Vraag & Antwoord

Beveiliging & privacy

een zoveelste slachtoffer van resycled\boot.com

24 antwoorden
  • kan iemand mij helpen? ik heb op verschillende fora al rondgezocht maar ik heb de oplossing nog niet gevonden. Als ik via de verkenner op C: dubbelklik krijg ik een foutmelding, als ik in de adresbalk van de verkenner C:\ intyp, kan ik nog wel aan alle bestanden. Ik heb ook al ontdekt dat die hijack-logs belangrijk zijn, ziehier de mijne: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:40:07, on 31/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\system32\beidservicecrl.exe C:\WINDOWS\system32\beidservicepcsc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Asus\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe" O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe" O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdrkx.exe] C:\WINDOWS\system32\kdrkx.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdaws.exe] C:\WINDOWS\system32\kdaws.exe O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpds.exe] C:\WINDOWS\system32\kdpds.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkil.exe] C:\WINDOWS\system32\kdkil.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkwl.exe] C:\WINDOWS\system32\kdkwl.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpkz.exe] C:\WINDOWS\system32\kdpkz.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 16052 bytes Hopelijk kan iemand mij helpen, alvast bedankt!!
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:01e9e1f19e]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdrkx.exe] C:\WINDOWS\system32\kdrkx.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdaws.exe] C:\WINDOWS\system32\kdaws.exe O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 –u O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpds.exe] C:\WINDOWS\system32\kdpds.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkil.exe] C:\WINDOWS\system32\kdkil.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkwl.exe] C:\WINDOWS\system32\kdkwl.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpkz.exe] C:\WINDOWS\system32\kdpkz.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe[/b:01e9e1f19e] Klik op 'Fix checked' om de items te verwijderen. Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Program Files\Common Files\[b:01e9e1f19e]BOONTY Shared[/b:01e9e1f19e] Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:01e9e1f19e][color=blue:01e9e1f19e]Combofix[/color:01e9e1f19e][/b:01e9e1f19e][/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:01e9e1f19e]download Combofix opnieuw[/b:01e9e1f19e]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:01e9e1f19e] Dubbelklik op [b:01e9e1f19e]Combofix.exe[/b:01e9e1f19e] om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op [b:01e9e1f19e]Ja[/b:01e9e1f19e] te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:01e9e1f19e]JA[/b:01e9e1f19e] te klikken in het "Query - Recovery Console" venster. Klik op [b:01e9e1f19e]OK[/b:01e9e1f19e] en [b:01e9e1f19e]Ja[/b:01e9e1f19e] om automatisch de Recovery Console te laten installeren. Klik na afloop terug op [b:01e9e1f19e]Ja[/b:01e9e1f19e] om het scannen op malware te starten. Tijdens het runnen van de fix, [b:01e9e1f19e]NIET[/b:01e9e1f19e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:01e9e1f19e] Wanneer de fix voltooid is en na herstart, zal de log [b:01e9e1f19e]Combofix.txt[/b:01e9e1f19e] openen. Post dit logje in je volgende antwoord, samen met een nieuw HijackThis log.
  • ComboFix 08-10-30.13 - Jeroen 2008-10-31 23:31:09.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2207 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Jeroen\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games (((((((((((((((((((( Bestanden Gemaakt van 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))) . 2008-10-31 23:37 . 3,839 C:\WINDOWS\system32\drivers\GETPADD.sys 2008-10-31 23:16 . 2008-10-31 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3 2008-10-30 20:11 . 2008-10-30 20:11 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-30 18:58 . 2008-10-30 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\SUPERAntiSpyware.com 2008-10-30 16:43 . 2008-10-15 17:37 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Malwarebytes 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-30 00:05 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-30 00:05 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-29 19:09 . 2008-10-30 01:52 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-10-29 18:51 . 2008-10-29 18:51 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-29 18:51 . 2008-10-29 18:51 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-29 18:51 . 2008-10-29 18:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-29 18:50 . 2008-10-31 23:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d-------- C:\Program Files\AVG 2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d-------- C:\Program Files\PrevxCSI 2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-10-26 17:09 . 2008-10-26 17:09 25,400 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-10-26 17:05 . 2008-10-31 18:41 <DIR> d-------- C:\Program Files\Hitman Pro 3 2008-10-26 17:05 . 2008-10-26 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro 2008-10-22 18:41 . 2008-10-22 18:41 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\VST3 Presets 2008-10-22 11:52 . 2008-10-22 11:52 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys 2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d-------- C:\Program Files\Photodex Presenter 2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Netscape 2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-10-19 12:01 . 2008-10-19 12:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService\PrivacIE 2008-10-19 12:00 . 2008-10-19 12:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favorieten 2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ABIG 2008-10-18 18:18 . 2008-10-18 18:58 <DIR> d-------- C:\Program Files\Collectorz.com 2008-10-16 11:44 . 2008-09-15 16:28 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 11:44 . 2008-09-08 11:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 11:43 . 2008-08-14 14:27 2,193,536 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,149,888 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,070,400 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,028,544 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 20:06 . 2008-10-15 20:06 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-10-14 18:56 . 2008-10-14 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-10-14 18:44 . 2008-10-14 18:44 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-10-14 18:41 . 2008-10-14 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-10-14 17:54 . 2007-02-20 15:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-10-14 17:54 . 2007-02-20 15:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-10-14 17:15 . 2008-10-14 17:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-10-12 15:43 . 2008-10-12 15:43 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Bullzip 2008-10-12 15:37 . 1999-05-06 23:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.OCX 2008-10-06 18:53 . 2008-10-10 20:06 10,593 --a------ C:\WINDOWS\CSTBox.INI 2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d-------- C:\Program Files\iTunes 2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d-------- C:\Program Files\iPod 2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-03 21:59 . 2006-10-12 09:40 716,800 --a------ C:\WINDOWS\system32\SysInternalsBluescreen.scr 2008-10-01 22:49 . 2008-10-01 22:49 <DIR> d-------- C:\Program Files\ALCATech 2008-10-01 19:57 . 2008-10-03 16:31 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-09-29 00:01 . 2008-09-29 00:01 0 --a------ C:\WINDOWS\NSREX.INI 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-27 10:28 . 2008-10-29 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-09-27 10:27 . 2008-10-29 21:24 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\NCH Swift Sound 2008-09-26 16:25 . 2008-10-08 18:09 <DIR> d-------- C:\Documents and Settings\Jeroen\Tracing 2008-09-26 16:18 . 2008-09-26 16:18 <DIR> d-------- C:\Program Files\Microsoft 2008-09-26 16:12 . 2008-09-26 16:12 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-09-25 17:34 . 2008-09-25 17:34 <DIR> d-------- C:\WINDOWS\Sun 2008-09-25 17:34 . 2008-09-25 17:33 410,976 --a------ C:\WINDOWS\system32\deploytk.dll 2008-09-25 16:52 . 2008-09-26 16:00 <DIR> d-------- C:\Program Files\NOS 2008-09-25 16:52 . 2008-09-26 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d-------- C:\Program Files\Common Files\Supportsoft 2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d-------- C:\Program Files\Belgacom 2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-09-24 19:10 . 2008-09-24 19:11 <DIR> d-------- C:\Belgacom.msi.2.2 2008-09-14 21:42 . 2008-09-14 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software 2008-09-14 21:42 . 