Vraag & Antwoord

Beveiliging & privacy

Svhost.exe application error vervelend probleem. (hjt log)

Anoniem
None
29 antwoorden
 • het gaat om svchost.exe, maar ik dacht dat ik ook svhost voorbij had zien komen…hmmm
 • vreemd moet ik even navragen hoor.
 • Sinds een paar weken heb ik problemen met het volgende:
  Eerst komt en tijdens of vlak na het opstarten van windows een Application Error: Svhost.exe Application Error

  The instruction at 0x745f2780 referenced memory at ‘0x00000000’ The memory could not be read.


  vrijwel direct daarna komst deze error:

  Generic Hostprocess for Win32 Services has encountered a problem and needs to close.
  We are sorry for the inconvenience
  Over de Generic Hostprocess etc. is veel te vinden op het net.
  Ik heb natuurlijk de Microsoft patch aangebracht, heb op allerlei manieren op virussen gescanned en heb mijn HP printer en fotodrivers allemaal geupdate. Helaas, geen echte oplossing.
  Het gaat niet altijd hetzelfde het effect van de foutmeldding is soms ook erger dan andere momenten.
  Soms kan ik gewoon doorwerken, maar andere keren starten applicaties als iexlorer of outlook niet meer op.

  Ik heb
  OS Name Microsoft Windows XP Professional
  Version 5.1.2600 Service Pack 2 Build 2600
  Pentium 4 3.06Ghz
  1024 MB memory

  Iemand die hier een oplossing voor heeft?
  met dank
 • Gaat het om svchost (goed), of svhost (fout, malware?).
  Je zou ook je geheugen eens kunnen testen met memtest.
 • Maak voor de zekerheid eens een hijackthis log.

  http://www.processlibrary.com/directory/files/svhost/
 • Bedankt Gerben,
  maar ik kom er niet helemaal achter hoe ik die hijackthis log maak.
  Ik heb je links gevolgs en wordt dan naar een site geleidt die
  wel iets zegt over svhost, maar dan registerbooster aanbiedt.
  Ik heb dit gekocht en het heeft wel het e.e.a. aangetroffen, maar de hijackthis log zie ik niet. Kan je me de juiste kant uit wijzen?
  bedankt
 • ik zag wat links over te veel software die upstart bij booten.
  Bij mij is dat inderdaad wel veel en ik weet van sommige echt niet waar ze voor zijn (AIDA 32)

  kun je me vertellen hoe ik die kan stoppen?
  Ik las o.a. dat sommige HP tools dit probleem kunnen veroorzaken en die staan er wel bij.

  met dank
 • Die link was alleen om svhost even te verduidelijken. Hijackthis is gratis, kun je hier downloaden:
  http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml
  Start het programma na installatie, klik do a system scan and save a log file. Plak de inhoud daarvan hier dan weer.

  Je kunt eens kijken wat er aan overbodige software geïnstalleerd is in het configscherm (software / add or remove programs).

  Automatisch opstartende software kun je goed bekijken met startupcpl (ook freeware).
  http://www.mlin.net/StartupCPL.shtml
 • BEdankt Gerben,

  Hier is de logfile:

  Logfile of HijackThis v1.99.1
  Scan saved at 18:48:01, on 01-10-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\CPUCooL\CooLSrv.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  C:\WINDOWS\system32\mgabg.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
  C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\Program Files\UltraVNC\WinVNC.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\WINDOWS\system32\PDesk\PDesk.exe
  C:\Program Files\WinFax\WFXMOD32.EXE
  C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  C:\Program Files\ASUS\Probe\AsusProb.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  C:\WINDOWS\system32\hphmon04.exe
  C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
  C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
  C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
  C:\Program Files\Weather Pulse\weatherpulse.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  C:\WINDOWS\system32\HPHipm11.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\SmartSync Pro\SmartSync.exe
  C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\program files\microsoft office\OFFICE11\WINWORD.EXE
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
  C:\DOCUME~1\BRAMFL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  O4 - HKLM\..\Run: [zzzHPSETUP] L:\Setup.exe \RESET
  O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
  O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
  O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
  O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
  O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
  O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon
  O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
  O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} -
  O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
  O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
  O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
  O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe


