Vraag & Antwoord

Beveiliging & privacy

hijack log

Anoniem
None
26 antwoorden
  • =============================================================================
    Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
    Copyright © Igor Daniloff, 1992-2006
    Log generated on: 2006-08-14, 23:28:29 [CP42482-B][Gijs]
    Command-line: "C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
    Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
    =============================================================================
    Engine version: 4.33 (4.33.4.07270)
    Engine API version: 2.01
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 147 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 212 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 733 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
    [Virus base] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
    Total virus records: 135342
    Key file: C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cureit.key
    License key number: 0000000010
    Registered to: Dr.Web CureIt Project
    License key activates: 2005-03-05
    License key expires: 2007-03-05

    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 0
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 0 Kb/s
    Scan time: 00:00:00
    —————————————————————————–

    Scanning interrupted by user! - no viruses found
    [Scan path] C:\WINDOWS\system32\smss.exe
    [Scan path] C:\WINDOWS\system32\csrss.exe
    [Scan path] C:\WINDOWS\system32\winlogon.exe
    [Scan path] C:\WINDOWS\system32\services.exe
    [Scan path] C:\WINDOWS\system32\lsass.exe
    [Scan path] C:\WINDOWS\system32\ati2evxx.exe
    [Scan path] C:\WINDOWS\system32\svchost.exe
    [Scan path] C:\WINDOWS\system32\spoolsv.exe
    [Scan path] C:\EXECUTIVE SOFTWARE\DISKEEPER\DkService.exe
    [Scan path] C:\Program Files\ewido anti-spyware 4.0\guard.exe
    [Scan path] C:\WINDOWS\system32\UStorSrv.exe
    [Scan path] C:\WINDOWS\system32\alg.exe
    [Scan path] C:\WINDOWS\SOUNDMAN.EXE
    [Scan path] C:\WINDOWS\system32\ctfmon.exe
    [Scan path] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    [Scan path] C:\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    [Scan path] C:\WINDOWS\explorer.exe
    [Scan path] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\_start.exe
    [Scan path] C:\DOCUME~1\Gijs\LOCALS~1\Temp\RarSFX0\cureit.exe
    [Scan path] C:\Program Files\dvd43\dvd43_tray.exe
    [Scan path] C:\Zone Labs\ZoneAlarm\zlclient.exe
    [Scan path] C:\Program Files\TrojanHunter 4.0\THGuard.exe
    [Scan path] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    [Scan path] C:\Documents and Settings\Gijs\Menu Start\Programma's\Opstarten\desktop.ini
    [Scan path] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
    [Scan path] C:\WINDOWS\system32\mmsys.cpl
    [Scan path] C:\WINDOWS\system32\icmui.dll
    [Scan path] C:\WINDOWS\system32\rshx32.dll
    [Scan path] C:\WINDOWS\system32\docprop.dll
    [Scan path] C:\WINDOWS\system32\ntshrui.dll
    [Scan path] C:\WINDOWS\System32\themeui.dll
    [Scan path] C:\WINDOWS\system32\deskadp.dll
    [Scan path] C:\WINDOWS\system32\deskmon.dll
    [Scan path] C:\WINDOWS\system32\dssec.dll
    [Scan path] C:\WINDOWS\system32\SlayerXP.dll
    [Scan path] C:\WINDOWS\system32\shscrap.dll
    [Scan path] C:\WINDOWS\system32\diskcopy.dll
    [Scan path] C:\WINDOWS\system32\ntlanui2.dll
    [Scan path] C:\WINDOWS\system32\printui.dll
    [Scan path] C:\WINDOWS\system32\dskquoui.dll
    [Scan path] C:\WINDOWS\system32\syncui.dll
    [Scan path] C:\WINDOWS\System32\hticons.dll
    [Scan path] C:\WINDOWS\system32\fontext.dll
    [Scan path] C:\WINDOWS\system32\deskperf.dll
    [Scan path] C:\WINDOWS\system32\cryptext.dll
    [Scan path] C:\WINDOWS\system32\NETSHELL.dll
    [Scan path] C:\WINDOWS\system32\wiashext.dll
    [Scan path] C:\WINDOWS\System32\remotepg.dll
    [Scan path] C:\WINDOWS\system32\wuaucpl.cpl
    [Scan path] C:\WINDOWS\System32\wshext.dll
    [Scan path] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
    [Scan path] C:\WINDOWS\System32\mstask.dll
    [Scan path] C:\WINDOWS\system32\shdocvw.dll
    [Scan path] C:\WINDOWS\System32\shmedia.dll
    [Scan path] C:\WINDOWS\System32\browseui.dll
    [Scan path] C:\WINDOWS\System32\sendmail.dll
    [Scan path] C:\WINDOWS\System32\occache.dll
    [Scan path] C:\WINDOWS\System32\webcheck.dll
    [Scan path] C:\WINDOWS\System32\appwiz.cpl
    [Scan path] C:\WINDOWS\system32\shimgvw.dll
    [Scan path] C:\WINDOWS\System32\netplwiz.dll
    [Scan path] C:\WINDOWS\System32\zipfldr.dll
    [Scan path] C:\WINDOWS\System32\cdfview.dll
    [Scan path] C:\WINDOWS\System32\msieftp.dll
    [Scan path] C:\WINDOWS\System32\docprop2.dll
    [Scan path] C:\WINDOWS\System32\dsquery.dll