2008-09-14 21:42 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz 2008-09-14 21:42 . 2008-09-14 21:42 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2008-09-14 21:42 . 2008-09-14 21:42 1,025 --a------ C:\WINDOWS\system32\clauth2.dll 2008-09-14 21:42 . 2008-09-14 21:42 1,025 --a------ C:\WINDOWS\system32\clauth1.dll 2008-09-14 21:42 . 2008-10-29 17:02 219 --a------ C:\WINDOWS\system32\lsprst7.tgz 2008-09-14 21:42 . 2008-10-29 17:02 87 --a------ C:\WINDOWS\system32\ssprs.tgz 2008-09-13 12:33 . 2008-09-13 12:33 <DIR> d-------- C:\Program Files\Macromedia 2008-09-13 11:26 . 2008-09-13 11:26 <DIR> d-------- C:\Program Files\Common Files\DirectX 2008-09-13 11:09 . 2008-09-13 11:09 <DIR> d-------- C:\Program Files\Warthog 2008-09-12 17:38 . 2008-09-12 17:38 <DIR> d-------- C:\Program Files\Bonjour 2008-09-12 17:32 . 2008-09-12 17:32 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-11 18:29 . 2008-09-22 21:25 1,838 --a------ C:\WINDOWS\SubCreator.INI 2008-09-11 18:25 . 2008-09-11 18:25 <DIR> d-------- C:\Program Files\Subtitles Creator 2008-09-09 17:21 . 2008-10-29 17:19 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\FileZilla 2008-09-09 17:18 . 2008-10-27 22:30 <DIR> d-------- C:\Program Files\FileZilla FTP Client 2008-09-07 13:14 . 2008-09-07 13:14 <DIR> d-------- C:\Program Files\MagicDVDRipper 2008-09-07 13:14 . 2008-09-07 13:15 <DIR> d-------- C:\Program Files\MagicDVDCopier 2008-09-06 18:59 . 2008-09-06 18:59 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Sibelius Software 2008-09-06 14:09 . 2008-09-06 14:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 14:09 . 2008-09-06 14:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-03 17:55 . 2008-09-25 17:33 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-03 17:53 . 2008-09-25 17:33 <DIR> d-------- C:\Program Files\Java 2008-09-03 17:53 . 2008-09-03 17:53 <DIR> d-------- C:\Program Files\Common Files\Java . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-30 17:47 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-10-29 20:23 --------- d-----w C:\Program Files\NCH Swift Sound 2008-10-29 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-10-27 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-27 01:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-27 01:03 --------- d-----w C:\Program Files\Hitman Pro 2008-10-27 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-27 00:58 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\Lavasoft 2008-10-26 22:40 --------- d-----w C:\Program Files\FLV Player 2008-10-21 16:22 --------- d-----w C:\Program Files\ESET 2008-10-14 17:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-10-12 20:39 66,568 ----a-w C:\Documents and Settings\Jeroen\Application Data\GDIPFONTCACHEV1.DAT 2008-10-09 08:18 --------- d-----w C:\Program Files\Windows Live 2008-10-08 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-24 19:14 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-12 22:33 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\Apple Computer 2008-09-12 17:01 --------- d-----w C:\Program Files\QuickTime 2008-09-12 17:01 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-10 22:33 --------- d-----w C:\Program Files\CamStudio 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-01 21:35 --------- d-----w C:\Program Files\Musicnotes 2008-08-31 22:13 --------- d-----w C:\Program Files\Finale PrintMusic 2007 2008-07-06 18:27 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-07-06 18:27 503,808 ----a-w C:\WINDOWS\Asus_A_Series_ScreenSaver.scr 2008-07-06 18:27 5,516,371 ----a-w C:\WINDOWS\A-series Demo.exe 2008-07-06 18:27 266,240 ----a-w C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe 2008-07-06 18:27 12,288 ----a-w C:\WINDOWS\impborl.dll 2008-07-07 01:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008063020080707\index.dat 2008-07-07 01:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008070720080708\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600] @="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}" [HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}] 2007-11-13 03:08 599552 --a------ C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 39408] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544] "Google Update"="C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-21 7335936] "nwiz"="C:\WINDOWS\system32\nwiz.exe" [2005-11-21 1519616] "SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2005-05-26 544768] "RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2005-09-06 14850560] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 61440] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413] "RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208] "Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632] "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-25 144792] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712] "HitmanPro3"="C:\Program Files\Hitman Pro 3\hitmanpro3.exe" [2008-10-31 4590200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2008-07-06 32768] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"= "C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"= "C:\\Program Files\\BoontyGames\\Insane\\Game.exe"= "C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office10\\NSREX.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-26 25400] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-29 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-29 76040] R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-26 880696] R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 225280] R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 331776] R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456] R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] S3 hitmanpro3;Hitman Pro 3 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro3.sys [ ] S3 krdpdre;krdpdre;C:\DOCUME~1\Jeroen\LOCALS~1\Temp\krdpdre.sys [ ] S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-22 27904] S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2007-12-18 360448] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2007-12-18 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2007-12-18 33792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13967852-4cdd-11dd-94c1-001302dde7c2}] \Shell\AutoRun\command - F:\PdtStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a218f69-4f30-11dd-94c9-001302dde7c2}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ea3003a-4c29-11dd-94bd-001302dde7c2}] \Shell\AutoRun\command - E:\SETUP.EXE -autorun . Inhoud van de 'Gedeelde Taken' map 2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-10-30 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-18 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-18 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-28 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-27 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-28 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-31 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-31 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-31 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-31 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-30 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-29 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-24 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\7o64J60F.exe [] 2008-10-31 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-29 08:05] 2008-10-31 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-10-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job - C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 02:05] . . ------- Bijkomende Scan ------- . FireFox -: Profile - C:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\am94dh5t.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gva.be/ FF -: plugin - C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-31 23:37:19 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\searchindexer.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe . ************************************************************************** . Voltooingstijd: 2008-10-31 23:55:48 - machine werd herstart ComboFix-quarantined-files.txt 2008-10-31 22:54:40 Pre-Run: 20.576.937.472 bytes beschikbaar Post-Run: 20,672,624,128 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 392 --- E O F --- 2008-10-31 17:44:00 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:57:58, on 31/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\system32\beidservicecrl.exe C:\WINDOWS\system32\beidservicepcsc.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Asus\Asus ChkMail\ChkMail.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe" O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe" O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 14767 bytes
  • Maakt het uit of ik mijn externe HDD niet aangesloten had op het moment van de scan? Misschien zit het virus daar ook op.