  is nogal wat he?
  alvast bedankt
 • Even verplaatst naar B&P.
 • wat is B&P?
  Moet ik iets doen of??
 • [quote:b4e2ee8c47="Firebird"]wat is B&P?
  Moet ik iets doen of??[/quote:b4e2ee8c47]is reeds gedaan

  nu even wachten op de expers, die zullen aangeven wat er aand e hand is en wat er gedaan meto worden
 • Zet het programma van HJT in een eigen mapje, maak dus op de C schijf een nieuwe map aan en unzip het programma van HJT daar naar toe. Bv. [b:e5994327ba]C:\HJT[/b:e5994327ba]

  Download [b:e5994327ba]Combofix[/b:e5994327ba] naar je Bureaublad.[list:e5994327ba]
  Dubbelklik [b:e5994327ba]Combofix.exe[/b:e5994327ba]
  Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
  Tijdens het runnen van de fix, [b:e5994327ba]NIET[/b:e5994327ba] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:e5994327ba]
  Wanneer de fix voltooid is en na herstart, zal de log [b:e5994327ba]combofix.txt[/b:e5994327ba] openen.
  [i:e5994327ba]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:e5994327ba]

  NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

  Juisterr
 • Combofix liep niet helemaal goed.
  Ik zag iet sover Destroy voorbijkomen en de file is weg na de herstart..
  Hopelijk is het toch bruikbaar

  alvast bedankt!  Firebird - 06-10-01 23:00:36.76 Service Pack 2
  ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Firebird\Desktop"

  ((((((((((((((((((((((((((((((( Files Created from 2006-09-01 to 2006-10-01 ))))))))))))))))))))))))))))))))))


  2006-10-01 16:47 28,672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
  2006-09-20 11:19 53,248 –a—— C:\WINDOWS\CTDCRDUT.DLL
  2006-09-20 11:19 20,480 –a—— C:\WINDOWS\INRESDUT.DLL


  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


  2006-10-01 23:01 ——– d——– C:\Program Files\SmartSync Pro
  2006-10-01 18:21 ——– d——– C:\Program Files\CA
  2006-10-01 18:12 ——– d——– C:\Documents and Settings\Firebird\Application Data\Registry Booster
  2006-10-01 17:26 ——– d——– C:\Program Files\Uniblue
  2006-10-01 16:47 ——– d——– C:\Documents and Settings\Firebird\Application Data\WholeSecurity
  2006-09-30 00:42 ——– d——– C:\Program Files\Weather Pulse
  2006-09-29 15:39 ——– d——– C:\Program Files\HP Photosmart 11
  2006-09-22 17:39 ——– d——– C:\Program Files\PlotSoft
  2006-09-22 17:35 ——– d——– C:\Program Files\Common Files\Adobe
  2006-09-22 17:34 ——– d——– C:\Program Files\Common Files
  2006-09-22 17:32 ——– d——– C:\Program Files\Pegasys Inc
  2006-09-22 17:30 28256 –a—— C:\WINDOWS\system32\drivers\MxlW2k.sys
  2006-09-20 11:24 ——– d——– C:\Program Files\Creative
  2006-09-20 11:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
  2006-09-19 19:03 ——– d——– C:\Program Files\OfficeUpdate11
  2006-09-19 19:03 ——– d——– C:\Program Files\Hewlett-Packard
  2006-09-19 19:02 ——– d——– C:\Program Files\Common Files\MAGIX Shared
  2006-09-19 19:00 ——– d——– C:\Program Files\Internet Explorer
  2006-09-19 18:59 ——– d——– C:\Program Files\HP
  2006-09-19 18:59 ——– d——– C:\Program Files\Common Files\xing shared
  2006-09-19 18:59 ——– d——– C:\Program Files\Common Files\Real
  2006-09-19 18:41 ——– d——– C:\Documents and Settings\Firebird\Application Data\Creative
  2006-08-30 08:35 5507 –a—— C:\Documents and Settings\Firebird\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
  2006-08-23 17:48 101376 –a—— C:\WINDOWS\system32\drivers\ACEDRV07.sys
  2006-08-23 11:50 131072 –a–c— C:\WINDOWS\system32\SpoonUninstall.exe
  2006-08-21 14:21 16896 –a—— C:\WINDOWS\system32\fltlib.dll
  2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
  2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
  2006-08-09 16:28 ——– d——– C:\Program Files\DVDlab
  2006-08-03 17:47 ——– d——– C:\Documents and Settings\Firebird\Application Data\Pegasys Inc
  2006-08-02 17:08 25992 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
  2006-07-27 15:24 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
  2006-07-21 10:24 72704 –a—— C:\WINDOWS\system32\hlink.dll
  2006-07-14 16:10 51716 –a—— C:\WINDOWS\system32\pdf995mon.dll
  2006-07-14 16:10 118784 –a—— C:\WINDOWS\system32\pdfmona.dll
  2006-07-14 10:03 74752 –a—— C:\WINDOWS\cadkasdeinst01e.exe
  2006-07-12 15:46 638976 –a—— C:\WINDOWS\system32\mgxoschk.dll
  2006-07-11 12:37 1179136 –a–c— C:\WINDOWS\system32\AutoPartNt.exe


