je kan oe even deïnstalleren en weer installeren via programmatoegang en -instellingen windows-onderdelen.
heb het zojuist gesimuleerd en loopt prima zonder instellingen weg te gooien (toch voor zekerheid even postvakken map gehéél kopieren).

in je log kan ik niet echt slechte dingen ontdekken.
zelf zou ik een fix gedaan hebben op:
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Twee vragen/opmerkingen

Waarom deze file's en hoe kan ik daar een fix op doen.

OE probleem : het viel me op dat als ik via snelstarten start dat de foutmelding komt , via programma's - outlook express gaat het wel goed.

En de probs begonnen na Windows Update .

Roelof

Hoi,

Omdat ik zeer vaak een mededeling krijg dat Outlook Express problemen heeft met opstarten, heb ik maar een logje gemaakt.

Logfile of HijackThis v1.99.1
Scan saved at 12:34:51, on 13-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roelof\Local Settings\Temporary Internet Files\Content.IE5\YD389ORM\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options… - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160655073452
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160663165156
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Ik denk dat er niks mis mee is, maar ik wil even jullie mening.

Roelof

hoe ziet die mededeling van oe eruit?
hoe groot zijn je postvakken?

hoe ziet die mededeling van oe eruit?

In msimn.exe is een fout opgetreden en moet worden afgesloten.

hoe groot zijn je postvakken ?

Postvak in 1225 kb
Postvak uit 187 kb
Verzonden items 210.974 kb
Verwijderde items 9334 kb

Roelof

die map verzonden items is wel heel erg groot, dat zou je best goed dwars kunnen zitten.
als je nog in oe kunt komen moet je eerste actie zijn om die map leeg te maken, althans een heel erg groot stuk leger, hooguit een 40 mb.
vervolgens de mappen comprimeren, en als het dan nog niet goed wil met oe, meld je dat hier opnieuw.

Hoi,

Map verzonden items is nu 32MB.

Probleem blijft bestaan. Het valt me al meer op dat het om en om gaat.
Dus ene keer foutmelding, daarna weer goed, daarna weer foutmelding enz.

Roelof

waarom deze files: ze zijn niet nodig voor de goede werking van je systeem, en volgens sommige info kunnen ze verstorend werken.
hoe fixen: draai hijackthis, en kies voor scan only
dan krijg je dezelfde lijst te zien, met hokjes om vinkjes te zetten.
zet dus vinkjes op de aangegeven plaatsen en kies voor fixen.

als die ene snelkoppeling (ook in menu start zijn het snelkoppelingen) wél goed is: klik rechts op betreffende ikoon in menu start, kies voor kopiëren naar .. desktop/bureaublad, en vervang daar het weigerachtige ikoon.
niet moeilijker doen dan nodig…!

Hoi,

Ik heb eerst de snelkoppeling gekopieerd zoals je zei, zonder succes.

Daarna Hijjackthis de files laten fixen die jij aangegeven hebt.

OE werkt ineens zonder problemen.

Roelof

Hmm ik doe liever moeilijk want dan laat ik legitieme regels gewoon staan.

Deze moet je maar laten staan, die zijn legitiem.

Hoi,

Maar waarom deze reactie.
ik heb hijack alles laten repareren en het probleem is weg.

Groetjes,

Roelof

wat jij wil

Combofix log :

Roelof - 06-10-14 10:12:38,54 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Documents and Settings\Roelof\Bureaublad