  • De besmetting waar je mee zit, verspreidt zich inderdaad over alle schijven en partities (dus de kans is erg groot dat ook je externe HD besmet is, zodat je deze ook best kan scannen naar eventuele malware). Het “verborgen” bestand waar het om draait is autorun.inf. Best toch even ook dat eens grondig bekijken. Voor je huidige Combofix-log moet je dit nog even uitvoeren : Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst. [b:4f7dd562b4]File:: C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job[/b:4f7dd562b4] Sla dit bestand op je bureaublad op als CFScript.txt. Sleep CFScript.txt in ComboFix.exe Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post na herstart de inhoud van de Combofix.txt in je volgende bericht.
  • Ik zal dan nogeens een Hijackthis laten lopen terwijl mijn externe HDD er aan hangt & hier posten. ComboFix 08-10-31.02 - Jeroen 2008-11-01 11:11:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2158 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Jeroen\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: C:\Documents and Settings\Jeroen\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))) . 2008-10-31 23:16 . 2008-10-31 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3 2008-10-30 20:11 . 2008-10-30 20:11 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-30 18:58 . 2008-10-30 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\SUPERAntiSpyware.com 2008-10-30 16:43 . 2008-10-15 17:37 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Malwarebytes 2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-30 00:05 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-30 00:05 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-29 19:09 . 2008-10-30 01:52 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-10-29 18:51 . 2008-10-29 18:51 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-29 18:51 . 2008-10-29 18:51 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-29 18:51 . 2008-10-29 18:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-29 18:50 . 2008-10-31 23:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d-------- C:\Program Files\AVG 2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d-------- C:\Program Files\PrevxCSI 2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-10-26 17:09 . 2008-10-26 17:09 25,400 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-10-26 17:05 . 2008-10-31 18:41 <DIR> d-------- C:\Program Files\Hitman Pro 3 2008-10-26 17:05 . 2008-10-26 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro 2008-10-22 18:41 . 2008-10-22 18:41 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\VST3 Presets 2008-10-22 11:52 . 2008-10-22 11:52 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys 2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d-------- C:\Program Files\Photodex Presenter 2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Netscape 2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-10-19 12:01 . 2008-10-19 12:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService\PrivacIE 2008-10-19 12:00 . 2008-10-19 12:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favorieten 2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ABIG 2008-10-18 18:18 . 2008-10-18 18:58 <DIR> d-------- C:\Program Files\Collectorz.com 2008-10-16 11:44 . 2008-09-15 16:28 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 11:44 . 2008-09-08 11:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 11:43 . 2008-08-14 14:27 2,193,536 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,149,888 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,070,400 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 11:43 . 2008-08-14 14:27 2,028,544 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 20:06 . 2008-10-15 20:06 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-10-14 18:56 . 2008-10-14 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-10-14 18:44 . 2008-10-14 18:44 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-10-14 18:41 . 2008-10-14 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-10-14 17:54 . 2007-02-20 15:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-10-14 17:54 . 2007-02-20 15:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-10-14 17:15 . 2008-10-14 17:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-10-12 15:43 . 2008-10-12 15:43 <DIR> d-------- C:\Documents and Settings\Jeroen\Application Data\Bullzip 2008-10-12 15:37 . 1999-05-06 23:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.OCX 2008-10-06 18:53 . 2008-10-10 20:06 10,593 --a------ C:\WINDOWS\CSTBox.INI 2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d-------- C:\Program Files\iTunes 2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d-------- C:\Program Files\iPod 2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-03 21:59 . 2006-10-12 09:40 716,800 --a------ C:\WINDOWS\system32\SysInternalsBluescreen.scr 2008-10-01 22:49 . 2008-10-01 22:49 <DIR> d-------- C:\Program Files\ALCATech 2008-10-01 19:57 . 2008-10-03 16:31 <DIR> d-------- C:\WINDOWS\system32\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-30 17:47 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-10-29 20:24 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\NCH Swift Sound 2008-10-29 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-10-29 20:23 --------- d-----w C:\Program Files\NCH Swift Sound 2008-10-29 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-10-29 16:19 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\FileZilla 2008-10-27 21:30 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-10-27 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-27 01:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-27 01:03 --------- d-----w C:\Program Files\Hitman Pro 2008-10-27 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-27 00:58 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\Lavasoft 2008-10-26 22:40 --------- d-----w C:\Program Files\FLV Player 2008-10-21 16:22 --------- d-----w C:\Program Files\ESET 2008-10-14 17:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-10-12 20:39 66,568 ----a-w C:\Documents and Settings\Jeroen\Application Data\GDIPFONTCACHEV1.DAT 2008-10-09 08:18 --------- d-----w C:\Program Files\Windows Live 2008-10-08 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-27 17:34 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-26 15:18 --------- d-----w C:\Program Files\Microsoft 2008-09-26 15:12 --------- d-----w C:\Program Files\Common Files\Windows Live 2008-09-26 15:00 --------- d-----w C:\Program Files\NOS 2008-09-26 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-09-25 16:33 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll 2008-09-25 16:33 --------- d-----w C:\Program Files\Java 2008-09-24 19:14 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-24 18:12 --------- d-----w C:\Program Files\Common Files\Supportsoft 2008-09-24 18:12 --------- d-----w C:\Program Files\Belgacom 2008-09-24 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-09-15 15:28 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-14 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software 2008-09-13 11:33 --------- d-----w C:\Program Files\Macromedia 2008-09-13 10:26 --------- d-----w C:\Program Files\Common Files\DirectX 2008-09-13 10:09 --------- d-----w C:\Program Files\Warthog 2008-09-12 22:33 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\Apple Computer 2008-09-12 17:01 --------- d-----w C:\Program Files\QuickTime 2008-09-12 17:01 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-12 16:38 --------- d-----w C:\Program Files\Bonjour 2008-09-12 16:32 --------- d-----w C:\Program Files\Apple Software Update 2008-09-11 17:25 --------- d-----w C:\Program Files\Subtitles Creator 2008-09-10 22:33 --------- d-----w C:\Program Files\CamStudio 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 12:15 --------- d-----w C:\Program Files\MagicDVDCopier 2008-09-07 12:14 --------- d-----w C:\Program Files\MagicDVDRipper 2008-09-06 17:59 --------- d-----w C:\Documents and Settings\Jeroen\Application Data\Sibelius Software 2008-09-03 16:53 --------- d-----w C:\Program Files\Common Files\Java 2008-09-01 21:35 --------- d-----w C:\Program Files\Musicnotes 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-27 17:17 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-08-27 17:17 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-08-22 01:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-22 01:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll 2008-08-22 01:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2008-08-22 01:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-08-22 01:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll 2008-08-22 01:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll 2008-08-22 01:07 18,944 ------w C:\WINDOWS\system32\dllcache\corpol.dll 2008-08-22 01:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2008-08-22 01:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2008-08-22 01:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-08-22 01:05 630,272 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2008-08-22 01:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll 2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll 2008-08-22 01:05 45,056 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll 2008-08-22 01:05 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-08-22 01:05 217,088 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2008-08-22 01:05 186,880 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe 2008-08-22 01:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll 2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll 2008-08-14 13:27 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:27 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll 2008-07-07 01:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008063020080707\index.dat 2008-07-07 01:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008070720080708\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-31_23.53.56.89 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-01 09:52:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600] @="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}" [HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}] 2007-11-13 03:08 599552 --a------ C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 39408] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544] "Google Update"="C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-21 7335936] "nwiz"="C:\WINDOWS\system32\nwiz.exe" [2005-11-21 1519616] "SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2005-05-26 544768] "RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2005-09-06 14850560] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 61440] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413] "RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208] "Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632] "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-25 144792] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712] "HitmanPro3"="C:\Program Files\Hitman Pro 3\hitmanpro3.exe" [2008-10-31 4590200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2008-07-06 32768] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"= "C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"= "C:\\Program Files\\BoontyGames\\Insane\\Game.exe"= "C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office10\\NSREX.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-26 25400] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-29 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-29 76040] R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-26 880696] R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 225280] R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 331776] R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456] R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] S3 hitmanpro3;Hitman Pro 3 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro3.sys [ ] S3 krdpdre;krdpdre;C:\DOCUME~1\Jeroen\LOCALS~1\Temp\krdpdre.sys [ ] S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-22 27904] S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2007-12-18 360448] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2007-12-18 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2007-12-18 33792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13967852-4cdd-11dd-94c1-001302dde7c2}] \Shell\AutoRun\command - F:\PdtStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a218f69-4f30-11dd-94c9-001302dde7c2}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-10-31 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-29 08:05] 2008-11-01 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 11:17:00 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... ************************************************************************** . Voltooingstijd: 2008-11-01 11:26:36 ComboFix-quarantined-files.txt 2008-11-01 10:25:32 ComboFix2.txt 2008-10-31 22:55:50 Pre-Run: 20.646.250.496 bytes beschikbaar Post-Run: 20,632,525,312 bytes beschikbaar 349 --- E O F --- 2008-10-31 17:44:00