    [Scan path] C:\WINDOWS\System32\dsuiext.dll
    [Scan path] C:\WINDOWS\System32\mydocs.dll
    [Scan path] C:\WINDOWS\System32\cscui.dll
    [Scan path] C:\WINDOWS\msagent\agentpsh.dll
    [Scan path] C:\WINDOWS\System32\dfsshlex.dll
    [Scan path] C:\WINDOWS\System32\photowiz.dll
    [Scan path] C:\WINDOWS\System32\mmcshext.dll
    [Scan path] C:\WINDOWS\system32\cabview.dll
    [Scan path] C:\Program Files\Outlook Express\wabfind.dll
    [Scan path] C:\WINDOWS\system32\wmpshell.dll
    [Scan path] C:\WinRAR\rarext.dll
    [Scan path] C:\WINDOWS\system32\mscoree.dll
    [Scan path] C:\ALCOHO~1\ALCOHO~1\AXShlEx.dll
    [Scan path] C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    [Scan path] C:\Microsoft Office\OFFICE11\msohev.dll
    [Scan path] C:\Program Files\Owen Rudge\Transport Tycoon Saved Game Manager\TTShlExt.dll
    [Scan path] C:\Zone Labs\ZoneAlarm\zlavscan.dll
    [Scan path] C:\Microsoft Office\Visio11\VISSHE.DLL
    [Scan path] C:\Program Files\PowerISO\PWRISOSH.DLL
    [Scan path] C:\TagRename\TRshell.dll
    [Scan path] C:\MICROS~1\OFFICE11\MLSHEXT.DLL
    [Scan path] C:\MICROS~1\OFFICE11\OLKFSTUB.DLL
    [Scan path] C:\PROGRA~1\TrojanHunter 4.0\contmenu.dll
    [Scan path] C:\WINDOWS\System32\twext.dll
    [Scan path] C:\WINDOWS\System32\extmgr.dll
    [Scan path] C:\WINDOWS\system32\Audiodev.dll
    [Scan path] C:\WINDOWS\system32\wpdshext.dll
    [Scan path] C:\WINDOWS\system32\dfshim.dll
    [Scan path] C:\Program Files\Alwil Software\Avast4\ashShell.dll
    [Scan path] C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll
    [Scan path] C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    [Scan path] C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    [Scan path] C:\WINDOWS\system32\SHELL32.dll
    [Scan path] C:\WINDOWS\System32\stobject.dll
    [Scan path] C:\WINDOWS\system32\WPDShServiceObj.dll
    [Scan path] C:\WINDOWS\system32\Ati2evxx.dll
    [Scan path] C:\WINDOWS\system32\crypt32.dll
    [Scan path] C:\WINDOWS\system32\cryptnet.dll
    [Scan path] C:\WINDOWS\system32\cscdll.dll
    [Scan path] C:\WINDOWS\system32\wlnotify.dll
    [Scan path] C:\WINDOWS\system32\sclgntfy.dll
    [Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
    [Scan path] C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    [Scan path] C:\WINDOWS\system32\drivers\aec.sys
    [Scan path] C:\WINDOWS\System32\drivers\afd.sys
    [Scan path] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    [Scan path] c:\windows\system32\svchost.exe
    [Scan path] C:\WINDOWS\System32\Drivers\AnyDVD.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys
    [Scan path] C:\WINDOWS\System32\drivers\aspi32.sys
    [Scan path] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    [Scan path] C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
    [Scan path] C:\WINDOWS\system32\ati2sgag.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\atksgt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
    [Scan path] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    [Scan path] C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    [Scan path] C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\basic2.sys
    [Scan path] C:\Program Files\Softwin\BitDefender9\bdfdll.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\bridge.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\c347b.sys
    [Scan path] C:\WINDOWS\System32\Drivers\c347s.sys
    [Scan path] C:\WINDOWS\System32\ZoneLabs\isafe.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
    [Scan path] C:\WINDOWS\System32\cisvc.exe
    [Scan path] C:\WINDOWS\system32\clipsrv.exe
    [Scan path] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    [Scan path] c:\windows\system32\dllhost.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\d347bus.sys
    [Scan path] C:\WINDOWS\System32\Drivers\d347prt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
    [Scan path] c:\windows\system32\dmadmin.exe
    [Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
    [Scan path] C:\WINDOWS\System32\drivers\dmio.sys
    [Scan path] C:\WINDOWS\System32\drivers\dmload.sys
    [Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
    [Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
    [Scan path] C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
    [Scan path] C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
    [Scan path] C:\Program Files\ewido anti-spyware 4.0\guard.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\fallback.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
    [Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\fsksnt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\gameenum.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\hamachi.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\hidusb.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HPZid412.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HPZius12.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