((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


2006-10-12 22:19 974,848 –a—— C:\WINDOWS\system32\mfc70.dll
2006-10-12 22:19 487,424 –a—— C:\WINDOWS\system32\msvcp70.dll
2006-10-12 22:19 344,064 –a—— C:\WINDOWS\system32\msvcr70.dll
2006-10-12 16:12 24,816 –a—— C:\WINDOWS\system32\mdimon.dll
2006-10-12 16:07 502,368 –a—— C:\WINDOWS\system32\drivers\amon.sys
2006-10-12 16:07 270,336 –a—— C:\WINDOWS\system32\imon.dll
2006-10-12 16:01 208,896 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2006-10-12 16:01 208,896 –a—— C:\WINDOWS\system32\nvudisp.exe
2006-10-12 15:56 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-12 15:56 7,552 –a—— C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-12 15:56 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-12 15:56 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
2006-10-12 15:56 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
2006-10-12 15:56 54,272 –a—— C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-12 15:56 52,864 –a—— C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-12 15:56 5,376 –a—— C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-12 15:56 40,960 -r——- C:\WINDOWS\system32\ChCfg.exe
2006-10-12 15:56 4,992 –a—— C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-12 15:56 4,096 –a—— C:\WINDOWS\system32\ksuser.dll
2006-10-12 15:56 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-12 15:56 172,416 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-12 15:56 157,184 -r——- C:\WINDOWS\system32\RtlCPAPI.dll
2006-10-12 15:56 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
2006-10-12 15:55 9,710,592 -r——- C:\WINDOWS\RTLCPL.exe
2006-10-12 15:55 86,016 -r——- C:\WINDOWS\SoundMan.exe
2006-10-12 15:55 69,632 -r——- C:\WINDOWS\Alcmtr.exe
2006-10-12 15:55 487,424 -r——- C:\WINDOWS\RtlExUpd.dll
2006-10-12 15:55 356,352 -r——- C:\WINDOWS\RtlUpd.exe
2006-10-12 15:55 3,966,976 -r——- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-10-12 15:55 2,807,808 -r——- C:\WINDOWS\alcwzrd.exe
2006-10-12 15:55 2,142,208 -r——- C:\WINDOWS\MicCal.exe
2006-10-12 15:55 14,854,144 -r——- C:\WINDOWS\RTHDCPL.exe
2006-10-12 15:53 70,144 -ra—— C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2006-10-12 15:50 36,352 -ra—— C:\WINDOWS\system32\drivers\AmdK8.sys
2006-10-12 15:45 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
2006-10-12 15:45 3,072 –a—— C:\WINDOWS\system32\drivers\audstub.sys
2006-10-12 15:44 6,400 –a—— C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-12 15:44 20,992 –a—— C:\WINDOWS\system32\drivers\rtl8139.sys
2006-10-12 15:43 76,288 –a—— C:\WINDOWS\system32\usbui.dll
2006-10-12 15:43 6,144 -ra—— C:\WINDOWS\system32\kbdtuq.dll
2006-10-12 15:43 6,144 -ra—— C:\WINDOWS\system32\kbdtuf.dll
2006-10-12 15:43 5,632 -ra—— C:\WINDOWS\system32\kbdazel.dll
2006-10-12 15:42 86,556 –a—— C:\WINDOWS\system32\dgsetup.dll
2006-10-12 15:42 8,704 –a—— C:\WINDOWS\system32\batt.dll
2006-10-12 15:42 8,192 -ra—— C:\WINDOWS\system32\kbdhept.dll
2006-10-12 15:42 76,288 –a—— C:\WINDOWS\system32\storprop.dll
2006-10-12 15:42 70,144 –a—— C:\WINDOWS\notepad.exe
2006-10-12 15:42 7,168 -ra—— C:\WINDOWS\system32\kbdcz.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdycl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdsl1.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdsl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdpl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdhu.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdhela3.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcz2.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcz1.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcr.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\KBDAL.DLL
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdlv1.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdlv.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdhela2.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdgkl.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdest.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdycc.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbduzb.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdur.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdtat.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdru1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdru.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdro.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdpl1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdmon.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdlt1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdlt.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdkyr.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdkaz.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhu1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe319.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe220.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdbu.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdblr.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdaze.dll
2006-10-12 15:42 24,661 –a—— C:\WINDOWS\system32\spxcoins.dll
2006-10-12 15:42 176,157 –a—— C:\WINDOWS\system32\dgrpsetu.dll
2006-10-12 15:42 15,872 –a—— C:\WINDOWS\TASKMAN.EXE
2006-10-12 15:42 13,312 –a—— C:\WINDOWS\system32\irclass.dll
2006-10-12 15:42 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
2006-10-12 15:42 103,936 –a—— C:\WINDOWS\system32\EqnClass.Dll
2006-10-12 15:09 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 15:06 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
2006-10-12 14:56 77,312 –a—— C:\WINDOWS\system32\browser.dll
2006-10-12 14:56 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
2006-10-12 14:56 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
2006-10-12 14:56 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
2006-10-12 14:54 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
2006-10-12 14:54 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
2006-10-12 14:54 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
2006-10-12 14:54 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
2006-10-12 14:54 60,416 –a—— C:\WINDOWS\system32\colbact.dll
2006-10-12 14:54 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
2006-10-12 14:54 540,160 –a—— C:\WINDOWS\system32\comuid.dll
2006-10-12 14:54 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
2006-10-12 14:54 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
2006-10-12 14:54 243,200 –a—— C:\WINDOWS\system32\es.dll
2006-10-12 14:54 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
2006-10-12 14:54 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