  • [quote:dd36b85ccc="JDO0909"]Ik zal dan nogeens een Hijackthis laten lopen terwijl mijn externe HDD er aan hangt & hier posten[/quote:dd36b85ccc] Prima, laat maar komen.
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:35, on 1/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\system32\beidservicecrl.exe C:\WINDOWS\system32\beidservicepcsc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\ATK0100\HControl.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe C:\Program Files\Belgium Identity Card\beidsystemtray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Asus\Asus ChkMail\ChkMail.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe" O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe" O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe" O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1 O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 14412 bytes
  • Ziet er netjes uit. Hoe staat het ondertussen met de problemen ? Nog steeds last van dezelfde symptomen of zijn deze inmiddels opgelost ?
  • Mijn C-schijf is blijkbaar terug in orde, maar zowel mijn F-schijf als mijn G-schijf krijgen nu dezelfde foutmelding. Bij het openen geeft AVG ook de melding dat resycled/boot.com een mogelijke bedreiging is...
  • Wil je dan even A-Squared hier http://www.emsisoft.com/en/software/antimalware/ downloaden (is een trialversie van 30 dagen) en deze je systeem laten controleren. Zou normaal tot een oplossing op alle schijven moeten leiden. Ben benieuwd of dat in jouw geval ook zo is ?
  • ik ben ook zeer benieuwd! Welke antivirus raad jij eigenlijk aan?
  • [quote:0d09ca1f3a="JDO0909"]Welke antivirus raad jij eigenlijk aan?[/quote:0d09ca1f3a] Ach ... hier krijg je evenveel verschillende antwoorden op als er forumgebruikers zijn :D En dat is allemaal gebaseerd op eigen (goede of slechte) ervaringen. Persoonlijk doe ik het al jaren probleemloos met AVG Pro ... dus dat is - voor mij - een aanrader. Maar er zijn er ongetwijfeld nog een pak "goede", zowel bij de gratis versies als bij de betalende versies. Hangt vaak ook een beetje af van het gebruiksgemak en hoe je daar als gebruiker tegenover staat. En de komst van de volledig geïntegreerde pakketten (met antivirus, antispyware, firewall, antispam, ... ) maakt de keuze er niet gemakkelijker op.
  • bij het scannen met a-squared antimalware krijg ik onderstaande fout: date/time : 2008-11-01, 17:31:37, 359ms computer name : UW-6EA5E1F99BA9 user name : Jeroen <admin> registered owner : Jeroen De Ost operating system : Windows XP Service Pack 3 build 2600 system language : Dutch system up time : 25 minutes 21 seconds program up time : 20 minutes 2 seconds processors : 2x Genuine Intel(R) CPU T2300 @ 1.66GHz physical memory : 1674/2943 MB (free/total) free disk space : (C:) 18,23 GB display mode : 1280x800, 32 bit process id : $1310 allocated memory : 36,21 MB command line : "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe" /R="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2start.exe" executable : a2scan.exe exec. date/time : 2008-10-19 09:56 version : 4.0.0.51 compiled with : Delphi 2006/07 madExcept version : 3.0h contact name : Jeroen De Ost contact email : Jeroen_De_Ost@hotmail.com callstack crc : $08d9e1ca, $d636a5a7, $d7ca5285 exception number : 1 exception class : EOutOfResources exception message : Onvoldoende opslagruimte beschikbaar om deze opdracht te verwerken. main thread ($131c): 0047e158 +07c a2scan.exe Graphics 2926 +4 GDIError 0047e197 +00f a2scan.exe Graphics 2933 +1 GDICheck 00481fe7 +117 a2scan.exe Graphics 5439 +23 CopyBitmap 00482a2b +073 a2scan.exe Graphics 5706 +9 TBitmap.CopyImage 00484a5b +073 a2scan.exe Graphics 6810 +10 TBitmap.SetSize 0054cc51 +095 a2scan.exe GraphicsEx 244 +10 DrawVGradient 00585de5 +03d a2scan.exe Main 725 +1 TScannerMainForm.pnlCleanComputerPaintBox2Paint 00493caf +097 a2scan.exe ExtCtrls 1802 +10 TPaintBox.Paint 004b517c +05c a2scan.exe Controls 9690 +7 TGraphicControl.WMPaint 004ab4f5 +335 a2scan.exe Controls 5143 +83 TControl.WndProc 004ab0a2 +036 a2scan.exe Controls 5018 +5 TControl.Perform 004b061a +19a a2scan.exe Controls 7369 +26 TWinControl.PaintControls 004b0411 +175 a2scan.exe Controls 7322 +24 TWinControl.PaintHandler 004b09bc +04c a2scan.exe Controls 7458 +6 TWinControl.WMPaint 004b0a65 +0f5 a2scan.exe Controls 7471 +19 TWinControl.WMPaint 004ab4f5 +335 a2scan.exe Controls 5143 +83 TControl.WndProc 004b00c1 +49d a2scan.exe Controls 7242 +101 TWinControl.WndProc 004af7b0 +034 a2scan.exe Controls 7021 +3 TWinControl.MainWndProc 00477184 +014 a2scan.exe Classes 11572 +8 StdWndProc 7c90e450 +010 ntdll.dll KiUserCallbackDispatcher 7e3996c2 +00a USER32.dll DispatchMessageA 004ce87e +136 a2scan.exe Forms 7651 +23 TApplication.ProcessMessage 004ce8c3 +00f a2scan.exe Forms 7670 +1 TApplication.HandleMessage 004ceb5e +0a6 a2scan.exe Forms 7754 +16 TApplication.Run thread $1558: 7c90df3a +00a ntdll.dll NtWaitForSingleObject 7c8025d5 +085 kernel32.dll WaitForSingleObjectEx 7c80253d +00d kernel32.dll WaitForSingleObject 0047573e +112 a2scan.exe Classes 10157 +34 TThread.Synchronize 004757fc +034 a2scan.exe Classes 10185 +4 TThread.Synchronize 0058cd1e +0d2 a2scan.exe uTScanThread 293 +16 TScanThread.DoFilesMessageHandler 005841f4 +020 a2scan.exe Main 327 +2 FilesMessageHandler 0044fecd +00d a2scan.exe madExcept CallThreadProcSafe 0044ff37 +037 a2scan.exe madExcept ThreadExceptFrame >> created by main thread ($131c) at: 0229a0e2 +000 a2framework.dll thread $16f8: 7c90d1fa +a ntdll.dll NtDelayExecution thread $1048 (TScanThread): 7c90df3a +00a ntdll.dll NtWaitForSingleObject 7c8025d5 +085 kernel32.dll WaitForSingleObjectEx 7c80253d +00d kernel32.dll WaitForSingleObject 00577bef +00f a2scan.exe EngineInterface 543 +2 ScanDirectory 0058f108 +048 a2scan.exe uTScanThread 728 +6 TScanThread.DoScanDirectory 0058c9c6 +10a a2scan.exe uTScanThread 213 +18 TScanThread.Execute 0044ffeb +02b a2scan.exe madExcept HookedTThreadExecute 00475226 +036 a2scan.exe