  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

  *Note* empty entries are not shown

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
  "Weather Pulse"="C:\\Program Files\\Weather Pulse\\weatherpulse.exe"
  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
  "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
  "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
  "SmartSync Pro"="\"C:\\Program Files\\SmartSync Pro\\SmartSync.exe\" /Logon"
  "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
  "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
  "CTHelper"="CTHELPER.EXE"
  "AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
  "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
  "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
  "WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
  "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
  "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
  "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
  "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
  "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
  "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
  "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
  "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
  65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
  "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
  "HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe"
  "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
  "Installed"="1"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
  "Installed"="1"
  "NoChange"="1"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
  "Installed"="1"

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
  "DeskHtmlVersion"=dword:00000110
  "DeskHtmlMinorVersion"=dword:00000005
  "Settings"=dword:00000001
  "GeneralFlags"=dword:00000001

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
  "Source"="About:Home"
  "SubscribedURL"="About:Home"
  "FriendlyName"="My Current Home Page"
  "Flags"=dword:00000002
  "Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,f8,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
  "CurrentState"=hex:04,00,00,40
  "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
  "RestoredStateInfo"=hex:18,00,00,00,a4,01,00,00,35,00,00,00,80,01,00,00,2e,01,\
  00,00,01,00,00,00

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
  "{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
  "dontdisplaylastusername"=dword:00000000
  "legalnoticecaption"=""
  "legalnoticetext"=""
  "shutdownwithoutlogon"=dword:00000001
  "undockwithoutlogon"=dword:00000001

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000008
  "NoCDBurning"=dword:00000000

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
  "backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
  "location"="Common Startup"
  "item"="HotSync Manager"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Firebird^Start Menu^Programs^Startup^CPUCooL.lnk]
  "backup"="C:\\WINDOWS\\pss\\CPUCooL.lnkStartup"
  "location"="Startup"
  "command"="C:\\PROGRA~1\\CPUCooL\\CPUCooL.exe 1"
  "item"="CPUCooL"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="mmtask"
  "hkey"="HKLM"
  "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="mm_tray"
  "hkey"="HKLM"
  "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="msmsgs"
  "hkey"="HKCU"
  "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="MsnMsgr"
  "hkey"="HKCU"
  "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SB Audigy 2 Startup Menu]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="ChkColor"
  "hkey"="HKCU"
  "command"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Startup Menu\\ChkColor.EXE"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMAX]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="Smax4"
  "hkey"="HKLM"
  "command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMAXPnP]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="SMax4PNP"
  "hkey"="HKLM"
  "command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="realsched"
  "hkey"="HKLM"
  "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WFXSwtch]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="WFXSWTCH"
  "hkey"="HKLM"
  "command"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe"
  "inimapping"="0"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinFaxAppPortStarter]
  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
  "item"="wfxsnt40"
  "hkey"="HKLM"
  "command"="wfxsnt40.exe"
  "inimapping"="0"

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplore

  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
  securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


  Contents of the 'Scheduled Tasks' folder
  C:\WINDOWS\tasks\HP Usg Daily.job
  C:\WINDOWS\tasks\HP Usg Login.job
  C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BRAM-Firebird).job