2006-10-12 14:54 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
2006-10-12 14:54 101,376 –a—— C:\WINDOWS\system32\txflog.dll
2006-10-12 14:54 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
2006-10-12 14:54 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
2006-10-12 14:53 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
2006-10-12 14:51 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-12 14:12 8,192 ——— C:\WINDOWS\system32\bitsprx2.dll
2006-10-12 14:12 7,168 ——— C:\WINDOWS\system32\bitsprx3.dll
2006-10-12 14:12 351,232 –a—— C:\WINDOWS\system32\winhttp.dll
2006-10-12 14:12 18,944 –a—— C:\WINDOWS\system32\qmgrprxy.dll
2006-10-12 14:11 466,200 –a—— C:\WINDOWS\system32\wuapi.dll
2006-10-12 14:11 41,240 –a—— C:\WINDOWS\system32\wups.dll
2006-10-12 14:11 194,840 –a—— C:\WINDOWS\system32\wuaueng1.dll
2006-10-12 14:11 18,200 –a—— C:\WINDOWS\system32\wups2.dll
2006-10-12 14:11 174,360 –a—— C:\WINDOWS\system32\wuauclt1.exe
2006-10-12 14:11 128,280 –a—— C:\WINDOWS\system32\wucltui.dll
2006-10-12 13:52 112,128 –a—— C:\WINDOWS\system32\mapi32.dll
2006-10-12 13:52 0 -rahs—- C:\MSDOS.SYS
2006-10-12 13:52 0 -rahs—- C:\IO.SYS
2006-10-12 13:52 0 –a—— C:\CONFIG.SYS
2006-10-12 13:52 0 –a—— C:\AUTOEXEC.BAT
2006-10-12 13:50 45,568 –a—— C:\WINDOWS\system32\safrslv.dll
2006-10-12 13:50 43,520 –a—— C:\WINDOWS\system32\safrcdlg.dll
2006-10-12 13:50 43,520 –a—— C:\WINDOWS\system32\racpldlg.dll
2006-10-12 13:50 382,464 –a—— C:\WINDOWS\system32\qmgr.dll
2006-10-12 13:50 29,696 –a—— C:\WINDOWS\system32\safrdm.dll
2006-10-12 13:50 11,264 –a—— C:\WINDOWS\system32\atrace.dll
2006-10-12 13:49 86,016 –a—— C:\WINDOWS\system32\isign32.dll
2006-10-12 13:49 81,920 –a—— C:\WINDOWS\system32\ils.dll
2006-10-12 13:49 73,728 –a—— C:\WINDOWS\system32\icwdial.dll
2006-10-12 13:49 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
2006-10-12 13:49 69,632 –a—— C:\WINDOWS\system32\msconf.dll
2006-10-12 13:49 679,424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-10-12 13:49 67,584 –a—— C:\WINDOWS\system32\srclient.dll
2006-10-12 13:49 67,584 –a—— C:\WINDOWS\system32\acctres.dll
2006-10-12 13:49 65,536 –a—— C:\WINDOWS\system32\icwphbk.dll
2006-10-12 13:49 50,176 –a—— C:\WINDOWS\system32\inetres.dll
2006-10-12 13:49 34,560 –a—— C:\WINDOWS\system32\mnmdd.dll
2006-10-12 13:49 32,768 –a—— C:\WINDOWS\system32\mnmsrvc.exe
2006-10-12 13:49 32,768 –a—— C:\WINDOWS\system32\isrdbg32.dll
2006-10-12 13:49 28,672 –a—— C:\WINDOWS\system32\nmmkcert.dll
2006-10-12 13:49 278,528 –a—— C:\WINDOWS\system32\mstask.dll
2006-10-12 13:49 278,528 –a—— C:\WINDOWS\system32\inetcfg.dll
2006-10-12 13:49 252,928 –a—— C:\WINDOWS\system32\msoeacct.dll
2006-10-12 13:49 192,000 –a—— C:\WINDOWS\system32\schedsvc.dll
2006-10-12 13:49 170,496 –a—— C:\WINDOWS\system32\srsvc.dll
2006-10-12 13:49 16,384 –a—— C:\WINDOWS\system32\icfgnt5.dll
2006-10-12 13:49 12,288 –a—— C:\WINDOWS\system32\nmevtmsg.dll
2006-10-12 13:49 12,288 –a—— C:\WINDOWS\system32\mstinit.exe
2006-10-12 13:49 105,984 –a—— C:\WINDOWS\system32\msoert2.dll
2006-10-12 13:48 97,792 –a—— C:\WINDOWS\system32\comrepl.dll
2006-10-12 13:48 94,208 –a—— C:\WINDOWS\system32\tscfgwmi.dll
2006-10-12 13:48 9,728 –a—— C:\WINDOWS\system32\reset.exe
2006-10-12 13:48 87,176 –a—— C:\WINDOWS\system32\rdpwsx.dll
2006-10-12 13:48 85,504 –a—— C:\WINDOWS\system32\catsrvps.dll
2006-10-12 13:48 80,896 –a—— C:\WINDOWS\system32\charmap.exe
2006-10-12 13:48 73,216 –a—— C:\WINDOWS\system32\avwav.dll
2006-10-12 13:48 67,072 –a—— C:\WINDOWS\system32\rdshost.exe
2006-10-12 13:48 662,528 –a—— C:\WINDOWS\system32\getuname.dll
2006-10-12 13:48 655,360 –a—— C:\WINDOWS\system32\mstscax.dll
2006-10-12 13:48 62,464 –a—— C:\WINDOWS\system32\rdpclip.exe
2006-10-12 13:48 61,440 –a—— C:\WINDOWS\system32\remotepg.dll
2006-10-12 13:48 6,656 –a—— C:\WINDOWS\system32\wuauserv.dll
2006-10-12 13:48 6,144 –a—— C:\WINDOWS\system32\msdtc.exe
2006-10-12 13:48 58,880 –a—— C:\WINDOWS\system32\msdtclog.dll
2006-10-12 13:48 57,344 –a—— C:\WINDOWS\system32\sol.exe
2006-10-12 13:48 55,808 –a—— C:\WINDOWS\system32\freecell.exe
2006-10-12 13:48 54,272 –a—— C:\WINDOWS\system32\stclient.dll
2006-10-12 13:48 539,136 –a—— C:\WINDOWS\system32\spider.exe
2006-10-12 13:48 5,632 –a—— C:\WINDOWS\system32\write.exe
2006-10-12 13:48 5,120 –a—— C:\WINDOWS\system32\dcomcnfg.exe
2006-10-12 13:48 44,544 –a—— C:\WINDOWS\system32\tscupgrd.exe
2006-10-12 13:48 44,544 –a—— C:\WINDOWS\system32\hticons.dll
2006-10-12 13:48 412,160 –a—— C:\WINDOWS\system32\mstsc.exe
2006-10-12 13:48 4,608 –a—— C:\WINDOWS\system32\rdpcfgex.dll
2006-10-12 13:48 4,096 –a—— C:\WINDOWS\system32\mtxex.dll
2006-10-12 13:48 39,424 –a—— C:\WINDOWS\system32\cfgbkend.dll
2006-10-12 13:48 352,768 –a—— C:\WINDOWS\system32\hypertrm.dll
2006-10-12 13:48 35,840 –a—— C:\WINDOWS\system32\winchat.exe
2006-10-12 13:48 345,600 –a—— C:\WINDOWS\system32\mspaint.exe
2006-10-12 13:48 33,792 –a—— C:\WINDOWS\system32\regini.exe
2006-10-12 13:48 297,472 –a—— C:\WINDOWS\system32\termsrv.dll
2006-10-12 13:48 25,600 –a—— C:\WINDOWS\system32\comaddin.dll
2006-10-12 13:48 25,088 –a—— C:\WINDOWS\system32\mtxlegih.dll
2006-10-12 13:48 233,472 –a—— C:\WINDOWS\system32\avtapi.dll
2006-10-12 13:48 23,040 –a—— C:\WINDOWS\system32\qwinsta.exe
2006-10-12 13:48 22,016 –a—— C:\WINDOWS\system32\msg.exe
2006-10-12 13:48 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-12 13:48 20,480 –a—— C:\WINDOWS\system32\qprocess.exe
2006-10-12 13:48 20,480 –a—— C:\WINDOWS\system32\mtxdm.dll
2006-10-12 13:48 19,968 –a—— C:\WINDOWS\system32\rdpsnd.dll
2006-10-12 13:48 187,392 –a—— C:\WINDOWS\system32\accwiz.exe
2006-10-12 13:48 17,920 –a—— C:\WINDOWS\system32\tsshutdn.exe
2006-10-12 13:48 17,408 –a—— C:\WINDOWS\system32\qappsrv.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\tskill.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\rwinsta.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\avmeter.dll
2006-10-12 13:48 15,872 –a—— C:\WINDOWS\system32\cdmodem.dll
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\tsdiscon.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\tscon.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\shadow.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\logoff.exe
2006-10-12 13:48 147,968 –a—— C:\WINDOWS\system32\rdchost.dll
2006-10-12 13:48 147,456 –a—— C:\WINDOWS\system32\comsnap.dll
2006-10-12 13:48 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
2006-10-12 13:48 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-12 13:48 139,264 –a—— C:\WINDOWS\system32\sndvol32.exe
2006-10-12 13:48 132,608 –a—— C:\WINDOWS\system32\sndrec32.exe
2006-10-12 13:48 13,824 –a—— C:\WINDOWS\system32\rdsaddin.exe
2006-10-12 13:48 128,000 –a—— C:\WINDOWS\system32\mshearts.exe
2006-10-12 13:48 125,208 –a—— C:\WINDOWS\system32\wuauclt.exe