    [Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
    [Scan path] C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
    [Scan path] C:\WINDOWS\System32\imapi.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\intelppm.sys
    [Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\k56nt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
    [Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys
    [Scan path] C:\WINDOWS\System32\Drivers\LHidUsb.Sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\lirsgt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys
    [Scan path] C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    [Scan path] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    [Scan path] C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
    [Scan path] C:\WINDOWS\System32\mnmsrvc.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\mouhid.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
    [Scan path] C:\WINDOWS\System32\msdtc.exe
    [Scan path] c:\windows\system32\msiexec.exe
    [Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
    [Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    [Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
    [Scan path] C:\WINDOWS\system32\drivers\msmpu401.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
    [Scan path] C:\WINDOWS\system32\netdde.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys
    [Scan path] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    [Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
    [Scan path] C:\WINDOWS\system32\drivers\pfc.sys
    [Scan path] C:\WINDOWS\System32\HPZipm12.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    [Scan path] C:\WINDOWS\system32\sessmgr.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\rksample.sys
    [Scan path] C:\WINDOWS\System32\locator.exe
    [Scan path] C:\WINDOWS\System32\rsvp.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
    [Scan path] C:\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    [Scan path] C:\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    [Scan path] C:\WINDOWS\System32\SCardSvr.exe
    [Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
    [Scan path] C:\WINDOWS\System32\drivers\sfdrv01.sys
    [Scan path] C:\WINDOWS\System32\drivers\sfhlp02.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\SISAGP.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\faxnt.sys
    [Scan path] C:\WINDOWS\system32\drivers\splitter.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
    [Scan path] C:\WINDOWS\System32\ZoneLabs\srescan.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
    [Scan path] C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    [Scan path] C:\WINDOWS\System32\Drivers\StMp3Rec.sys
    [Scan path] C:\WINDOWS\System32\SVKP.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
    [Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
    [Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
    [Scan path] C:\WINDOWS\system32\smlogsvc.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\tonesnt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
    [Scan path] C:\WINDOWS\System32\ups.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\usbccgp.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\usbprint.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
    [Scan path] c:\windows\system32\ustorsrv.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\v124nt.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\Vax347b.sys
    [Scan path] C:\WINDOWS\System32\Drivers\Vax347s.sys
    [Scan path] C:\WINDOWS\System32\drivers\vga.sys
    [Scan path] C:\WINDOWS\System32\vsdatant.sys
    [Scan path] c:\windows\system32\zonelabs\vsmon.exe
    [Scan path] C:\WINDOWS\System32\vssvc.exe
    [Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
    [Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
    [Scan path] C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
    [Scan path] C:\Program Files\Windows Media Connect 2\wmccds.exe
    [Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
    [Scan path] C:\Program Files\Windows Media Player\WMPNetwk.exe
    [Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
    [Scan path] C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    [Scan path] C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    [Scan path] C:\WINDOWS\system32\ntsd.exe
    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 292
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 3343 Kb/s
    Scan time: 00:00:18
    —————————————————————————–

