Vraag & Antwoord

Beveiliging & privacy

Virusscanner wachtwoord gewijzigd

Anoniem
juisterr
26 antwoorden
  • Media player is er en werkt…. en soms ook niet :roll:
    Dat is een hele vreemde historie ik snap er niets van :-?

    Hier is een nieuwe log.
    Die 2 R0 zijn niet weg te krijgen.

    Logfile of HijackThis v1.99.1
    Scan saved at 21:05:57, on 12-3-2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerArchiver\PASTARTER.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\anti spyware\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: CCC.lnk = ?
    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote-inhoudsopgave.onetoc2
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
  • Download naar je [b:03ab337ed4]Bureaublad[/b:03ab337ed4] (by Deckard).[list:03ab337ed4]
    [*:03ab337ed4][b:03ab337ed4]Sluit[/b:03ab337ed4] alle toepassingen en vensters.
    [*:03ab337ed4][b:03ab337ed4]Dubbelklik[/b:03ab337ed4] op [b:03ab337ed4]Comboscan.exe[/b:03ab337ed4] om het te activeren, en volg de aanwijzingen.
    [*:03ab337ed4]Wanneer de scan volledig is, zal een tekstbestand - [b:03ab337ed4]ComboScan.txt[/b:03ab337ed4] - openen.
    [*:03ab337ed4]Kopiëer [b:03ab337ed4](Ctrl+A gevolgd door Ctrl+C)[/b:03ab337ed4] en plak [b:03ab337ed4](Ctrl+V)[/b:03ab337ed4] de inhoud van [b:03ab337ed4]ComboScan.txt[/b:03ab337ed4] in je volgende antwoord.
    [/list:u:03ab337ed4]
  • ComboScan v20070306.20 run by Death Dealer on 2007-03-12 at 22:09:28
    Computer is in Normal Mode.
    ——————————————————————————–

    – Last 5 Restore Point(s) –
    5: 2007-03-11 20:32:21 UTC - RP60 - Gepland herstelpunt
    4: 2007-03-09 21:27:47 UTC - RP59 - Installed PowerDVD
    3: 2007-03-09 21:24:08 UTC - RP57 - Installed PowerArchiver 2007
    2: 2007-03-09 19:45:12 UTC - RP56 - Windows Update
    1: 2007-03-08 20:37:52 UTC - RP55 - Windows Update


    Performed disk cleanup.


    – HijackThis (run as Death Dealer.exe) —————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 22:09:39, on 12-3-2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerArchiver\PASTARTER.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Death Dealer\Desktop\comboscan.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\ANTISP~1\HIJACK~1\Death Dealer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: CCC.lnk = ?
    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote-inhoudsopgave.onetoc2
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


    – HijackThis Fixed Entries (C:\ANTISP~1\HIJACK~1\backups\) ——————–

    backup-20070210-232851-126 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    backup-20070210-232851-730 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070210-232851-951 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070216-174838-135 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070216-174838-832 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070216-174852-271 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070216-174852-457 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070312-210218-183 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070312-210218-349 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20070312-210218-569 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070312-210242-183 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070312-210242-369 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070312-210305-488 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070312-210305-755 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070312-210518-220 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    backup-20070312-210518-303 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    – File Associations ———————————————————–