2006-10-12 13:48 124,416 –a—— C:\WINDOWS\system32\mplay32.exe
2006-10-12 13:48 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-12 13:48 119,808 –a—— C:\WINDOWS\system32\winmine.exe
2006-10-12 13:48 114,688 –a—— C:\WINDOWS\system32\calc.exe
2006-10-12 13:48 11,776 –a—— C:\WINDOWS\system32\xolehlp.dll
2006-10-12 13:48 11,264 –a—— C:\WINDOWS\system32\icaapi.dll
2006-10-12 13:48 104,448 –a—— C:\WINDOWS\system32\clipbrd.exe
2006-10-12 13:48 1,343,768 –a—— C:\WINDOWS\system32\wuaueng.dll
2006-10-12 13:48 1,161 –a—— C:\WINDOWS\system32\usrlogon.cmd
2006-10-12 13:47 58,880 –a—— C:\WINDOWS\system32\licwmi.dll
2006-10-12 13:47 56,320 –a—— C:\WINDOWS\system32\servdeps.dll
2006-10-12 13:47 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
2006-10-12 13:47 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-12 13:47 188,928 –a—— C:\WINDOWS\system32\cmprops.dll
2006-10-12 13:47 17,920 –a—— C:\WINDOWS\system32\mmfutil.dll
2006-10-09 08:12 1,343,488 –a—— C:\WINDOWS\system32\FreeImage.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 10:10 ——– d——– C:\Program Files\Java
2006-10-14 10:08 ——– d——– C:\Program Files\Common Files\Java
2006-10-14 10:08 ——– d——– C:\Program Files\Common Files
2006-10-13 22:55 ——– d——– C:\Program Files\Internet Explorer
2006-10-13 20:10 ——– d—s—- C:\Documents and Settings\Roelof\Application Data\Microsoft
2006-10-13 14:32 ——– d——– C:\Program Files\WinZip
2006-10-13 13:40 ——– d——– C:\Program Files\JSAS
2006-10-13 12:20 ——– d——– C:\Program Files\ESET
2006-10-12 22:20 ——– d——– C:\Documents and Settings\Roelof\Application Data\Macromedia
2006-10-12 22:19 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-12 22:19 ——– d——– C:\Program Files\Macromedia
2006-10-12 22:19 ——– d——– C:\Program Files\Common Files\Macromedia Shared
2006-10-12 22:19 ——– d——– C:\Program Files\Common Files\Macromedia
2006-10-12 20:09 ——– d——– C:\Program Files\xp-AntiSpy
2006-10-12 17:14 ——– d——– C:\Documents and Settings\Roelof\Application Data\Lavasoft
2006-10-12 17:13 ——– d——– C:\Program Files\Lavasoft
2006-10-12 16:59 ——– d——– C:\Program Files\SPAMfighter
2006-10-12 16:59 ——– d——– C:\Program Files\Common Files\Application
2006-10-12 16:59 ——– d——– C:\Program Files\Common Files\Ankiro
2006-10-12 16:33 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:19 ——– d——– C:\Program Files\MSN Messenger
2006-10-12 16:11 ——– d——– C:\Program Files\Microsoft.NET
2006-10-12 16:11 ——– d——– C:\Program Files\Microsoft Office
2006-10-12 16:11 ——– d——– C:\Program Files\Common Files\DESIGNER
2006-10-12 15:55 ——– d——– C:\Program Files\Realtek
2006-10-12 15:51 ——– d——– C:\Program Files\Common Files\InstallShield
2006-10-12 15:51 ——– d——– C:\Program Files\ATI Technologies
2006-10-12 15:44 ——– d——– C:\Program Files\Jasc Software Inc
2006-10-12 15:44 ——– d——– C:\Documents and Settings\Roelof\Application Data\Jasc Software Inc
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\SWF Studio
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\SpeechEngines
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\ODBC
2006-10-12 15:42 62 –ahs—- C:\Documents and Settings\Roelof\Application Data\desktop.ini
2006-10-12 15:33 ——– d——– C:\Program Files\Messenger
2006-10-12 15:30 ——– d——– C:\Program Files\Windows Media Player
2006-10-12 15:30 ——– d——– C:\Program Files\Outlook Express
2006-10-12 15:30 ——– d——– C:\Program Files\Common Files\System
2006-10-12 15:13 ——– d——– C:\Program Files\Movie Maker
2006-10-12 15:11 ——– d——– C:\Program Files\Windows NT
2006-10-12 15:11 ——– d——– C:\Program Files\NetMeeting
2006-10-12 14:49 ——– d——– C:\Program Files\WinRAR
2006-10-12 14:31 ——– d——– C:\Program Files\Bhelpuri
2006-10-12 14:11 ——– d–h—– C:\Program Files\WindowsUpdate
2006-10-12 13:59 ——– d–h—– C:\Program Files\Uninstall Information
2006-10-12 13:59 ——– d——– C:\Documents and Settings\Roelof\Application Data\Identities
2006-10-12 13:52 ——– d——– C:\Program Files\xerox
2006-10-12 13:52 ——– d——– C:\Program Files\microsoft frontpage
2006-10-12 13:51 ——– d——– C:\Program Files\Online Services
2006-10-12 13:49 ——– d——– C:\Program Files\ComPlus Applications
2006-10-12 13:49 ——– d——– C:\Program Files\Common Files\Services
2006-10-12 13:49 ——– d——– C:\Program Files\Common Files\MSSoap
2006-10-12 13:48 ——– d——– C:\Program Files\MSN Gaming Zone
2006-10-12 13:48 ——– d——– C:\Program Files\MSN
2006-09-13 07:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
2006-08-16 11:37 225664 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 12:34 332928 –a—— C:\WINDOWS\system32\drivers\srv.sys
2006-08-11 21:45 888832 –a—— C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 –a—— C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 –a—— C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 –a—— C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 –a—— C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 –a—— C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 –a—— C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 –a—— C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 –a—— C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 –a—— C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 –a—— C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 –a—— C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 –a—— C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 –a—— C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 –a—— C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 –a—— C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 –a—— C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 –a—— C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 –a—— C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 –a—— C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 –a—— C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 –a—— C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 –a—— C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 –a—— C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 –a—— C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 –a—— C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 –a—— C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 –a—— C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 –a—— C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 –a—— C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 –a—— C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 –a—— C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 –a—— C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 –a—— C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 –a—— C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sat 14-10-2006 10:13:11.45
C:\ComboFix.txt … 14-10-2006 10:13