    [Scan path] C:\
    C:\hiberfil.sys - read error
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2b-Gijs.reg infected with Trojan.StartPage.1505 - deleted
    C:\Documents and Settings\Gijs\NTUSER.DAT - read error
    C:\Documents and Settings\Gijs\NTUSER~1.LOG - read error
    C:\Documents and Settings\Gijs\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt - read error
    C:\Documents and Settings\Gijs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
    C:\Documents and Settings\Gijs\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    C:\Documents and Settings\LocalService\NTUSER.DAT - read error
    C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    C:\Documents and Settings\Marlies Bartels\NTUSER.DAT - read error
    C:\Documents and Settings\Marlies Bartels\NTUSER~1.LOG - read error
    C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
    C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    >C:\Microsoft Office\OFFICE11\1043\VBAOL11.CHM\html/olobjAddressEntries.htm infected with modification of VBS.Petik
    C:\Microsoft Office\OFFICE11\1043\VBAOL11.CHM - archive contains infected objects - moved
    C:\mIRC\mirc.exe is riskware program Program.mIRC.616
    C:\System Volume Information\_restore{40ED3BAE-6BF0-47AC-BEE7-F6E816C626B4}\RP440\A0230058.reg infected with Trojan.StartPage.1505 - deleted
    C:\WINDOWS\system32\CatRoot2\edb.log - read error
    C:\WINDOWS\system32\CatRoot2\tmp.edb - read error
    C:\WINDOWS\system32\config\DEFAULT - read error
    C:\WINDOWS\system32\config\default.LOG - read error
    C:\WINDOWS\system32\config\SAM - read error
    C:\WINDOWS\system32\config\SAM.LOG - read error
    C:\WINDOWS\system32\config\SECURITY - read error
    C:\WINDOWS\system32\config\SECURITY.LOG - read error
    C:\WINDOWS\system32\config\SOFTWARE - read error
    C:\WINDOWS\system32\config\software.LOG - read error
    C:\WINDOWS\system32\config\SYSTEM - read error
    C:\WINDOWS\system32\config\system.LOG - read error
    C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat - read error
    C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat - read error
    C:\WINDOWS\Temp\ZLT079a9.TMP - read error
    C:\WINDOWS\Temp\ZLT079c0.TMP - read error
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt - read error
    >C:\WinRAR\Dos.SFX
    [Scan path] D:\
    D:\Torrent downloads\CloneCD.Ver.5.2.9.1-Multi+Patch+KeyMaker-By.TXT-[COLOMBO-BT.ORG]\Patch+KeyMaker\Patch.exe is hacktool program Tool.ASEye.2

