Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Word en ppt foutmelding, Hijack this log

None
10 antwoorden
  • Hallo,

    Sinds een paar dagen gaat het downloaden van bestanden uit emails (hotmail) zeer langzaam. En een aantal word en powerpoint bestanden kan ik niet openen, ik krijg ik de volgende foutmeldingen:

    Bij word krijg ik een foutmelding met de volgende feedback:

    - Controleer de bestandsmachtigingen voor het document of station
    - Controleer of er voldoende geheugen en schijfruimte beschikbaar is
    - Open het bestand met de conversiefunctie voor tekstherstel
    (bovenste 2 lijken me niet van toepassing)

    Bij powerpoint staat er dat er geen conversieprogramma voor het betreffende bestandstype is geïnstalleerd.

    Ik heb CCleaner onlangs gedraaid, misschien dat dat er iets mee te maken heeft.
    Ik hoop dat iemand een oplossing heeft, bij voorbaat dank.
    Misschien kan de oplossing uit m'n Hijack This log gehaald worden:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:31:47, on 11-12-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xscwyqculnfqvfsqvzk.com/fQfdkPbWncNb3hnD0r/TcxISx_uynrYkA/ff/6o6ow9rkmZpifVmNQTkZfHeSknq.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 64.233.167.104 sandbox.norman.no
    O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://1993.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC0CA751-AB46-4C5A-99A1-6E164DE3211E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS4\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Intel Corporation - (no file)
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Je gebruikt nog een oude versie van HiJackThis. Download eerst de meest actuele versie hier : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

    Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:81f64e210c]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xscwyqculnfqvfsqvzk.com/fQfdkPbWncNb3hnD0r/TcxISx_uynrYkA/ff/6o6ow9rk mZpifVmNQTkZfHeSknq.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
    O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads /player/Install2.5/Installer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Intel Corporation - (no file)[/b:81f64e210c]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:81f64e210c]Combofix[/color:81f64e210c][/b:81f64e210c] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:81f64e210c]download Combofix opnieuw[/b:81f64e210c].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:81f64e210c]
    Dubbelklik op [b:81f64e210c]Combofix.exe[/b:81f64e210c] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:81f64e210c]Ja[/b:81f64e210c] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:81f64e210c]JA[/b:81f64e210c] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:81f64e210c]OK[/b:81f64e210c] en [b:81f64e210c]Ja[/b:81f64e210c] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:81f64e210c]Ja[/b:81f64e210c] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:81f64e210c]NIET[/b:81f64e210c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:81f64e210c]
    Wanneer de fix voltooid is en na herstart, zal de log [b:81f64e210c]Combofix.txt[/b:81f64e210c] openen.

    Post dit logje in je volgende antwoord, samen met een nieuw log van HiJackThis.
  • ComboFix 08-12-11.03 - Jurrian van der laan 2008-12-11 23:15:42.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.279 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Jurrian van der laan\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents
    C:\SETUP.BAT
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\system32\3208\3208.exe
    c:\windows\system32\3208\3308.exe
    c:\windows\system32\ATHPRXY(2).DLL
    c:\windows\system32\FM20(2).DLL
    c:\windows\system32\FM20NLD(2).DLL
    c:\windows\system32\kazaabackupfiles
    C:\z.txt

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-11-11 to 2008-12-11 ))))))))))))))))))))))))))))))
    .