  Completion time: 01-10-2006 23:03:17.04
  ComboFix.txt
  ComboFix2.txt
  ComboFix3.txt


  ————————————————————-

  Logfile of HijackThis v1.99.1
  Scan saved at 23:05:20, on 01-10-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\CPUCooL\CooLSrv.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\system32\mgabg.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  C:\Program Files\UltraVNC\WinVNC.exe
  C:\WINDOWS\system32\hphmon04.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\WinFax\WFXMOD32.EXE
  C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
  C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
  C:\Program Files\Weather Pulse\weatherpulse.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\SmartSync Pro\SmartSync.exe
  C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\HPHipm11.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\program files\microsoft office\OFFICE11\WINWORD.EXE
  D:\Downloads\Registrybooster\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
  O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
  O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
  O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon
  O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
  O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} -
  O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
  O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
  O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
  O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
 • start HJT opnieuw en vink onderstaande regels aan.

  [b:44a0c6d4ec]O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} -
  O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing)[/b:44a0c6d4ec]

  sluit alle vensters en klik op fix checked.
 • ik ben nog voorzichtig, maar het ziet er naar uit dat dit gewerkt heeft!
  Heel erg bedankt voor deze fantastische hulp!
 • :(

  Het probleem leek helemaal weg, maar is weer terug.
  Nu heb ik gister wel op een tweede installatie van WXP of de zelfde PC (voor VIDEO) een restore gedaan.

  Ik heb daarna een restore gedaan naar een punt afgelopen week dat het allemaal goed werkte, maar misschien is dat niet voldoende?

  HEt is een heel vervelend probleem.

  Hier zijn de Combofix en Hijackthis files, ik hoop dat jullie de tijd willen nemen er opnieuw naar te kijken.
  (Ik heb de twee installaties van WXP nu losgekoppeld in hun restores…)

  ALvast mijn dank en hulde..


  Firebird - 06-10-14 12:38:09.00 Service Pack 2
  ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Firebird\Desktop"

  ((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


  2006-10-01 16:47 28,672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
  2006-09-20 11:19 53,248 –a—— C:\WINDOWS\CTDCRDUT.DLL
  2006-09-20 11:19 20,480 –a—— C:\WINDOWS\INRESDUT.DLL


  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


  2006-10-14 12:27 ——– d——– C:\Documents and Settings\Firebird\Application Data\Registry Booster
  2006-10-14 12:01 ——– d——– C:\Program Files\SmartSync Pro
  2006-10-14 12:00 ——– d——– C:\Program Files\Weather Pulse
  2006-10-14 11:49 ——– d——– C:\Program Files\OfficeUpdate11
  2006-10-07 16:59 ——– d——– C:\Program Files\Firebird
  2006-10-01 18:21 ——– d——– C:\Program Files\CA
  2006-10-01 17:26 ——– d——– C:\Program Files\Uniblue
  2006-10-01 16:47 ——– d——– C:\Documents and Settings\Firebird\Application Data\WholeSecurity
  2006-09-29 15:39 ——– d——– C:\Program Files\HP Photosmart 11
  2006-09-22 17:39 ——– d——– C:\Program Files\PlotSoft
  2006-09-22 17:35 ——– d——– C:\Program Files\Common Files\Adobe
  2006-09-22 17:34 ——– d——– C:\Program Files\Common Files
  2006-09-22 17:32 ——– d——– C:\Program Files\Pegasys Inc
  2006-09-22 17:30 28256 –a—— C:\WINDOWS\system32\drivers\MxlW2k.sys
  2006-09-20 11:24 ——– d——– C:\Program Files\Creative
  2006-09-20 11:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
  2006-09-19 19:03 ——– d——– C:\Program Files\Hewlett-Packard
  2006-09-19 19:02 ——– d——– C:\Program Files\Common Files\MAGIX Shared
  2006-09-19 19:00 ——– d——– C:\Program Files\Internet Explorer
  2006-09-19 18:59 ——– d——– C:\Program Files\HP
  2006-09-19 18:59 ——– d——– C:\Program Files\Common Files\xing shared
  2006-09-19 18:59 ——– d——– C:\Program Files\Common Files\Real
  2006-09-19 18:41 ——– d——– C:\Documents and Settings\Firebird\Application Data\Creative
  2006-08-30 08:35 5507 –a—— C:\Documents and Settings\Firebird\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
  2006-08-23 17:48 101376 –a—— C:\WINDOWS\system32\drivers\ACEDRV07.sys
  2006-08-23 11:50 131072 –a–c— C:\WINDOWS\system32\SpoonUninstall.exe
  2006-08-21 14:21 16896 –a—— C:\WINDOWS\system32\fltlib.dll
  2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
  2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
  2006-08-02 17:08 25992 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
  2006-07-27 15:24 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
  2006-07-21 10:24 72704 –a—— C:\WINDOWS\system32\hlink.dll
  2006-07-14 16:10 51716 –a—— C:\WINDOWS\system32\pdf995mon.dll
  2006-07-14 16:10 118784 –a—— C:\WINDOWS\system32\pdfmona.dll
  2006-07-14 10:03 74752 –a—— C:\WINDOWS\cadkasdeinst01e.exe