    [Scan path] E:\
    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 305830
    Infected objects found: 2
    Objects with modifications found: 1
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 1
    Hacktool programs found: 1
    Objects cured: 0
    Objects deleted: 2
    Objects renamed: 0
    Objects moved: 1
    Objects ignored: 0
    Scan speed: 434 Kb/s
    Scan time: 01:52:18
    —————————————————————————–

    Scanning interrupted by user! - viruses found
    C:\mIRC\mirc.exe - incurable - moved
    D:\Torrent downloads\CloneCD.Ver.5.2.9.1-Multi+Patch+KeyMaker-By.TXT-[COLOMBO-BT.ORG]\Patch+KeyMaker\Patch.exe - incurable - moved

    =============================================================================
    Total session statistics
    =============================================================================
    Objects scanned: 306122
    Infected objects found: 2
    Objects with modifications found: 1
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 1
    Hacktool programs found: 1
    Objects cured: 0
    Objects deleted: 2
    Objects renamed: 0
    Objects moved: 3
    Objects ignored: 0
    Scan speed: 442 Kb/s
    Scan time: 01:52:36
    =============================================================================
  • Download [b:3ff9d09b73]Combofix[/b:3ff9d09b73] naar je Bureaublad.[list:3ff9d09b73]
    Dubbelklik [b:3ff9d09b73]Combofix.exe[/b:3ff9d09b73]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:3ff9d09b73]NIET[/b:3ff9d09b73] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:3ff9d09b73]
    Wanneer de fix voltooid is en na herstart, zal de log [b:3ff9d09b73]combofix.txt[/b:3ff9d09b73] openen.
    [i:3ff9d09b73]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:3ff9d09b73]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • wat wordt er eigenlijk onder "riskware" verstaan? Mirc werd aangemerkt als riskware, en verplaatst naar de quarantine map - deze even laten staan, of kan ik die terugplaatsen?
  • combofix vond niets:
    Start Time= di 15-08-2006 23:53:24,67
    Running from: C:\Documents and Settings\Gijs\Bureaublad

    QuickScan did not find any signs of infected files

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-08-12 13:59:32 341 ( A…. ) "C:\WINDOWS\system32\lsprst7.dll"
    2006-08-12 12:39:46 ( .D… ) "C:\Program Files\Common Files\Java"
    2006-08-09 17:27:06 47564 ( A.SHR ) "C:\NTDETECT.COM"
    2006-08-08 18:53:28 635520 ( A…. ) "C:\WINDOWS\system32\aswBoot.exe"
    2006-08-05 08:18:08 90112 ( A…. ) "C:\WINDOWS\system32\AVASTSS.scr"
    2006-07-29 19:32:50 48936 ( A…. ) "C:\WINDOWS\system32\sirenacm.dll"
    2006-07-27 15:26:52 679424 ( A…. ) "C:\WINDOWS\system32\inetcomm.dll"
    2006-07-26 03:03:16 127078 ( A…. ) "C:\WINDOWS\system32\javaws.exe"
    2006-07-26 01:26:06 53346 ( A…. ) "C:\WINDOWS\system32\javaw.exe"
    2006-07-26 01:25:56 49248 ( A…. ) "C:\WINDOWS\system32\java.exe"
    2006-07-21 10:29:40 72704 ( A…. ) "C:\WINDOWS\system32\hlink.dll"
    2006-07-14 17:41:04 332288 ( A…. ) "C:\WINDOWS\system32\netapi32.dll"
    2006-07-13 15:36:22 8500736 ( A…. ) "C:\WINDOWS\system32\shell32.dll"
    2006-07-05 12:58:32 1025 ( A…. ) "C:\WINDOWS\system32\sysprs7.dll"
    2006-07-05 12:56:50 1025024 ( A…. ) "C:\WINDOWS\system32\kernel32.dll"
    2006-07-05 12:52:32 0 ( A…. ) "C:\WINDOWS\system32\ssprs.dll"
    2006-07-05 12:52:32 0 ( A…. ) "C:\WINDOWS\system32\serauth2.dll"
    2006-07-05 12:52:32 0 ( A…. ) "C:\WINDOWS\system32\serauth1.dll"
    2006-07-05 12:52:32 0 ( A…. ) "C:\WINDOWS\system32\nsprs.dll"
    2006-07-05 12:52:30 1024 ( A…. ) "C:\WINDOWS\system32\clauth2.dll"
    2006-07-05 12:52:30 1024 ( A…. ) "C:\WINDOWS\system32\clauth1.dll"
    2006-07-05 12:48:54 ( .D… ) "C:\Program Files\SPSSEval"
    2006-06-26 19:45:40 148480 ( A…. ) "C:\WINDOWS\system32\dnsapi.dll"
    2006-06-26 19:45:40 8192 ( A…. ) "C:\WINDOWS\system32\rasadhlp.dll"
    2006-06-18 17:54:58 394872 ( A…. ) "C:\WINDOWS\system32\vsdatant.sys"
    2006-06-18 17:54:26 83960 ( A…. ) "C:\WINDOWS\system32\zlcomm.dll"
    2006-06-18 17:54:26 71672 ( A…. ) "C:\WINDOWS\system32\zlcommdb.dll"
    2006-06-18 17:54:24 100344 ( A…. ) "C:\WINDOWS\system32\vsxml.dll"
    2006-06-18 17:54:24 59384 ( A…. ) "C:\WINDOWS\system32\vswmi.dll"
    2006-06-18 17:54:22 440312 ( A…. ) "C:\WINDOWS\system32\vsutil.dll"
    2006-06-18 17:54:22 71672 ( A…. ) "C:\WINDOWS\system32\vsregexp.dll"
    2006-06-18 17:54:20 268280 ( A…. ) "C:\WINDOWS\system32\vspubapi.dll"
    2006-06-18 17:54:20 157688 ( A…. ) "C:\WINDOWS\system32\vsinit.dll"
    2006-06-18 17:54:20 104440 ( A…. ) "C:\WINDOWS\system32\vsmonapi.dll"
    2006-06-18 17:54:18 83960 ( A…. ) "C:\WINDOWS\system32\vsdata.dll"
    2006-05-19 15:50:40 111616 ( A…. ) "C:\WINDOWS\system32\dhcpcsvc.dll"
    2006-05-19 15:50:40 95232 ( A…. ) "C:\WINDOWS\system32\iphlpapi.dll"
    2006-03-07 20:13:46 138 ( A…. ) "C:\Program Files\INSTALL.LOG"