    2096-11-20 21:14 . 2096-11-20 21:14 <DIR> d——– c:\documents and settings\All Users\Application Data\Grisoft
    2083-09-07 11:21 . 2083-09-07 11:21 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\Lavasoft
    2083-09-07 10:50 . 2083-09-07 10:50 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\SuperAdBlocker.com
    2083-09-07 10:47 . 2083-09-07 10:47 4,544,296 –a–c— c:\documents and settings\Jurrian van der laan\SuperAdBlocker.exe
    2008-12-11 14:55 . 2008-12-11 14:56 <DIR> d——– c:\windows\LastGood
    2008-12-11 14:41 . 2008-12-11 14:41 <DIR> d——– C:\Monty Python and the Holy Grail 1975
    2008-12-11 14:40 . 2008-12-11 14:40 <DIR> d——– c:\program files\FDRLab
    2008-12-11 14:40 . 2008-12-11 14:40 <DIR> d——– c:\program files\DROPCLOCK
    2008-12-11 14:40 . 2008-12-11 14:40 <DIR> d——– c:\program files\Azureus
    2008-12-11 14:39 . 2008-12-11 14:39 <DIR> d——– c:\program files\YouTube Downloader
    2008-12-11 14:39 . 2008-12-11 14:39 <DIR> d——– c:\program files\OJOsoft Total Video Converter
    2008-12-11 14:39 . 2008-12-11 16:39 <DIR> dr-h—– c:\documents and settings\Jurrian van der laan\Onlangs geopend
    2008-12-11 14:38 . 2008-12-11 14:38 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\SPORE
    2008-12-11 08:35 . 2008-12-11 14:50 1,393 –a—— c:\windows\imsins.BAK
    2008-12-09 22:45 . 2008-12-09 22:45 <DIR> d——– c:\windows\Logs
    2008-12-09 22:42 . 2008-12-09 22:42 <DIR> d——– c:\program files\Microsoft Games for Windows - LIVE
    2008-12-07 16:14 . 2008-12-03 16:05 2,696,642 –a—— C:\Grand.Theft.Auto.IV.PC.Manual.pdf
    2008-12-06 23:57 . 2008-12-11 14:41 <DIR> d——– c:\program files\Half-Life 2 - Black Box
    2008-11-28 18:26 . 2008-11-28 18:26 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\InstallShield
    2008-11-19 17:51 . 2008-11-15 12:47 2,499,827,712 –a—— C:\Bourne Supremacy, The (2004).iso
    2008-11-18 09:03 . 2008-11-18 09:03 <DIR> d——– c:\program files\iTunes
    2008-11-18 09:03 . 2008-11-18 09:03 <DIR> d——– c:\program files\iPod
    2008-11-18 09:03 . 2008-11-18 09:03 <DIR> d——– c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-13 18:32 . 2008-11-13 18:33 <DIR> d——– C:\DownloadStad.nl
    2008-11-13 18:31 . 2008-12-11 23:17 <DIR> d——– c:\windows\system32\3208
    2008-11-11 18:37 . 2008-11-11 18:37 <DIR> d——– c:\program files\ProtectDisc Driver Installer
    2008-11-11 18:37 . 2008-11-11 18:37 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\ProtectDisc
    2008-11-11 18:35 . 2008-11-11 18:35 <DIR> d——– c:\documents and settings\Jurrian van der laan\Application Data\MAGIX
    2008-11-11 17:02 . 2008-12-11 14:40 <DIR> d——– c:\program files\MAGIX
    2008-11-11 17:02 . 2007-04-27 10:43 120,200 –a—— c:\windows\system32\DLLDEV32i.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-11 21:44 ——— d—–w c:\program files\Virtools Web Player 2.5
    2008-12-11 19:04 31 —-a-w c:\documents and settings\Justin van der laan\jagex_runescape_preferences.dat
    2008-12-11 16:39 ——— d—–w c:\program files\SPAMfighter
    2008-12-11 14:07 50,616 —-a-w c:\documents and settings\Jurrian van der laan\Application Data\wklnhst.dat
    2008-12-11 13:40 ——— d—–w c:\documents and settings\All Users\Application Data\MAGIX
    2008-12-11 13:38 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-11 13:38 ——— d–h–r c:\documents and settings\All Users\Application Data\SecuROM
    2008-12-11 13:38 ——— d—–w c:\program files\Rockstar Games
    2008-12-11 13:37 ——— d—–w c:\program files\SystemRequirementsLab
    2008-12-02 15:06 ——— d—–w c:\documents and settings\Justin van der laan\Application Data\LimeWirePlus
    2008-11-28 17:45 ——— d—–w c:\documents and settings\Jurrian van der laan\Application Data\dvdcss
    2008-11-28 17:26 ——— d—–w c:\program files\Codemasters
    2008-11-25 10:58 140,216 —-a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-22 14:29 ——— d—–w c:\program files\Hitman Pro
    2008-11-22 11:10 ——— d—–w c:\program files\SpywareBlaster
    2008-11-22 09:22 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-12 21:06 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-10-28 12:19 ——— d—–w c:\documents and settings\Jurrian van der laan\Application Data\LimeWirePlus
    2008-10-28 12:10 ——— d—–w c:\program files\FTDv3.8
    2008-10-27 17:29 ——— d—–w c:\program files\NOS
    2008-10-27 17:29 ——— d—–w c:\documents and settings\All Users\Application Data\NOS
    2008-10-27 17:26 ——— d—–w c:\program files\Common Files\Adobe AIR
    2008-10-27 17:20 ——— d—–w c:\program files\Common Files\Adobe
    2008-10-27 16:12 9,920 —-a-w c:\documents and settings\Justin van der laan\Application Data\wklnhst.dat
    2008-09-04 14:16 7,834 —-a-w c:\documents and settings\Jurrian van der laan
    evis.zip
    2008-04-18 11:37 23,450 -c–a-w c:\documents and settings\Judith van Raalte\Application Data\wklnhst.dat
    2007-11-24 11:58 79,104 -c–a-w c:\documents and settings\Jurrian van der laan\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-04 15:51 78,336 -c–a-w c:\documents and settings\Justin van der laan\Application Data\GDIPFONTCACHEV1.DAT
    2006-02-20 19:23 25,768,495 -c–a-w c:\program files\rad_w2kxp_omega_38221.exe
    2005-12-03 02:04 1,360 -c–a-w c:\program files\GameInfo.txt
    2005-11-01 09:24 5,862,994 -c–a-w c:\documents and settings\Jurrian van der laan\ts2_client_rc2_2032.exe
    2005-10-25 11:07 2,355,965 -c–a-w c:\documents and settings\Jurrian van der laan\Setup_MagicISO.exe
    2005-10-01 14:30 844,272 -c–a-w c:\documents and settings\Jurrian van der laan\advisor.exe
    2005-09-05 14:29 2,047,441 —-a-w c:\documents and settings\Jurrian van der laan\hitwarelite.zip
    2005-09-05 14:15 1,515,135 -c–a-w c:\documents and settings\Jurrian van der laan\PopThisInstall.exe
    2005-09-03 13:38 12,789,248 -c–a-w c:\documents and settings\Jurrian van der laan\MP10Setup.exe
    2004-05-14 15:34 60,376 -c–a-w c:\documents and settings\Judith van Raalte\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-09-02 124048]
    "LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
    "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-10 100056]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-18 180269]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Cmaudio"="cmicnfg.cpl" [2003-09-12 c:\windows\CMICNFG.CPL]
    "Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-28 54424]