Classes 9866 +7 ThreadProc 00404fbc +028 a2scan.exe System 12127 +33 ThreadWrapper 0044fecd +00d a2scan.exe madExcept CallThreadProcSafe 0044ff37 +037 a2scan.exe madExcept ThreadExceptFrame >> created by main thread ($131c) at: 0058c7d4 +10c a2scan.exe uTScanThread 176 +22 TScanThread.Create modules: 00400000 a2scan.exe 4.0.0.51 C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE 02210000 a2framework.dll 4.0.0.3 C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE 02fd0000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32 04140000 FileptcIconOverlay.dll 4.6.1.2 C:\WINDOWS\system32\FPAP-EXL600 10000000 avgrsstx.dll 8.0.0.134 C:\WINDOWS\system32 129b0000 OpHookSE4.dll 15.0.0.0 C:\Program Files\ScanSoft\OmniPageSE4.0 1a400000 urlmon.dll 8.0.6001.18241 C:\WINDOWS\system32 5b190000 uxtheme.dll 6.0.2900.5512 C:\WINDOWS\system32 5dca0000 iertutil.dll 8.0.6001.18241 C:\WINDOWS\system32 62980000 sprthook.dll 7.0.940.0 C:\Program Files\Belgacom\bin 63000000 WININET.dll 8.0.6001.18241 C:\WINDOWS\system32 6ff20000 NETAPI32.dll 5.1.2600.5694 C:\WINDOWS\system32 71a20000 WS2HELP.dll 5.1.2600.5512 C:\WINDOWS\system32 71a30000 WS2_32.dll 5.1.2600.5512 C:\WINDOWS\system32 71a50000 wsock32.dll 5.1.2600.5512 C:\WINDOWS\system32 71f10000 security.dll 5.1.2600.5512 C:\WINDOWS\system32 72f70000 winspool.drv 5.1.2600.5512 C:\WINDOWS\system32 73250000 RICHED32.DLL 5.1.2600.0 C:\WINDOWS\system32 746a0000 MSCTF.dll 5.1.2600.5512 C:\WINDOWS\system32 74c00000 OLEACC.dll 4.2.5406.0 C:\WINDOWS\system32 74db0000 RICHED20.DLL 5.30.23.1230 C:\WINDOWS\system32 75250000 msctfime.ime 5.1.2600.5512 C:\WINDOWS\system32 75f20000 browseui.dll 6.0.2900.5512 C:\WINDOWS\system32 76020000 MSVCP60.dll 6.2.3104.0 C:\WINDOWS\system32 76320000 msimg32.dll 5.1.2600.5512 C:\WINDOWS\system32 76330000 IMM32.DLL 5.1.2600.5512 C:\WINDOWS\system32 76350000 comdlg32.dll 6.0.2900.5512 C:\WINDOWS\system32 765a0000 CSCDLL.dll 5.1.2600.5512 C:\WINDOWS\System32 76880000 CRYPTUI.dll 5.131.2600.5512 C:\WINDOWS\system32 76930000 LINKINFO.dll 5.1.2600.5512 C:\WINDOWS\system32 76940000 ntshrui.dll 5.1.2600.5512 C:\WINDOWS\system32 76970000 USERENV.dll 5.1.2600.5512 C:\WINDOWS\system32 76ad0000 ATL.DLL 3.5.2284.1 C:\WINDOWS\system32 76bb0000 PSAPI.dll 5.1.2600.5512 C:\WINDOWS\system32 76bf0000 WINTRUST.dll 5.131.2600.5512 C:\WINDOWS\system32 76c50000 IMAGEHLP.dll 5.1.2600.5512 C:\WINDOWS\system32 76f20000 WLDAP32.dll 5.1.2600.5512 C:\WINDOWS\system32 76f90000 CLBCATQ.DLL 2001.12.4414.700 C:\WINDOWS\system32 77010000 COMRes.dll 2001.12.4414.700 C:\WINDOWS\system32 770e0000 oleaut32.dll 5.1.2600.5512 C:\WINDOWS\system32 77390000 comctl32.dll 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 774a0000 ole32.dll 5.1.2600.5512 C:\WINDOWS\system32 778e0000 SETUPAPI.dll 5.1.2600.5512 C:\WINDOWS\system32 779e0000 cscui.dll 5.1.2600.5512 C:\WINDOWS\System32 77a40000 CRYPT32.dll 5.131.2600.5512 C:\WINDOWS\system32 77ae0000 MSASN1.dll 5.1.2600.5512 C:\WINDOWS\system32 77b00000 apphelp.dll 5.1.2600.5512 C:\WINDOWS\system32 77bd0000 version.dll 5.1.2600.5512 C:\WINDOWS\system32 77be0000 msvcrt.dll 7.0.2600.5512 C:\WINDOWS\system32 77da0000 RPCRT4.dll 5.1.2600.5512 C:\WINDOWS\system32 77e40000 GDI32.dll 5.1.2600.5512 C:\WINDOWS\system32 77e90000 SHLWAPI.dll 6.0.2900.5512 C:\WINDOWS\system32 77f10000 Secur32.dll 5.1.2600.5512 C:\WINDOWS\system32 77f40000 advapi32.dll 5.1.2600.5512 C:\WINDOWS\system32 7c800000 kernel32.dll 5.1.2600.5512 C:\WINDOWS\system32 7c900000 ntdll.dll 5.1.2600.5512 C:\WINDOWS\system32 7c9c0000 SHELL32.dll 6.0.2900.5512 C:\WINDOWS\system32 7e210000 shdocvw.dll 6.0.2900.5512 C:\WINDOWS\system32 7e390000 USER32.dll 5.1.2600.5512 C:\WINDOWS\system32 processes: 0000 Idle 0004 System normal 0328 smss.exe normal C:\WINDOWS\system32 03dc csrss.exe normal C:\WINDOWS\system32 03f8 winlogon.exe high C:\WINDOWS\system32 0440 services.exe normal C:\WINDOWS\system32 044c lsass.exe normal C:\WINDOWS\system32 0520 svchost.exe normal C:\WINDOWS\system32 05f8 svchost.exe normal C:\WINDOWS\system32 0620 MsMpEng.exe normal C:\Program Files\Windows Defender 0660 svchost.exe normal C:\WINDOWS\System32 06a0 EvtEng.exe normal C:\Program Files\Intel\Wireless\Bin 06c0 S24EvMon.exe normal C:\Program Files\Intel\Wireless\Bin 0734 svchost.exe normal C:\WINDOWS\system32 075c svchost.exe normal C:\WINDOWS\system32 00c8 spoolsv.exe normal C:\WINDOWS\system32 0104 SCardSvr.exe normal C:\WINDOWS\System32 0250 a2service.exe normal C:\Program Files\a-squared Anti-Malware 0274 AppleMobileDeviceService.exe normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin 0288 avgwdsvc.exe normal C:\PROGRA~1\AVG\AVG8 0298 mDNSResponder.exe normal C:\Program Files\Bonjour 03e0 prevxcsi.exe normal C:\Program Files\PrevxCSI 0578 beidservicecrl.exe normal C:\WINDOWS\system32 05b8 beidservicepcsc.exe normal C:\WINDOWS\system32 063c GoogleUpdaterService.exe normal C:\Program Files\Google\Common\Google Updater 0690 jqs.exe idle C:\Program Files\Java\jre6\bin 06f8 LSSrvc.exe normal C:\Program Files\Common Files\LightScribe 0698 mdm.exe normal C:\Program Files\Common Files\Microsoft Shared\VS7Debug 0728 nod32krn.exe normal C:\Program Files\Eset 07a8 avgrsx.exe normal C:\PROGRA~1\AVG\AVG8 07c4 nvsvc32.exe normal C:\WINDOWS\system32 016c RegSrvc.exe normal C:\Program Files\Intel\Wireless\Bin 01dc sprtsvc.exe normal C:\Program Files\Belgacom\bin 0238 StarWindServiceAE.exe normal C:\Program Files\Alcohol Soft\Alcohol 120\StarWind 02d4 svchost.exe normal C:\WINDOWS\system32 05e4 UTSCSI.EXE normal C:\WINDOWS\system32 0804 avgemc.exe normal C:\PROGRA~1\AVG\AVG8 08e4 SearchIndexer.exe normal C:\WINDOWS\system32 0a7c Explorer.EXE normal C:\WINDOWS 0ab8 prevxcsi.exe normal C:\Program Files\PrevxCSI 0c18 HControl.exe normal C:\WINDOWS\ATK0100 0c78 sm56hlpr.exe normal C:\WINDOWS 0cd0 ATKOSD.exe normal C:\WINDOWS\ATK0100 0cec RTHDCPL.EXE normal C:\WINDOWS 0cf8 ALU.exe normal C:\Program Files\ASUS\ASUS Live Update 0d04 BatteryLife.exe normal C:\Program Files\ASUS\Power4 Gear 0d34 wcourier.exe normal C:\Program Files\Wireless Console 2 0d4c SynTPEnh.exe normal C:\Program Files\Synaptics\SynTP 0de0 ZCfgSvc.exe normal C:\Program Files\Intel\Wireless\bin 0ea4 ifrmewrk.exe normal C:\Program Files\Intel\Wireless\Bin 0ed8 EOUWiz.exe normal C:\Program Files\Intel\Wireless\Bin 0fb8 PDVDServ.exe normal C:\Program Files\ASUSTek\ASUSDVD 02c0 Monitor.exe normal C:\Program Files\Common Files\Ulead Systems\AutoDetector 0158 CalCheck.exe normal C:\Program Files\Ulead Systems\Ulead Photo Express 6 01e4 beidsystemtray.exe normal C:\Program Files\Belgium Identity Card 09fc alg.exe normal C:\WINDOWS\System32 0a1c OpwareSE4.exe normal C:\Program Files\ScanSoft\OmniPageSE4.0 0cbc jusched.exe normal C:\Program Files\Java\jre6\bin 0ff0 sprtcmd.exe normal C:\Program Files\Belgacom\bin 00e8 iTunesHelper.exe normal C:\Program Files\iTunes 0f74 Dot1XCfg.exe normal C:\PROGRA~1\Intel\Wireless\Bin 0f18 avgtray.exe normal C:\PROGRA~1\AVG\AVG8 0d2c ctfmon.exe normal C:\WINDOWS\system32 0f58 GoogleToolbarNotifier.exe normal C:\Program Files\Google\GoogleToolbarNotifier 0fa0 MsnMsgr.Exe normal C:\Program Files\Windows Live\Messenger 0c88 iPodService.exe normal C:\Program Files\iPod\bin 0a60 svchost.exe normal C:\WINDOWS\System32 0eb8 GoogleUpdate.