Vraag & Antwoord

Beveiliging & privacy

HJT Log: Google hits naar vreemde sites

1 antwoord
  • HJT Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:54:33, on 7-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\WinXP\LOCALS~1\Temp\SAS_SelfExtract\program.com C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\AVG\AVG9\avgcmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schonkcomputersolutions.nl/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [HyvesDesktop.exe] C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; InfoPath.1)" -"http://www.spele.nl/game/quad/quad_7.html" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- End of file - 9341 bytes Startup log: StartupList report, 7-10-2010, 21:58:32 StartupList version: 1.52.2 Started from : C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v8.00 (8.00.6001.18702) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\WinXP\LOCALS~1\Temp\SAS_SelfExtract\program.com C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\WinXP\Menu Start\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe RTHDCPL = RTHDCPL.EXE SkyTel = SkyTel.EXE Alcmtr = ALCMTR.EXE NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime AVG9_TRAY = C:\PROGRA~1\AVG\AVG9\avgtray.exe SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HyvesDesktop.exe = C:\PROGRA~1\HYVESD~1\bin\HYVESD~1.EXE -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Shockwave Updater = C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; InfoPath.1)" -"http://www.spele.nl/game/quad/quad_7.html" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG9\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll - {A3BC75A2-1F87-4686-AA43-5347D756017C} (no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9} (no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job GoogleUpdateTaskMachineCore.job GoogleUpdateTaskMachineUA.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [System Requirements Lab Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll CODEBASE = http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd [Checkers Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [UnoCtrl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll CODEBASE = http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab [Java Plug-in 1.6.0_21] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [Java Plug-in 1.6.0_21] InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_21.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Minesweeper Flags Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MineSweeper.dll CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-stuurprogramma: system32\DRIVERS\ACPI.sys (system) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) ASP.NET-statusservice: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Stuurprogramma voor RAS asyncrone media: system32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: system32\DRIVERS\atapi.sys (system) ATM ARP-client-protocol: system32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: system32\DRIVERS\audstub.sys (manual start) AVG Free WatchDog: "C:\Program Files\AVG\AVG9\avgwdsvc.exe" (autostart) AVG Free AVI Loader Driver x86: \SystemRoot\System32\Drivers\avgldx86.sys (system) AVG Free On-access Scanner Minifilter Driver x86: \SystemRoot\System32\Drivers\avgmfx86.sys (system) AVG Free8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (system) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) SpeedTouch 120g Wireless USB Adapter Driver: system32\DRIVERS\BT4501D.sys (manual start) Cd-rom-stuurprogramma: system32\DRIVERS\cdrom.sys (system) Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) COM+-systeemtoepassing: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: system32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) Extensible Authentication Protocol-service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor diskettestationcontroller: system32\DRIVERS\fdc.sys (manual start) Stuurprogramma voor diskettestation: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start) FssFltr: system32\DRIVERS\fssfltr_tdi.sys (autostart) De service Windows Live Family Safety: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" (manual start) Stuurprogramma voor Volumebeheer: system32\DRIVERS\ftdisk.sys (system) Algemene pakketclassificeerder: system32\DRIVERS\msgpc.sys (manual start) Google Updateservice (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (autostart) Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start) Microsoft UAA-busstuurprogramma voor High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Health Key and Certificate Management-service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: system32\DRIVERS\i8042prt.sys (system) Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start) Filterstuurprogramma voor het branden van cd's: system32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\system32\imapi.exe (manual start) Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start) IPSEC-stuurprogramma: system32\DRIVERS\ipsec.sys (system) IR Enumerator-service: system32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: system32\DRIVERS\isapnp.sys (system) Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart) Stuurprogramma voor verschillende toetsenbordtypen: system32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) MBAMSwissArmy: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys (manual start) Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Delen van Extern bureaublad met NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: system32\DRIVERS\mouclass.sys (system) WebDav-client-redirector: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) BIOS-stuurprogramma voor Microsoft Systeembeheer: system32\DRIVERS\mssmbios.sys (manual start) ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start) NAP-agent (Network Access Protection): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) RAS NDIS TAPI-stuurprogramma: system32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: system32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: system32\DRIVERS\netbios.sys (system) NetBios over Tcpip: system32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\system32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled) Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start) NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start) Sony Ericsson OMSI download service: C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (autostart) Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Stuurprogramma voor parallelle poort: system32\DRIVERS\parport.sys (manual start) PCI Bus-stuurprogramma: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-services: %SystemRoot%\system32\lsass.exe (autostart) WAN-minipoort (PPTP): system32\DRIVERS\raspptp.sys (manual start) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS-pakketplanner: system32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: system32\DRIVERS\ptilink.sys (manual start) Stuurprogramma voor Automatische verbinding voor RAS: system32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) WAN-minipoort (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: system32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start) Stuurprogramma voor afspeelfilter van digitale cd-audio: system32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Sony Ericsson Device 1018 driver (WDM): system32\DRIVERS\s1018bus.sys (manual start) Sony Ericsson Device 1018 USB WMC Modem Filter: system32\DRIVERS\s1018mdfl.sys (manual start) Sony Ericsson Device 1018 USB WMC Modem Driver: system32\DRIVERS\s1018mdm.sys (manual start) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM): system32\DRIVERS\s1018mgmt.sys (manual start) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS): system32\DRIVERS\s1018nd5.sys (manual start) Sony Ericsson Device 1018 USB WMC OBEX Interface: system32\DRIVERS\s1018obex.sys (manual start) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM): system32\DRIVERS\s1018unic.sys (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SASDIFSV: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS (system) SASKUTIL: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS (system) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SeaPort: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sony Ericsson seehcri Device Driver: system32\DRIVERS\seehcri.sys (manual start) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: system32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: system32\DRIVERS\serial.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: system32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) SRV: system32\DRIVERS\srv.sys (manual start) SSDP Discovery-service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Software Bus-stuurprogramma: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{B4AD3273-B052-4DC7-B7E0-2F0FB1142E07} (manual start) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: system32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: system32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microcode Update-stuurprogramma: system32\DRIVERS\update.sys (manual start) Universele Plug en Play-apparaathost: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start) Stuurprogramma voor USB-scanner: system32\DRIVERS\usbscan.sys (manual start) Stuurprogramma voor USB-massaopslag: system32\DRIVERS\USBSTOR.SYS (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: system32\DRIVERS\wanarp.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-prestatieadapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Windows Media Player Network Sharing-service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start) WpdUsb: system32\DRIVERS\wpdusb.sys (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatische updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\WinXP\LOCALS~1\Temp\SAS_SelfExtract||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX||C:\Config.Msi\694fd.rbf||C:\Config.Msi\69503.rbf||C:\Config.Msi\69504.rbf||C:\Config.Msi\69505.rbf||C:\Config.Msi\69561.rbf||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll||C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\TBM52.tmp|C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll||| -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 39.436 bytes Report generated in 0,968 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Ik heb zelf ook al even gekeken, maar op het oog geen vreemde dingen gevonden. Echter als ik via Google zoek en ik op een hit klik kom ik vervolgens op allerlei vreemde sites. Ook heb ik MBAM en Super anti-spyware laten scannen, echter zonder resultaat. Volgens de beste man had zijn zoontje op een "MSN-virus" geklikt, zoiets als "Kijk eens naar deze foto...." Omdat ik er al een hele tijd uit ben vraag ik de experts even.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.