    c:\documents and settings\Jurrian van der laan\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\PCzapper Media Manager.lnk
    backup=c:\windows\pss\PCzapper Media Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jurrian van der laan^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Jurrian van der laan^Menu Start^Programma's^Opstarten^RollerCoaster Tycoon 3 Registration.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Jurrian van der laan^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Justin van der laan^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Justin van der laan^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lite Link
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopOops
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
    –a—— 2006-03-20 20:43 331776 c:\program files\AGEIA Technologies\TrayIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    –a—— 2005-03-31 15:11 71256 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    –a—— 2005-12-10 15:57 133016 c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
    –a—— 2002-12-02 20:56 40960 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    –a—— 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    -ra—— 2002-12-17 11:40 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    –a—— 2003-03-11 13:08 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    –a—— 2003-05-16 00:41 163840 c:\program files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    –a—— 2008-02-01 12:55 1103240 c:\program files\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    –a—— 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    –a—— 2005-01-18 16:47 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    –a—— 2005-01-18 16:37 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2007-12-05 00:41 8523776 c:\windows\system32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2007-12-05 00:41 81920 c:\windows\system32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    –a—— 2003-06-24 14:23 61440 c:\program files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    –a—— 2003-05-28 15:37 394240 c:\windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    –a—— 2008-07-14 17:38 321160 c:\program files\SPAMfighter\SFAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2006-10-12 03:10 49263 c:\program files\Java\jre1.5.0_09\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2006-04-18 14:04 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    ——— 2004-08-04 09:03 110592 c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    –a—— 2003-06-27 14:39 506368 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    –a—— 2003-06-27 08:36 5798912 c:\windows\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    –a—— 2007-12-05 00:41 1626112 c:\windows\system32
    wiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SPAMfighter Update Service"=2 (0x2)
    "navapsvc"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "btwdins"=2 (0x2)
    "BthServ"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Adobe LM Service"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\aTube Catcher 1.0\\smh.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
    R1 SSHDRV76;SSHDRV76;\??\c:\windows\System32\drivers\SSHDRV76.sys [2006-03-13 53760]
    R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
    R2 ithsgt;ithsgt;c:\windows\system32\DRIVERS\ithsgt.sys [2005-10-24 162432]
    R2 lilsgt;lilsgt;c:\windows\system32\DRIVERS\lilsgt.sys [2005-10-24 12032]
    R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-14 184968]
    R2 SVKP;SVKP;\??\c:\windows\System32\SVKP.sys [2005-08-11 2368]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
    R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2003-09-10 362688]
    R3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys [2005-10-24 48928]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys []
    S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
    S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
    S3 Fatlspsnd;Fatlspsnd; []
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-11-11 1527900]
    S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2005-07-29 7552]
    S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - PROCEXP90
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-12-05 c:\windows\Tasks\Easy Onderhoud.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-22 15:18]

