofix-log geplaatst had of het de Indexing Service en de Error Reporting Service mocht vervangen, dat heb ik geweigerd. Is het oké dat ik geweigerd heb of had ik het toe moeten staan? Ik kan dat eventueel alsnog doen.

    Ik heb de optie "lock file types" weer uitgevinkt en het lijkt erop dat de regedit alerts nu wegblijven, dat is dus goed nu. :)
  • Prima, laten zo … en laat dat logje maar komen.
  • Oké, bedankt voor je hulp! :)

    Hier de log van pc 2:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:33:01, on 6-9-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\MemoKit\memokit2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [mk] C:\Program Files\MemoKit\mk.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1
    esources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com
    esource/download/scanner/wlscbase969.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.mijnalbum.nl/skin/system/upload/ImageUploader3.cab
    O18 - Protocol: bwfile-8876480 - (no CLSID) - (no file)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe


    End of file - 8580 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.