Hijjack log :

Logfile of HijackThis v1.99.1
Scan saved at 10:02:54, on 14-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roelof\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160655073452
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160663165156
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

afgezien van afwezigheid van de Java die ik aangeboden heb is het logje schoon, hoe is het met de problemen nu?

Ik zou toch Java nog even instaleren hoor.

Juisterr

Hoi,

Problemen nog steeds weg en ik heb java geinstalleerd.
Ik heb deze geinstalleerd : jdk-1_5_0_09-windows-i586-p.exe

Roelof

netjes gedaan, houd het netjes he.

Hoi,

Ik doe mijn best.

Ik heb nu NOD32 en Ad-Aware Se geinstalleerd.

Roelof

Hoi,

Probleem, is weer terug. Daarom deze logs :

Roelof - 06-10-16 9:14:52,37 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Documents and Settings\Roelof\Bureaublad

((((((((((((((((((((((((((((((( Files Created from 2006-09-16 to 2006-10-16 ))))))))))))))))))))))))))))))))))


2006-10-15 13:34 32,768 –a—— C:\WINDOWS\plugin.dll
2006-10-12 22:19 974,848 –a—— C:\WINDOWS\system32\mfc70.dll
2006-10-12 22:19 487,424 –a—— C:\WINDOWS\system32\msvcp70.dll
2006-10-12 22:19 344,064 –a—— C:\WINDOWS\system32\msvcr70.dll
2006-10-12 16:12 24,816 –a—— C:\WINDOWS\system32\mdimon.dll
2006-10-12 16:07 502,368 –a—— C:\WINDOWS\system32\drivers\amon.sys
2006-10-12 16:07 270,336 –a—— C:\WINDOWS\system32\imon.dll
2006-10-12 16:01 208,896 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2006-10-12 16:01 208,896 –a—— C:\WINDOWS\system32\nvudisp.exe
2006-10-12 15:56 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-12 15:56 7,552 –a—— C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-12 15:56 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-12 15:56 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
2006-10-12 15:56 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
2006-10-12 15:56 54,272 –a—— C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-12 15:56 52,864 –a—— C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-12 15:56 5,376 –a—— C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-12 15:56 40,960 -r——- C:\WINDOWS\system32\ChCfg.exe
2006-10-12 15:56 4,992 –a—— C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-12 15:56 4,096 –a—— C:\WINDOWS\system32\ksuser.dll
2006-10-12 15:56 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-12 15:56 172,416 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-12 15:56 157,184 -r——- C:\WINDOWS\system32\RtlCPAPI.dll
2006-10-12 15:56 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
2006-10-12 15:55 9,710,592 -r——- C:\WINDOWS\RTLCPL.exe
2006-10-12 15:55 86,016 -r——- C:\WINDOWS\SoundMan.exe
2006-10-12 15:55 69,632 -r——- C:\WINDOWS\Alcmtr.exe
2006-10-12 15:55 487,424 -r——- C:\WINDOWS\RtlExUpd.dll
2006-10-12 15:55 356,352 -r——- C:\WINDOWS\RtlUpd.exe
2006-10-12 15:55 3,966,976 -r——- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-10-12 15:55 2,807,808 -r——- C:\WINDOWS\alcwzrd.exe
2006-10-12 15:55 2,142,208 -r——- C:\WINDOWS\MicCal.exe
2006-10-12 15:55 14,854,144 -r——- C:\WINDOWS\RTHDCPL.exe
2006-10-12 15:53 70,144 -ra—— C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2006-10-12 15:50 36,352 -ra—— C:\WINDOWS\system32\drivers\AmdK8.sys
2006-10-12 15:45 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
2006-10-12 15:45 3,072 –a—— C:\WINDOWS\system32\drivers\audstub.sys
2006-10-12 15:44 6,400 –a—— C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-12 15:44 20,992 –a—— C:\WINDOWS\system32\drivers\rtl8139.sys
2006-10-12 15:43 76,288 –a—— C:\WINDOWS\system32\usbui.dll
2006-10-12 15:43 6,144 -ra—— C:\WINDOWS\system32\kbdtuq.dll
2006-10-12 15:43 6,144 -ra—— C:\WINDOWS\system32\kbdtuf.dll
2006-10-12 15:43 5,632 -ra—— C:\WINDOWS\system32\kbdazel.dll
2006-10-12 15:42 86,556 –a—— C:\WINDOWS\system32\dgsetup.dll
2006-10-12 15:42 8,704 –a—— C:\WINDOWS\system32\batt.dll
2006-10-12 15:42 8,192 -ra—— C:\WINDOWS\system32\kbdhept.dll
2006-10-12 15:42 76,288 –a—— C:\WINDOWS\system32\storprop.dll
2006-10-12 15:42 70,144 –a—— C:\WINDOWS\notepad.exe
2006-10-12 15:42 7,168 -ra—— C:\WINDOWS\system32\kbdcz.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdycl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdsl1.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdsl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdpl.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdhu.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdhela3.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcz2.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcz1.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\kbdcr.dll
2006-10-12 15:42 6,656 -ra—— C:\WINDOWS\system32\KBDAL.DLL
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdlv1.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdlv.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdhela2.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdgkl.dll
2006-10-12 15:42 6,144 -ra—— C:\WINDOWS\system32\kbdest.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdycc.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbduzb.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdur.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdtat.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdru1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdru.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdro.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdpl1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdmon.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdlt1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdlt.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdkyr.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdkaz.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhu1.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe319.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe220.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdhe.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdbu.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdblr.dll
2006-10-12 15:42 5,632 -ra—— C:\WINDOWS\system32\kbdaze.dll
2006-10-12 15:42 24,661 –a—— C:\WINDOWS\system32\spxcoins.dll
2006-10-12 15:42 176,157 –a—— C:\WINDOWS\system32\dgrpsetu.dll
2006-10-12 15:42 15,872 –a—— C:\WINDOWS\TASKMAN.EXE
2006-10-12 15:42 13,312 –a—— C:\WINDOWS\system32\irclass.dll
2006-10-12 15:42 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
2006-10-12 15:42 103,936 –a—— C:\WINDOWS\system32\EqnClass.Dll
2006-10-12 15:09 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 15:06 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
2006-10-12 14:56 77,312 –a—— C:\WINDOWS\system32\browser.dll
2006-10-12 14:56 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
2006-10-12 14:56 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
2006-10-12 14:56 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
2006-10-12 14:54 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
2006-10-12 14:54 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