    2008-12-11 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-28 17:31]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-Explorer_Run-avnort - c:\windows\msmbw.exe
    HKCU-Explorer_Run-ltwob - c:\windows\System32\formatsys.exe
    HKCU-Explorer_Run-serpe - c:\windows\System32\serbw.exe
    MSConfigStartUp-KAZAA - c:\program files\Kazaa Lite K++\kpp.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.hetnet.nl
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;localhost;*.local
    IE: Verzenden naar &Bluetooth - c:\program files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: {073AD6AB-FC0E-4CE0-9D17-624DCB745F7D} = 192.168.0.1
    TCP: {DC0CA751-AB46-4C5A-99A1-6E164DE3211E} = 192.168.1.1

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    c:\windows\Downloaded Program Files\cryptorsa.ocx - O16 -: {003FADA5-8FEE-11D6-AFB7-0004768F6183}
    hxxps://www.p3.postbank.nl/sesam/CAX.cab

    c:\windows\Downloaded Program Files\PBGNX.ocx - O16 -: {DE591B16-A452-11D6-AED1-0001030A4E46}
    hxxps://gto.postbank.nl/GTO/PBGNX.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-11 23:23:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\EVEREST Home Edition\kerneld.wnt"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(672)
    c:\windows\system32\WRLogonNTF.dll
    .
    Voltooingstijd: 2008-12-11 23:27:54
    ComboFix-quarantined-files.txt 2008-12-11 22:27:52

    Pre-Run: 13.592.555.520 bytes beschikbaar
    Post-Run: 14,619,734,016 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    292 — E O F — 2008-12-11 13:51:27







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:07:10, on 12-12-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 64.233.167.104 sandbox.norman.no
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2322109475-3451826836-4237204731-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Justin van der laan')
    O4 - HKUS\S-1-5-21-2322109475-3451826836-4237204731-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Justin van der laan')
    O4 - HKUS\S-1-5-21-2322109475-3451826836-4237204731-1011\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Justin van der laan')
    O4 - HKUS\S-1-5-21-2322109475-3451826836-4237204731-1011\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Justin van der laan')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://justinvanderlaan1993.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC0CA751-AB46-4C5A-99A1-6E164DE3211E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS4\Services\Tcpip\..\{073AD6AB-FC0E-4CE0-9D17-624DCB745F7D}: NameServer = 192.168.0.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Intel Corporation - (no file)
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 10828 bytes