    .bat - batfile - "%1" %*
    .chm - chm.file - "%SystemRoot%\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    2R AMON - C:\Windows\System32\drivers\amon.sys
    0R giveio - C:\Windows\System32\giveio.sys
    2R irda (IrDA-protocol) - C:\Windows\System32\drivers\irda.sys
    3R irsir (Microsoft-stuurprogramma voor serieel infraroodapparaat) - C:\Windows\System32\drivers\irsir.sys
    3R L8042mou (SetPoint PS/2 Mouse Filter Driver) - C:\Windows\System32\drivers\L8042mou.Sys
    3R LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - C:\Windows\System32\drivers\LHidFilt.Sys
    3R LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - C:\Windows\System32\drivers\LMouFilt.Sys
    3R LMouKE (SetPoint Mouse Filter Driver) - C:\Windows\System32\drivers\LMouKE.Sys
    3R LUsbFilt (Logitech SetPoint KMDF USB Filter) - C:\Windows\System32\drivers\LUsbFilt.sys
    1R nod32drv - C:\Windows\System32\drivers\nod32drv.sys
    3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\Windows\System32\drivers\nvax.sys
    3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\Windows\System32\drivers\nvmfdx32.sys
    3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\Windows\System32\drivers\nvapu.sys
    3R Ph3xIB32 (Philips 713x Inbox PCI TV Card) - C:\Windows\System32\drivers\Ph3xIB32.sys
    3R R300 - C:\Windows\System32\drivers\atikmdag.sys
    0R speedfan - C:\Windows\System32\speedfan.sys
    2R TimerStop - \??\C:\Windows\system32\TimerStop.sys
    3S usbscan (Stuurprogramma voor USB-scanner) - C:\Windows\System32\drivers\usbscan.sys
    3S WpdUsb - C:\Windows\System32\drivers\WpdUsb.sys
    3S WUDFRd - C:\Windows\System32\drivers\WUDFRd.sys
    3R yukonwlh (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\Windows\System32\drivers\yk60x86.sys
    2R {95808DC4-FA4A-4c74-92FE-5B863F82066B} - \??\C:\Program Files\CyberLink\PowerDVD\000.fcl


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

    2R Ati External Event Utility - C:\Windows\system32\Ati2evxx.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
    2R Irmon (Infrared Monitor-service) - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    3S Microsoft Office Groove Audit Service - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
    3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    3S NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
    3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
    3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared files\RichVideo.exe"
    3S usnjsvc (Messenger USN Journal Reader service voor Gedeelde mappen) - "C:\Program Files\MSN Messenger\usnsvc.exe"
    3S VistaFirewallService - "C:\Program Files\VistaFirewallControl\VistaFirewallService.exe"