2006-10-12 14:54 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
2006-10-12 14:54 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
2006-10-12 14:54 60,416 –a—— C:\WINDOWS\system32\colbact.dll
2006-10-12 14:54 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
2006-10-12 14:54 540,160 –a—— C:\WINDOWS\system32\comuid.dll
2006-10-12 14:54 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
2006-10-12 14:54 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
2006-10-12 14:54 243,200 –a—— C:\WINDOWS\system32\es.dll
2006-10-12 14:54 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
2006-10-12 14:54 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
2006-10-12 14:54 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
2006-10-12 14:54 101,376 –a—— C:\WINDOWS\system32\txflog.dll
2006-10-12 14:54 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
2006-10-12 14:54 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
2006-10-12 14:53 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
2006-10-12 14:51 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-12 14:12 8,192 ——— C:\WINDOWS\system32\bitsprx2.dll
2006-10-12 14:12 7,168 ——— C:\WINDOWS\system32\bitsprx3.dll
2006-10-12 14:12 351,232 –a—— C:\WINDOWS\system32\winhttp.dll
2006-10-12 14:12 18,944 –a—— C:\WINDOWS\system32\qmgrprxy.dll
2006-10-12 14:11 466,200 –a—— C:\WINDOWS\system32\wuapi.dll
2006-10-12 14:11 41,240 –a—— C:\WINDOWS\system32\wups.dll
2006-10-12 14:11 194,840 –a—— C:\WINDOWS\system32\wuaueng1.dll
2006-10-12 14:11 18,200 –a—— C:\WINDOWS\system32\wups2.dll
2006-10-12 14:11 174,360 –a—— C:\WINDOWS\system32\wuauclt1.exe
2006-10-12 14:11 128,280 –a—— C:\WINDOWS\system32\wucltui.dll
2006-10-12 13:52 112,128 –a—— C:\WINDOWS\system32\mapi32.dll
2006-10-12 13:52 0 -rahs—- C:\MSDOS.SYS
2006-10-12 13:52 0 -rahs—- C:\IO.SYS
2006-10-12 13:52 0 –a—— C:\CONFIG.SYS
2006-10-12 13:52 0 –a—— C:\AUTOEXEC.BAT
2006-10-12 13:50 45,568 –a—— C:\WINDOWS\system32\safrslv.dll
2006-10-12 13:50 43,520 –a—— C:\WINDOWS\system32\safrcdlg.dll
2006-10-12 13:50 43,520 –a—— C:\WINDOWS\system32\racpldlg.dll
2006-10-12 13:50 382,464 –a—— C:\WINDOWS\system32\qmgr.dll
2006-10-12 13:50 29,696 –a—— C:\WINDOWS\system32\safrdm.dll
2006-10-12 13:50 11,264 –a—— C:\WINDOWS\system32\atrace.dll
2006-10-12 13:49 86,016 –a—— C:\WINDOWS\system32\isign32.dll
2006-10-12 13:49 81,920 –a—— C:\WINDOWS\system32\ils.dll
2006-10-12 13:49 73,728 –a—— C:\WINDOWS\system32\icwdial.dll
2006-10-12 13:49 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
2006-10-12 13:49 69,632 –a—— C:\WINDOWS\system32\msconf.dll
2006-10-12 13:49 679,424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-10-12 13:49 67,584 –a—— C:\WINDOWS\system32\srclient.dll
2006-10-12 13:49 67,584 –a—— C:\WINDOWS\system32\acctres.dll
2006-10-12 13:49 65,536 –a—— C:\WINDOWS\system32\icwphbk.dll
2006-10-12 13:49 50,176 –a—— C:\WINDOWS\system32\inetres.dll
2006-10-12 13:49 34,560 –a—— C:\WINDOWS\system32\mnmdd.dll
2006-10-12 13:49 32,768 –a—— C:\WINDOWS\system32\mnmsrvc.exe
2006-10-12 13:49 32,768 –a—— C:\WINDOWS\system32\isrdbg32.dll
2006-10-12 13:49 28,672 –a—— C:\WINDOWS\system32\nmmkcert.dll
2006-10-12 13:49 278,528 –a—— C:\WINDOWS\system32\mstask.dll
2006-10-12 13:49 278,528 –a—— C:\WINDOWS\system32\inetcfg.dll
2006-10-12 13:49 252,928 –a—— C:\WINDOWS\system32\msoeacct.dll
2006-10-12 13:49 192,000 –a—— C:\WINDOWS\system32\schedsvc.dll
2006-10-12 13:49 170,496 –a—— C:\WINDOWS\system32\srsvc.dll
2006-10-12 13:49 16,384 –a—— C:\WINDOWS\system32\icfgnt5.dll
2006-10-12 13:49 12,288 –a—— C:\WINDOWS\system32\nmevtmsg.dll
2006-10-12 13:49 12,288 –a—— C:\WINDOWS\system32\mstinit.exe
2006-10-12 13:49 105,984 –a—— C:\WINDOWS\system32\msoert2.dll
2006-10-12 13:48 97,792 –a—— C:\WINDOWS\system32\comrepl.dll
2006-10-12 13:48 94,208 –a—— C:\WINDOWS\system32\tscfgwmi.dll
2006-10-12 13:48 9,728 –a—— C:\WINDOWS\system32\reset.exe
2006-10-12 13:48 87,176 –a—— C:\WINDOWS\system32\rdpwsx.dll
2006-10-12 13:48 85,504 –a—— C:\WINDOWS\system32\catsrvps.dll
2006-10-12 13:48 80,896 –a—— C:\WINDOWS\system32\charmap.exe
2006-10-12 13:48 73,216 –a—— C:\WINDOWS\system32\avwav.dll
2006-10-12 13:48 67,072 –a—— C:\WINDOWS\system32\rdshost.exe
2006-10-12 13:48 662,528 –a—— C:\WINDOWS\system32\getuname.dll
2006-10-12 13:48 655,360 –a—— C:\WINDOWS\system32\mstscax.dll
2006-10-12 13:48 62,464 –a—— C:\WINDOWS\system32\rdpclip.exe
2006-10-12 13:48 61,440 –a—— C:\WINDOWS\system32\remotepg.dll
2006-10-12 13:48 6,656 –a—— C:\WINDOWS\system32\wuauserv.dll
2006-10-12 13:48 6,144 –a—— C:\WINDOWS\system32\msdtc.exe
2006-10-12 13:48 58,880 –a—— C:\WINDOWS\system32\msdtclog.dll
2006-10-12 13:48 57,344 –a—— C:\WINDOWS\system32\sol.exe
2006-10-12 13:48 55,808 –a—— C:\WINDOWS\system32\freecell.exe
2006-10-12 13:48 54,272 –a—— C:\WINDOWS\system32\stclient.dll
2006-10-12 13:48 539,136 –a—— C:\WINDOWS\system32\spider.exe
2006-10-12 13:48 5,632 –a—— C:\WINDOWS\system32\write.exe
2006-10-12 13:48 5,120 –a—— C:\WINDOWS\system32\dcomcnfg.exe
2006-10-12 13:48 44,544 –a—— C:\WINDOWS\system32\tscupgrd.exe
2006-10-12 13:48 44,544 –a—— C:\WINDOWS\system32\hticons.dll
2006-10-12 13:48 412,160 –a—— C:\WINDOWS\system32\mstsc.exe
2006-10-12 13:48 4,608 –a—— C:\WINDOWS\system32\rdpcfgex.dll
2006-10-12 13:48 4,096 –a—— C:\WINDOWS\system32\mtxex.dll
2006-10-12 13:48 39,424 –a—— C:\WINDOWS\system32\cfgbkend.dll
2006-10-12 13:48 352,768 –a—— C:\WINDOWS\system32\hypertrm.dll
2006-10-12 13:48 35,840 –a—— C:\WINDOWS\system32\winchat.exe
2006-10-12 13:48 345,600 –a—— C:\WINDOWS\system32\mspaint.exe
2006-10-12 13:48 33,792 –a—— C:\WINDOWS\system32\regini.exe
2006-10-12 13:48 297,472 –a—— C:\WINDOWS\system32\termsrv.dll
2006-10-12 13:48 25,600 –a—— C:\WINDOWS\system32\comaddin.dll
2006-10-12 13:48 25,088 –a—— C:\WINDOWS\system32\mtxlegih.dll
2006-10-12 13:48 233,472 –a—— C:\WINDOWS\system32\avtapi.dll
2006-10-12 13:48 23,040 –a—— C:\WINDOWS\system32\qwinsta.exe
2006-10-12 13:48 22,016 –a—— C:\WINDOWS\system32\msg.exe
2006-10-12 13:48 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-12 13:48 20,480 –a—— C:\WINDOWS\system32\qprocess.exe
2006-10-12 13:48 20,480 –a—— C:\WINDOWS\system32\mtxdm.dll
2006-10-12 13:48 19,968 –a—— C:\WINDOWS\system32\rdpsnd.dll
2006-10-12 13:48 187,392 –a—— C:\WINDOWS\system32\accwiz.exe
2006-10-12 13:48 17,920 –a—— C:\WINDOWS\system32\tsshutdn.exe
2006-10-12 13:48 17,408 –a—— C:\WINDOWS\system32\qappsrv.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\tskill.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\rwinsta.exe
2006-10-12 13:48 16,384 –a—— C:\WINDOWS\system32\avmeter.dll
2006-10-12 13:48 15,872 –a—— C:\WINDOWS\system32\cdmodem.dll
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\tsdiscon.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\tscon.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\shadow.exe
2006-10-12 13:48 15,360 –a—— C:\WINDOWS\system32\logoff.exe
2006-10-12 13:48 147,968 –a—— C:\WINDOWS\system32\rdchost.dll
2006-10-12 13:48 147,456 –a—— C:\WINDOWS\system32\comsnap.dll
2006-10-12 13:48 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
2006-10-12 13:48 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-12 13:48 139,264 –a—— C:\WINDOWS\system32\sndvol32.exe