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update 0f68 SUPERAntiSpyware.exe normal C:\Program Files\SUPERAntiSpyware 0488 ChkMail.exe normal C:\Program Files\Asus\Asus ChkMail 0dac WindowsSearch.exe normal C:\Program Files\Windows Desktop Search 09ec TosBtMng.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 0ec8 TosA2dp.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 1218 TosBtHid.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 1228 TosBtHsp.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 14e8 tosOBEX.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 15b4 tosBtProc.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack 1310 a2scan.exe normal C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE 14c4 usnsvc.exe normal C:\Program Files\Windows Live\Messenger 0b8c filezilla.exe normal C:\Program Files\FileZilla FTP Client 09b0 chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application 1204 chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application 08ac chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application 1188 wuauclt.exe normal C:\WINDOWS\system32 1578 chrome.exe below normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application 13bc MpCmdRun.exe normal C:\Program Files\Windows Defender hardware: + Accu's - Accu die voldoet aan Microsoft ACPI-besturingsmethode - Microsoft AC-adapter + Beeldapparaten (camera's en scanners) - USB2.0 1.3M Web Cam (driver 1.0.0.10) + Beeldschermadapters - NVIDIA GeForce Go 7300 (driver 8.2.9.3) + Besturing voor geluid, video en spelletjes - Audiocodecs - Legacy-audiostuurprogramma's - Legacy-videovastlegapparaten - Mediabeheerapparaten - Realtek High Definition Audio (driver 5.10.0.5165) - TASCAM US-122L (driver 1.11.4.0) - TASCAM US-122L MIDI (driver 1.11.4.0) - Videocodecs + Bluetooth - Bluetooth RFBNEP (driver 4.0.920.0) - Bluetooth RFBUS (driver 4.0.915.0) - Bluetooth RFCOMM (driver 4.0.920.0) - Bluetooth RFHID (driver 4.0.903.0) + Computer - ACPI Multiprocessor-pc + Dvd-/cd-rom-stations - IX4080S RLC643A SCSI CdRom Device - TSSTcorp CD/DVDW TS-L632D + Human Interface Devices - USB-HID + IDE ATA/ATAPI-controllers - Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF (driver 7.0.0.1020) - Primair IDE-kanaal - Ricoh Memory Stick Host Controller (driver 1.0.1.12) - Ricoh SD Bus Host Adapter (driver 1.0.3.6) + IEEE 1394 Bus Host Controllers - OHCI Compliant IEEE 1394 Host Controller + Modems - Motorola SM56 Data Fax Modem (driver 6.10.3.0) - Standaardmodem (33600 bps) + Monitors - Plug en Play-monitor - Plug en Play-monitor - Standaardbeeldscherm - Standaardbeeldscherm + Muizen en andere aanwijsapparaten - HID-compliant muis - Synaptics PS/2 Port TouchPad (driver 8.2.0.0) + Netwerkadapters - 1394-netwerkkaart - Bluetooth Personal Area Network (driver 4.0.920.0) - Intel(R) PRO/Wireless 3945ABG Network Connection (driver 10.1.0.13) - Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC (driver 5.638.1116.2005) + PCMCIA-adapters - Ricoh R/RL/5C476(II) of compatibele CardBus Controller + Poorten (COM & LPT) - BT Port (COM10) - BT Port (COM11) - BT Port (COM12) - BT Port (COM13) - BT Port (COM14) - BT Port (COM20) - BT Port (COM21) - BT Port (COM40) - BT Port (COM6) - BT Port (COM7) + Processors - Genuine Intel(R) CPU T2300 @ 1.66GHz - Genuine Intel(R) CPU T2300 @ 1.66GHz + Schijfstations - HTS541010G9AT00 - WD 4000AAJ External USB Device - WD 5000AAJ External USB Device + SCSI- en RAID-controllers - SCSI/RAID Host Controller + Systeemapparaten - ACPI-aan/uit-knop - ACPI-deksel - ACPI-slaapstandknop - ACPI-thermale zone - ACPI-vaste-functieknop - ACPI-ventilator - ATK0100 ACPI UTILITY (driver 1043.2.15.101) - BIOS-stuurprogramma voor Microsoft Systeembeheer - Controller voor directe geheugentoegang - Ingesloten controller die voldoet aan Microsoft ACPI - Intel(R) 82801 PCI Bridge - 2448 - Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 (driver 7.0.0.1020) - Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 (driver 7.0.0.1020) - Intel(R) 82801GBM (ICH7-M) LPC Interface Controller - 27B9 (driver 7.0.0.1020) - ISAPNP Read Data-poort - Microcode Update-apparaat - Microsoft Composite Battery - Microsoft UAA-busstuurprogramma voor High Definition Audio - Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express PCI Express Root Port - 27A1 (driver 7.1.0.1011) - Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0 (driver 7.1.0.1011) - Moederbordbronnen - Moederbordbronnen - Moederbordbronnen - Moederbordbronnen - Moederbordbronnen - Numerieke-gegevensprocessor - PCI-bus - Programmeerbare interruptcontroller - Stuurprogramma voor muis van Terminal Server - Systeem dat voldoet aan Microsoft ACPI - Systeem-CMOS/Real-timeklok - Systeemkaart - Systeemkaart - Systeemluidspreker - Systeemtimer - Teller voor Plug en Play-apparatuur - Toestenbordstuurprogramma voor Terminal Server - Uitgebreide I/O-bus - Volumebeheer + Toetsenborden - Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord + USB-controllers - BT-183 Bluetooth 2.0 (driver 4.0.1216.0) - Generic USB Hub - Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 (driver 7.0.0.1020) - Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 (driver 7.0.0.1020) - Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA (driver 7.0.0.1020) - Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB (driver 7.0.0.1020) - Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC (driver 7.0.0.1020) - TASCAM US-122L (driver 1.11.4.0) - USB-apparaat voor massaopslag - USB-apparaat voor massaopslag - USB-hoofdhub - USB-hoofdhub - USB-hoofdhub - USB-hoofdhub - USB-hoofdhub + VSO devices - Patin Couffin engine cpu registers: eax = 00d31438 ebx = 0047b454 ecx = 00d31438 edx = 0047e15d esi = 0013f7e4 edi = 0013f768 eip = 0047e15d esp = 0013f4d8 ebp = 0013f61c stack dump: 0013f4d8 5d e1 47 00 de fa ed 0e - 01 00 00 00 07 00 00 00 ].G............. 0013f4e8 ec f4 13 00 5d e1 47 00 - 38 14 d3 00 54 b4 47 00 ....].G.8...T.G. 0013f4f8 e4 f7 13 00 68 f7 13 00 - 1c f6 13 00 08 f5 13 00 ....h........... 0013f508 34 f6 13 00 7c 48 40 00 - 1c f6 13 00 00 00 00 00 4...