    – Files created between 2007-02-12 and 2007-03-12 —————————–



    – Find3M Report —————————————————————

    2099-02-03 23:26:28 0 d——– C:\Users\Death Dealer\AppData\Roaming\Identities<IDENTI~1>
    2099-02-03 23:22:55 0 d——– C:\Program Files\Windows NT<WINDOW~2>
    2007-03-12 22:09:17 0 d——– C:\Users\Death Dealer\AppData\Roaming\Azureus
    2007-03-12 22:05:37 0 d——– C:\Program Files\PowerArchiver<POWERA~1>
    2007-03-12 22:03:02 0 d——– C:\Program Files\Yahoo!
    2007-03-12 22:01:59 0 d——– C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-03-12 21:30:19 0 d——– C:\Program Files\Registry Mechanic<REGIST~1>
    2007-03-12 20:58:22 692336 –a—— C:\Windows\system32\perfh013.dat
    2007-03-12 20:58:22 123636 –a—— C:\Windows\system32\perfc013.dat
    2007-03-09 23:06:28 0 d——– C:\Program Files\SpeedFan
    2007-03-09 22:42:14 0 d——– C:\Program Files\CDisplay
    2007-03-09 22:32:29 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-03-09 22:31:48 0 d——– C:\Program Files\CyberLink<CYBERL~1>
    2007-03-08 22:34:10 0 d——– C:\Users\Death Dealer\AppData\Roaming\NewsLeecher<NEWSLE~1>
    2007-03-08 22:33:48 0 d——– C:\Program Files\NewsLeecher<NEWSLE~1>
    2007-03-06 22:52:33 0 d—s—- C:\Users\Death Dealer\AppData\Roaming\Microsoft<MICROS~1>
    2007-03-02 23:38:55 0 d——– C:\Program Files\Your Uninstaller 2006<YOURUN~1>
    2007-03-02 00:20:00 0 d——– C:\Program Files\Common Files\Ahead
    2007-03-01 23:34:22 0 d——– C:\Users\Death Dealer\AppData\Roaming\URSoft
    2007-03-01 22:59:40 0 d——– C:\Program Files\K-Lite Codec Pack<K-LITE~1>
    2007-02-27 21:24:48 0 d——– C:\Users\Death Dealer\AppData\Roaming\Corel
    2007-02-27 21:20:57 1056 –ahs—- C:\Windows\system32\KGyGaAvL.sys
    2007-02-25 22:43:19 0 d——– C:\Program Files\Yamicsoft<YAMICS~1>
    2007-02-25 17:46:36 0 d——– C:\Program Files\MP3Gain
    2007-02-25 17:09:22 0 d——– C:\Program Files\Lavalys
    2007-02-23 22:49:36 0 d——– C:\Users\Death Dealer\AppData\Roaming\LimeWire
    2007-02-23 22:27:50 0 d——– C:\Program Files\LimeWire
    2007-02-23 12:03:17 0 d——– C:\Users\Death Dealer\AppData\Roaming\Ahead
    2007-02-23 11:51:07 0 d——– C:\Program Files\DVD Decrypter<DVDDEC~1>
    2007-02-23 11:48:59 0 d——– C:\Program Files\DVD Shrink<DVDSHR~1>
    2007-02-22 23:30:41 0 d——– C:\Users\Death Dealer\AppData\Roaming\Mp3tag
    2007-02-22 23:22:58 0 d——– C:\Program Files\Mp3tag
    2007-02-21 22:56:31 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
    2007-02-21 22:32:15 0 d——– C:\Program Files\VistaCodecPack<VISTAC~1>
    2007-02-21 21:00:28 10752 –a—— C:\Windows\system32\ff_vfw.dll
    2007-02-18 10:58:22 0 d——– C:\Program Files\MSN Messenger<MSNMES~1>
    2007-02-16 17:53:41 0 d——– C:\Program Files\Windows Mail<WINDOW~1>
    2007-02-12 20:21:22 0 d——– C:\Users\Death Dealer\AppData\Roaming\Canon
    2007-02-11 11:07:44 0 d——– C:\Program Files\VistaFirewallControl<VISTAF~1>
    2007-02-11 00:40:34 0 d——– C:\Program Files\Acoustica CD Label Maker<ACOUST~1>
    2007-02-11 00:28:33 0 d——– C:\Users\Death Dealer\AppData\Roaming\Acoustica<ACOUST~1>
    2007-02-10 23:27:41 0 d——– C:\Program Files\CCleaner
    2007-02-10 22:49:12 229888 –a—— C:\Windows\system32\msshsq.dll
    2007-02-10 22:18:54 0 d——– C:\Users\Death Dealer\AppData\Roaming\InstallShield<INSTAL~1>
    2007-02-10 21:14:18 0 d——– C:\Users\Death Dealer\AppData\Roaming\Logitech
    2007-02-10 21:12:17 0 d——– C:\Program Files\Common Files\Logitech
    2007-02-10 21:12:07 0 d——– C:\Program Files\Logitech
    2007-02-10 21:12:03 0 d——– C:\Program Files\Common Files\InstallShield<INSTAL~1>