  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

  *Note* empty entries are not shown

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Weather Pulse"="C:\\Program Files\\Weather Pulse\\weatherpulse.exe"
  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
  "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
  "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
  "SmartSync Pro"="\"C:\\Program Files\\SmartSync Pro\\SmartSync.exe\" /Logon"
  "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
  "SB Audigy 2 Startup Menu"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Startup Menu\\ChkColor.EXE"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
  "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
  "CTHelper"="CTHELPER.EXE"
  "AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
  "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
  "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
  "WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
  "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
  "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
  "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
  "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
  "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
  "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
  "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
  65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
  "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
  "HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe"
  "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
  "WinFaxAppPortStarter"="wfxsnt40.exe"
  "WFXSwtch"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe"
  "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
  "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
  "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
  "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
  "Installed"="1"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
  "Installed"="1"
  "NoChange"="1"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
  "Installed"="1"

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
  "DeskHtmlVersion"=dword:00000110
  "DeskHtmlMinorVersion"=dword:00000005
  "Settings"=dword:00000001
  "GeneralFlags"=dword:00000001

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled\0]
  "Source"="About:Home"
  "SubscribedURL"="About:Home"
  "FriendlyName"="My Current Home Page"
  "Flags"=dword:00000002
  "Position"=hex:2c,00,00,00,30,01,00,00,00,00,00,00,60,05,00,00,f8,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
  "CurrentState"=hex:04,00,00,40
  "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
  "RestoredStateInfo"=hex:18,00,00,00,a4,01,00,00,87,01,00,00,80,01,00,00,2e,01,\
  00,00,01,00,00,00

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
  "{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
  "dontdisplaylastusername"=dword:00000000
  "legalnoticecaption"=""
  "legalnoticetext"=""
  "shutdownwithoutlogon"=dword:00000001
  "undockwithoutlogon"=dword:00000001

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000008
  "NoCDBurning"=dword:00000000

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

  [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
  "backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
  "location"="Common Startup"
  "item"="HotSync Manager"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Firebird^Start Menu^Programs^Startup^CPUCooL.lnk]
  "backup"="C:\\WINDOWS\\pss\\CPUCooL.lnkStartup"
  "location"="Startup"
  "command"="C:\\PROGRA~1\\CPUCooL\\CPUCooL.exe 1"
  "item"="CPUCooL"

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplore

  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
  securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


  Contents of the 'Scheduled Tasks' folder
  C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BRAM-Firebird).job

  Completion time: 14-10-2006 12:38:59.68
  ComboFix.txt


  —————————————————————————–

  Logfile of HijackThis v1.99.1
  Scan saved at 12:40:59, on 14-10-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\CTsvcCDA.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\system32\mgabg.exe
  C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
  C:\WINDOWS\System32\WFXSVC.EXE
  C:\Program Files\UltraVNC\WinVNC.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\WinFax\WFXMOD32.EXE
  C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
  C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  C:\WINDOWS\system32\hphmon04.exe
  C:\WINDOWS\system32\wfxsnt40.exe
  C:\PROGRA~1\WinFax\WFXSWTCH.exe
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  C:\Program Files\Weather Pulse\weatherpulse.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\SmartSync Pro\SmartSync.exe
  C:\WINDOWS\system32\HPHipm11.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\program files\microsoft office\OFFICE11\WINWORD.EXE
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  D:\Downloads\Registrybooster\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
  O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
  O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
  O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
  O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
  O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon
  O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
  O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
  O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} -
  O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: iexplore - C:\WINDOWS\
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
  O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
  O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
  O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
  O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
 • Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters en klik op fix checked.