2006-10-12 13:48 132,608 –a—— C:\WINDOWS\system32\sndrec32.exe
2006-10-12 13:48 13,824 –a—— C:\WINDOWS\system32\rdsaddin.exe
2006-10-12 13:48 128,000 –a—— C:\WINDOWS\system32\mshearts.exe
2006-10-12 13:48 125,208 –a—— C:\WINDOWS\system32\wuauclt.exe
2006-10-12 13:48 124,416 –a—— C:\WINDOWS\system32\mplay32.exe
2006-10-12 13:48 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-12 13:48 119,808 –a—— C:\WINDOWS\system32\winmine.exe
2006-10-12 13:48 114,688 –a—— C:\WINDOWS\system32\calc.exe
2006-10-12 13:48 11,776 –a—— C:\WINDOWS\system32\xolehlp.dll
2006-10-12 13:48 11,264 –a—— C:\WINDOWS\system32\icaapi.dll
2006-10-12 13:48 104,448 –a—— C:\WINDOWS\system32\clipbrd.exe
2006-10-12 13:48 1,343,768 –a—— C:\WINDOWS\system32\wuaueng.dll
2006-10-12 13:48 1,161 –a—— C:\WINDOWS\system32\usrlogon.cmd
2006-10-12 13:47 58,880 –a—— C:\WINDOWS\system32\licwmi.dll
2006-10-12 13:47 56,320 –a—— C:\WINDOWS\system32\servdeps.dll
2006-10-12 13:47 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
2006-10-12 13:47 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-12 13:47 188,928 –a—— C:\WINDOWS\system32\cmprops.dll
2006-10-12 13:47 17,920 –a—— C:\WINDOWS\system32\mmfutil.dll
2006-10-09 08:12 1,343,488 –a—— C:\WINDOWS\system32\FreeImage.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 19:39 ——– d——– C:\Program Files\JSAS
2006-10-15 18:11 ——– d——– C:\Program Files\FileZilla
2006-10-14 11:05 ——– d——– C:\Program Files\SPAMfighter
2006-10-14 10:10 ——– d——– C:\Program Files\Java
2006-10-14 10:08 ——– d——– C:\Program Files\Common Files\Java
2006-10-14 10:08 ——– d——– C:\Program Files\Common Files
2006-10-13 22:55 ——– d——– C:\Program Files\Internet Explorer
2006-10-13 20:10 ——– d—s—- C:\Documents and Settings\Roelof\Application Data\Microsoft
2006-10-13 14:32 ——– d——– C:\Program Files\WinZip
2006-10-13 12:20 ——– d——– C:\Program Files\ESET
2006-10-12 22:20 ——– d——– C:\Documents and Settings\Roelof\Application Data\Macromedia
2006-10-12 22:19 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-12 22:19 ——– d——– C:\Program Files\Macromedia
2006-10-12 22:19 ——– d——– C:\Program Files\Common Files\Macromedia Shared
2006-10-12 22:19 ——– d——– C:\Program Files\Common Files\Macromedia
2006-10-12 20:09 ——– d——– C:\Program Files\xp-AntiSpy
2006-10-12 17:14 ——– d——– C:\Documents and Settings\Roelof\Application Data\Lavasoft
2006-10-12 17:13 ——– d——– C:\Program Files\Lavasoft
2006-10-12 16:59 ——– d——– C:\Program Files\Common Files\Application
2006-10-12 16:59 ——– d——– C:\Program Files\Common Files\Ankiro
2006-10-12 16:33 ——– d——– C:\Program Files\Common Files\Microsoft Shared
2006-10-12 16:19 ——– d——– C:\Program Files\MSN Messenger
2006-10-12 16:11 ——– d——– C:\Program Files\Microsoft.NET
2006-10-12 16:11 ——– d——– C:\Program Files\Microsoft Office
2006-10-12 16:11 ——– d——– C:\Program Files\Common Files\DESIGNER
2006-10-12 15:55 ——– d——– C:\Program Files\Realtek
2006-10-12 15:51 ——– d——– C:\Program Files\Common Files\InstallShield
2006-10-12 15:51 ——– d——– C:\Program Files\ATI Technologies
2006-10-12 15:44 ——– d——– C:\Program Files\Jasc Software Inc
2006-10-12 15:44 ——– d——– C:\Documents and Settings\Roelof\Application Data\Jasc Software Inc
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\SWF Studio
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\SpeechEngines
2006-10-12 15:43 ——– d——– C:\Program Files\Common Files\ODBC
2006-10-12 15:42 62 –ahs—- C:\Documents and Settings\Roelof\Application Data\desktop.ini
2006-10-12 15:33 ——– d——– C:\Program Files\Messenger
2006-10-12 15:30 ——– d——– C:\Program Files\Windows Media Player
2006-10-12 15:30 ——– d——– C:\Program Files\Outlook Express
2006-10-12 15:30 ——– d——– C:\Program Files\Common Files\System
2006-10-12 15:13 ——– d——– C:\Program Files\Movie Maker
2006-10-12 15:11 ——– d——– C:\Program Files\Windows NT
2006-10-12 15:11 ——– d——– C:\Program Files\NetMeeting
2006-10-12 14:49 ——– d——– C:\Program Files\WinRAR
2006-10-12 14:31 ——– d——– C:\Program Files\Bhelpuri
2006-10-12 14:11 ——– d–h—– C:\Program Files\WindowsUpdate
2006-10-12 13:59 ——– d–h—– C:\Program Files\Uninstall Information
2006-10-12 13:59 ——– d——– C:\Documents and Settings\Roelof\Application Data\Identities
2006-10-12 13:52 ——– d——– C:\Program Files\xerox
2006-10-12 13:52 ——– d——– C:\Program Files\microsoft frontpage
2006-10-12 13:51 ——– d——– C:\Program Files\Online Services
2006-10-12 13:49 ——– d——– C:\Program Files\ComPlus Applications
2006-10-12 13:49 ——– d——– C:\Program Files\Common Files\Services
2006-10-12 13:49 ——– d——– C:\Program Files\Common Files\MSSoap
2006-10-12 13:48 ——– d——– C:\Program Files\MSN Gaming Zone
2006-10-12 13:48 ——– d——– C:\Program Files\MSN
2006-09-13 07:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:51 617472 –a—— C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:59 100352 –a—— C:\WINDOWS\system32\6to4svc.dll
2006-08-16 11:37 225664 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-11 21:45 888832 –a—— C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 –a—— C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 –a—— C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 –a—— C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 –a—— C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 –a—— C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 –a—— C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 –a—— C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 –a—— C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 –a—— C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 –a—— C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 –a—— C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 –a—— C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 –a—— C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 –a—— C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 –a—— C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 –a—— C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 –a—— C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 –a—— C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 –a—— C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 –a—— C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 –a—— C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 –a—— C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 –a—— C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 –a—— C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 –a—— C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 –a—— C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 –a—— C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 –a—— C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 –a—— C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 –a—— C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 –a—— C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 –a—— C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 –a—— C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 –a—— C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Mon 16-10-2006 9:15:24.34
C:\ComboFix.txt … 16-10-2006 09:15
C:\ComboFix2.txt … 14-10-2006 10:13