|H@......... 0013f518 4f 6e 76 6f 6c 64 6f 65 - 6e 64 65 20 6f 70 73 6c Onvoldoende.opsl 0013f528 61 67 72 75 69 6d 74 65 - 20 62 65 73 63 68 69 6b agruimte.beschik 0013f538 62 61 61 72 20 6f 6d 20 - 64 65 7a 65 20 6f 70 64 baar.om.deze.opd 0013f548 72 61 63 68 74 20 74 65 - 20 76 65 72 77 65 72 6b racht.te.verwerk 0013f558 65 6e 2e 0d 0a 00 e4 77 - ec 0c 01 fa 7c 9f 87 02 en.....w....|... 0013f568 33 00 00 00 98 f5 13 00 - 01 00 00 00 a8 f5 13 00 3............... 0013f578 1a b9 3a 7e ec 0c 01 fa - 7c 9f 87 02 33 00 00 00 ..:~....|...3... 0013f588 98 f5 13 00 00 00 00 00 - 44 f6 13 00 33 00 00 00 ........D...3... 0013f598 08 01 00 00 0d 00 00 00 - 00 e0 fd 7f 26 00 00 00 ............&... 0013f5a8 e0 f5 13 00 6d 45 3a 7e - ec 0c 01 fa 7c 9f 87 02 ....mE:~....|... 0013f5b8 33 00 00 00 40 00 00 00 - 00 00 00 00 44 f6 13 00 3...@.......D... 0013f5c8 ff ff ff ff 40 00 00 00 - 00 00 00 00 44 f6 13 00 ....@.......D... 0013f5d8 e2 9f 87 02 00 00 00 00 - 64 f7 13 00 e0 f7 13 00 ........d....... 0013f5e8 54 b4 47 00 e8 f6 13 00 - d8 5f e4 77 10 f6 13 00 T.G......_.w.... 0013f5f8 1d 6e e4 77 0a 6f e4 77 - 19 04 01 8a 1c f6 13 00 .n.w.o.w........ 0013f608 fd 59 e4 77 ab 20 01 c1 - e0 f7 13 00 54 b4 47 00 .Y.w........T.G. disassembling: 0047e0dc public Graphics.GDIError: ; function entry point 0047e0dc 2922 push ebp 0047e0dd mov ebp, esp 0047e0df add esp, -$108 0047e0e5 xor eax, eax 0047e0e7 mov [ebp-$108], eax 0047e0ed xor eax, eax 0047e0ef push ebp 0047e0f0 push $47e17d ; System.@HandleFinally 0047e0f5 push dword ptr fs:[eax] 0047e0f8 mov fs:[eax], esp 0047e0fb 2923 call -$7625c ($407ea4) ; Windows.GetLastError 0047e0fb 0047e100 mov [ebp-4], eax 0047e103 2924 cmp dword ptr [ebp-4], 0 0047e107 jz loc_47e15f 0047e107 0047e109 push 0 0047e10b push $100 0047e110 lea eax, [ebp-$104] 0047e116 push eax 0047e117 push $400 0047e11c mov eax, [ebp-4] 0047e11f push eax 0047e120 push 0 0047e122 push $1000 0047e127 call -$76380 ($407dac) ; Windows.FormatMessage 0047e127 0047e12c test eax, eax 0047e12e jz loc_47e15f 0047e12e 0047e130 2926 lea eax, [ebp-$108] 0047e136 lea edx, [ebp-$104] 0047e13c mov ecx, $100 0047e141 call -$78e8e ($4052b8) ; System.@LStrFromArray 0047e141 0047e146 mov ecx, [ebp-$108] 0047e14c mov dl, 1 0047e14e mov eax, [$4674a0] 0047e153 call -$2241c ($45bd3c) ; SysUtils.Exception.Create 0047e153 0047e158 > call -$797bd ($4049a0) ; System.@RaiseExcept 0047e158 0047e15d jmp loc_47e164 0047e15d 0047e15d ; --------------------------------------------------------- 0047e15d 0047e15f loc_47e15f: 0047e15f 2928 call -$dc ($47e088) ; Graphics.OutOfResources 0047e15f 0047e164 loc_47e164: 0047e164 2929 xor eax, eax 0047e166 pop edx 0047e167 pop ecx 0047e168 pop ecx 0047e169 mov fs:[eax], edx 0047e16c push $47e184 0047e169 0047e171 loc_47e171: 0047e171 lea eax, [ebp-$108] 0047e177 call -$79134 ($405048) ; System.@LStrClr 0047e177 0047e17c ret 0047e17c 0047e17c ; --------------------------------------------------------- 0047e17c 0047e17d jmp -$79986 ($4047fc) ; System.@HandleFinally 0047e17d 0047e182 jmp loc_47e171 0047e182 0047e182 ; --------------------------------------------------------- 0047e182 0047e184 mov esp, ebp 0047e186 pop ebp 0047e187 ret
  • Heb je enig idee wanneer deze stop van A Square heeft plaatsgevonden ? Was dit op een héél groot bestand ? Of in speciale omstandigheden ? Moeilijke vragen, weet ik ... maar het is dan ook een ongewone fout :(
  • Wat is hééél groot? Ik hou mij bezig met film, dus ik heb hier wel bestanden van 10 GB staan...
  • [quote:2a11b0afc1="JDO0909"]Wat is hééél groot? Ik hou mij bezig met film, dus ik heb hier wel bestanden van 10 GB staan...[/quote:2a11b0afc1] Dat is dus (waarschijnlijk) de oorzaak van de foutmelding. A Squared opent alle bestanden ter controle ... en bij té grote bestanden zou dit fenomeen zich kunnen voordoen. Hoe omzeilen we dat om je probleem toch op te lossen ? Mag ik je een Engelstalige handleiding toesturen in het volgende bericht voor de manuele oplossing van je probleem ?
  • ja, doe maar
  • Best uitvoeren in "veilige modus". 1) Navigate to the problem drive(s) via the Explore option. "Verborgen bestanden" vrijgeven. 2) Click on TOOLS -> FOLDER OPTIONS 3) Click the button which says ‘Show hidden files and folders. 4) UNCHECK the following boxes: Hide extensions for known file types Hide protected operrating system files Bestanden verwijderen. 5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives. 6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present. 7) Check “c:\windows\prefetch” for boot.com file and delete if present. 8) Delete all files from c:\windows\temp (Some files may not delete, that’s ok, they’re in use by the system and not virus files.) 9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp (Again, a couple files may not delete, don’t worry.) En dan in het register via "uitvoeren" : 10) Run Regedit 11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND 12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry. 13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive. 14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each) 15) Close registry editor and try opening the infected drives. They should work now. Laat eens horen of dit helemaal verloopt zoals hier aangeduidt ... en dat het dan nog een positief resultaat heeft ook ?
  • PRACHTIG!! Het is volledig in orde nu. De externe HDD's waar ik mee werk zijn van Western Digital Elements, dus hier stond standaard een autorun.inf op bestaande uit [autorun] icon=Elements.ico Als er nog mensen zijn die dit voor hebben moeten ze de autorun.inf die ze verwijderen later vervangen door bovenstaande. Alles is verlopen zoals hierboven beschreven, alleen heb ik geen resultaten gehad bij stap 14, maar die zullen al verwijderd zijn bij de vorige stappen die je al geadviseerd had. Verschrikkelijk hard bedankt voor alle moeite!!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.