  [b:5e07a07f66]O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) –
  O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} –[/b:5e07a07f66]


  Download [b:5e07a07f66] naar je Bureaublad:[list:5e07a07f66][*:5e07a07f66]Dubbelklik [b:5e07a07f66]drweb-cureit.exe[/b:5e07a07f66] en sta het toe om de express scan te starten.
  [*:5e07a07f66]Indien een popup verschijnt met het voorstel tot kopen/50% korting,
  mag je deze sluiten met het kruisje.
  [*:5e07a07f66]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
  klik de [b:5e07a07f66]Yes to all[/b:5e07a07f66] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  [*:5e07a07f66]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  [*:5e07a07f66]Selecteer hier [b:5e07a07f66]alle drives[/b:5e07a07f66]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  [*:5e07a07f66]Klik daarna de [b:5e07a07f66]groene pijl[/b:5e07a07f66] rechts om de scan te starten.
  [*:5e07a07f66]Klik [b:5e07a07f66]Yes to all[/b:5e07a07f66] wanneer er gevraagd wordt om cure of move uit te voeren.
  [*:5e07a07f66]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:5e07a07f66]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:5e07a07f66]
  [*:5e07a07f66]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:5e07a07f66]Move incurable[/b:5e07a07f66] zoals je hier ziet:
  [img:5e07a07f66]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:5e07a07f66]
  Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
  [*:5e07a07f66]Nadat de scan gedaan is, in het menu bovenaan, klik [b:5e07a07f66]File[/b:5e07a07f66] en kies [b:5e07a07f66]Save report List[/b:5e07a07f66]. Bewaar het op je Bureaublad.
  [*:5e07a07f66]Sluit daarna Dr.Web Cureit.
  [*:5e07a07f66][b:5e07a07f66]Herstart[/b:5e07a07f66] je computer!! [i:5e07a07f66]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:5e07a07f66].
  [*:5e07a07f66]Na het herstarten, [b:5e07a07f66]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:5e07a07f66].
  [/list:u:5e07a07f66]

  En doe dan nog even.

  Download IEFix naar je bureaublad.
  Maak een nieuwe map op je bureaublad (bv IE-Fix)
  Pak de bestanden uit naar die map

  Open de map waarin je de bestanden hebt uitgepakt.
  Dubbelklik op IEFix.exe

  Er wordt gevraagd om de XP installatie disk

  Klik in eerste instantie op cancel
  IEFix zal de dll's opnieuw registreren

  Herstart je PC

  Maak een nieuw HJT logje en vertel even of je probleem over is.
 • WinVNC.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Will be moved after reboot.
  RegUBP2b-Firebird.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots Trojan.StartPage.1505 Deleted.
  MiniBugTransporter.dll C:\Program Files\Common Files\Real\WeatherBug Adware.Minibug Incurable.Moved.
  vncviewer.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Moved.
  winvnc.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Will be moved after reboot.
  A0312164.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP908 Trojan.StartPage.1505 Deleted.
  A0316244.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP910 Trojan.StartPage.1505 Deleted.
  A0322759.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP910 Trojan.StartPage.1505 Deleted.
  A0323756.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted.
  A0324756.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted.
  A0325755.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted.
  A0329460.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP924 Trojan.StartPage.1505 Deleted.
  A0330517.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP924 Trojan.StartPage.1505 Deleted.
  A0330592.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted.
  A0333225.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted.
  A0334277.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted.
  gogoprod.js D:\Healing and Vision OLD\Leven!\Unfinished Life_files Probably SCRIPT.Virus Incurable.Moved.

  Nog even kijken of het geholpen heeft.
  Na het draaien van DrWeb CureIT was het probleem er nog.
 • Heb je de IE fix ook al gedaan???

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.