Logfile of HijackThis v1.99.1
Scan saved at 9:19:46, on 16-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roelof\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160655073452
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160663165156
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Download [b:f45015f210] naar je Bureaublad:[list:f45015f210][*:f45015f210]Dubbelklik [b:f45015f210]drweb-cureit.exe[/b:f45015f210] Klik op udate
[*:f45015f210]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
[*:f45015f210]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:f45015f210]Yes to all[/b:f45015f210] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
[*:f45015f210]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
[*:f45015f210]Selecteer hier [b:f45015f210]alle drives[/b:f45015f210]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
[*:f45015f210]Klik daarna de [b:f45015f210]groene pijl[/b:f45015f210] rechts om de scan te starten.
[*:f45015f210]Klik [b:f45015f210]Yes to all[/b:f45015f210] wanneer er gevraagd wordt om cure of move uit te voeren.
[*:f45015f210]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:f45015f210]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:f45015f210]
[*:f45015f210]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:f45015f210]Move incurable[/b:f45015f210] zoals je hier ziet:
[img:f45015f210]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:f45015f210]
Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
[*:f45015f210]Nadat de scan gedaan is, in het menu bovenaan, klik [b:f45015f210]File[/b:f45015f210] en kies [b:f45015f210]Save report List[/b:f45015f210]. Bewaar het op je Bureaublad.
[*:f45015f210]Sluit daarna Dr.Web Cureit.
[*:f45015f210][b:f45015f210]Herstart[/b:f45015f210] je computer!! [i:f45015f210]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:f45015f210].
[*:f45015f210]Na het herstarten, [b:f45015f210]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:f45015f210].
[/list:u:f45015f210]

Negeer popups over Buy of 50% korting

Lijstje van Dr. Cureit,

A0005085.exe C:\System Volume Information\_restore{99B2495A-3622-40DB-A97D-2CF5408993C1}\RP39 Program.PrcView.3725 Moved.
lib2020.dll D:\2020\2020 Probably BACKDOOR.Trojan Moved.


Groetjes,

Roelof