    Ik zie dat er wat programma's op m'n pc staan die niet totaal verwijderd zijn.
  • Toch wel wat opgeruimd met Combofox maar in HJT-log niet echt veel meer aan de hand, buiten het feit dat er inderdaad van een aantal programma's resten overblijven van onvolledige verwijdering (o.a. je virusscanners moet je eens kritisch bekijken).

    Dit mag je nog doen :

    Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:81dc37bd13]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)[/b:81dc37bd13]

    Klik op 'Fix checked' om de items te verwijderen.

    En laat dan eens weten of dit enig soelaas heeft gebracht voor je problemen ?
  • Alles heeft helaas nog helemaal niks geholpen.
  • In je eerste bericht heb je een vermoeden dat het wel eens iets met CCleaner te maken zou kunnen hebben. Heb je bij het gebruik van CCleaner geen backups gemaakt van de verwijderde items. Zo ja, dan zou je deze kunnen terugzetten en zien of dit vermoeden kan kloppen.
  • Screen welke Word versie gebruik jij en welke versie krijg je via de mail.
    Word 2003 heeft .doc maar Word 2007 heeft .docx hiervoor is een conversie programma beschikbaar.
    Sla de .ppt bijlage op op je harde schijf, rename hem naar .pps en het werkt met powerpoint. Ik neem aan dat je dat in het verleden ook kon, anders kun je op het internet een powerpoint reader halen zodat je het kunt bekijken.
    Succes.
  • [quote:a6f8584d2f="KAPE"]In je eerste bericht heb je een vermoeden dat het wel eens iets met CCleaner te maken zou kunnen hebben. Heb je bij het gebruik van CCleaner geen backups gemaakt van de verwijderde items. Zo ja, dan zou je deze kunnen terugzetten en zien of dit vermoeden kan kloppen.[/quote:a6f8584d2f]
    Naar de backups had ik al gezocht, maar die kan ik niet meer vinden.

    [quote:a6f8584d2f="gertcor"]Screen welke Word versie gebruik jij en welke versie krijg je via de mail.
    Word 2003 heeft .doc maar Word 2007 heeft .docx hiervoor is een conversie programma beschikbaar.
    Sla de .ppt bijlage op op je harde schijf, rename hem naar .pps en het werkt met powerpoint. Ik neem aan dat je dat in het verleden ook kon, anders kun je op het internet een powerpoint reader halen zodat je het kunt bekijken.
    Succes.[/quote:a6f8584d2f]
    Ik heb Word 2003, maar de bestanden van mn mail zijn geen .docx bestanden. Als ik de powerpoint bestanden naar .pps rename doen ze het wel (bedankt daarvoor, ik heb ze namelijk nodig voor het leren van een toets) maar ik kan ze niet bewerken. Ik mag uitgetypete aantekeningen gebruiken bij de toets dus het zou handig zijn als ik het e.e.a. uit de sheets kan kopiëren. Met een powerpoint reader kan dit zeker niet? Wat raar is is dat 1 van de .ppt bestanden het wel gewoon doet.
  • [quote:eeb640f0e4="Screen"]Naar de backups had ik al gezocht, maar die kan ik niet meer vinden.[/quote:eeb640f0e4] Zitten die niet in je map van CCleaner, zo iets als C:\ProgramFiles\CCleaner en dan daar cc_……… Zo niet, kan je er eens met een zoekopdracht naar speuren via een zoekterm als cc.*?*.reg
  • Ccleaner staat helemaal niet meer op mn pc, waarschijnlijk ben ik in de war met mn andere pc. Die pc heeft exact hetzelfde probleem met Word, Powerpoint en hotmail.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.