    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


    2006-08-12 12:43 53.346 C:\WINDOWS\system32\javaw.exe
    2006-08-12 12:43 49.248 C:\WINDOWS\system32\java.exe
    2006-08-12 12:43 127.078 C:\WINDOWS\system32\javaws.exe
    2006-08-12 00:29 90.112 C:\WINDOWS\system32\AVASTSS.scr
    2006-08-12 00:29 635.520 C:\WINDOWS\system32\aswBoot.exe
    2006-08-09 17:35 221.184 C:\WINDOWS\system32\wmpns.dll
    2006-08-09 17:12 11.776 C:\WINDOWS\system32\spnpinst.exe
    2006-07-29 19:32 48.936 C:\WINDOWS\system32\sirenacm.dll
    2006-07-21 19:59 267.964.416 C:\hiberfil.sys
    2006-07-05 12:58 341 C:\WINDOWS\system32\lsprst7.dll
    2006-07-05 12:58 1.025 C:\WINDOWS\system32\sysprs7.dll
    2006-07-05 12:52 1.024 C:\WINDOWS\system32\clauth2.dll
    2006-07-05 12:52 1.024 C:\WINDOWS\system32\clauth1.dll
    2006-07-05 12:52 0 C:\WINDOWS\system32\ssprs.dll
    2006-07-05 12:52 0 C:\WINDOWS\system32\serauth2.dll
    2006-07-05 12:52 0 C:\WINDOWS\system32\serauth1.dll
    2006-07-05 12:52 0 C:\WINDOWS\system32\nsprs.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "dvd43"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "Zone Labs Client"="\"C:\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "THGuard"="\"C:\\Program Files\\TrojanHunter 4.0\\THGuard.exe\""
    "avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ATI CATALYST System Tray.lnk]
    "backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
    "location"="Common Startup"
    "item"="ATI CATALYST System Tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cli"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Executive Software\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Logi_MwX"
    "hkey"="HKLM"
    "command"="Logi_MwX.Exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WashAndGo - Cleanup of old Backupfiles]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="checker"
    "hkey"="HKCU"
    "command"="C:\\\\WashAndGo\\checker.exe /check"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTouch"
    "hkey"="HKLM"
    "command"="C:\\Logitech\\iTouch\\iTouch.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gnotify"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
    DisableRegistryTools REG_DWORD 0 (0x0)



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    Completion time: di 15-08-2006 23:54:05,93
    ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

    hijacklog:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:57:21, on 15-8-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\ZONELA~1\ZONEAL~1\MailFrontier\mantispm.exe
    C:\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Executive Software\Diskeeper\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • en hoe is het nu met de problemen??
  • hotswitchen werkt weer!
    de combi nod32/msn heb ik nog niet getest, ik houd het voorlopig nog ff op avast, mocht ik merken dat het foutgaat als ik nod23 weer ga testen, dan maak ik wel een nieuw topic.
    bedankt!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.