    2007-02-10 00:49:16 0 d——– C:\Program Files\MSXML 4.0<MSXML4~1.0>
    2007-02-09 00:23:34 0 d——– C:\Users\Death Dealer\AppData\Roaming\Symantec
    2007-02-08 22:15:22 0 d——– C:\Program Files\Common Files\Corel
    2007-02-08 22:14:40 0 d——– C:\Program Files\Corel
    2007-02-08 21:54:35 0 d——– C:\Users\Death Dealer\AppData\Roaming\Lavasoft
    2007-02-08 21:53:03 0 d——– C:\Program Files\Lavasoft
    2007-02-08 21:23:08 0 d——– C:\Program Files\Canon
    2007-02-08 21:20:41 0 d——– C:\Program Files\DAEMON Tools<DAEMON~1>
    2007-02-07 22:35:27 0 d——– C:\Program Files\Nero
    2007-02-07 20:50:43 0 d——– C:\Program Files\Common Files\Adobe
    2007-02-07 20:14:04 0 d——– C:\Users\Death Dealer\AppData\Roaming\Adobe
    2007-02-07 20:13:57 0 d——– C:\Users\Death Dealer\AppData\Roaming\AdobeUM
    2007-02-05 23:05:49 0 d——– C:\Program Files\Microsoft Works<MIF2B0~1>
    2007-02-05 23:05:41 0 d——– C:\Program Files\MSBuild
    2007-02-05 23:04:50 0 d——– C:\Program Files\Microsoft.NET<MICROS~1.NET>
    2007-02-05 23:03:13 0 d——– C:\Program Files\Microsoft Visual Studio 8<MICROS~3>
    2007-02-05 22:26:17 0 d——– C:\Program Files\Azureus
    2007-02-05 22:18:44 0 d——– C:\Program Files\Common Files\Java
    2007-02-05 22:18:40 0 d——– C:\Program Files\Java
    2007-02-05 22:12:14 0 d——– C:\Program Files\QuickPar
    2007-02-05 22:03:57 0 d——– C:\Users\Death Dealer\AppData\Roaming\KoalaFTDSearch<KOALAF~1>
    2007-02-05 22:03:55 0 d——– C:\Program Files\FTDv3.7.3<FTDV37~1.3>
    2007-02-04 12:01:26 0 d——– C:\Program Files\NewsSearcher<NEWSSE~1>
    2007-02-04 10:49:16 1168 –a—— C:\Windows\mozver.dat
    2007-02-04 00:25:04 104448 –a—— C:\Windows\system32\DWWIN.EXE
    2007-02-04 00:24:17 383488 –a—— C:\Windows\system32\ieapfltr.dll
    2007-02-04 00:24:06 4153344 –a—— C:\Windows\system32\GameUXLegacyGDFs.dll
    2007-02-04 00:24:06 1686016 –a—— C:\Windows\system32\gameux.dll
    2007-02-04 00:23:55 974336 –a—— C:\Windows\system32\crypt32.dll
    2007-02-03 23:54:55 0 d——– C:\Users\Death Dealer\AppData\Roaming\ATI
    2007-02-03 23:52:20 0 d——– C:\Program Files\ATI Technologies<ATITEC~1>
    2007-02-03 23:50:50 0 d——– C:\Program Files\ATI
    2007-02-03 23:47:22 0 –a—— C:\Windows\nsreg.dat
    2007-02-03 23:47:19 0 d——– C:\Users\Death Dealer\AppData\Roaming\Mozilla
    2007-02-03 23:40:51 298104 –a—— C:\Windows\system32\imon.dll
    2007-02-03 23:38:01 0 d——– C:\Users\Death Dealer\AppData\Roaming\Macromedia<MACROM~1>
    2007-02-01 05:56:06 639066 –a—— C:\Windows\system32\divx.dll
    2007-01-30 06:03:42 3596288 –a—— C:\Windows\system32\qt-dx331.dll
    2007-01-30 06:03:28 200704 –a—— C:\Windows\system32\ssldivx.dll
    2007-01-30 06:03:28 1044480 –a—— C:\Windows\system32\libdivx.dll
    2007-01-30 05:56:58 196608 –a—— C:\Windows\system32\dtu100.dll
    2007-01-30 05:56:58 73728 –a—— C:\Windows\system32\dpl100.dll
    2007-01-30 01:46:32 69632 –a—— C:\Windows\system32\KemXML.dll
    2007-01-30 01:46:26 163840 –a—— C:\Windows\system32\kemutb.dll
    2007-01-30 01:46:18 110592 –a—— C:\Windows\system32\KemWnd.dll
    2007-01-30 01:46:08 135168 –a—— C:\Windows\system32\KemUtil.dll
    2007-01-29 10:59:02 13824 –a—— C:\Windows\system32\Ph3xIB32MV.dll<PH3XIB~1.DLL>
    2007-01-23 15:45:00 1419024 –a—— C:\Windows\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL>
    2007-01-23 15:44:00 101136 –a—— C:\Windows\KHALMNPR.Exe
    2007-01-19 12:53:04 51056 –a—— C:\Windows\system32\sirenacm.dll
    2007-01-19 00:54:47 159744 –a—— C:\Windows\system32\atitmmxx.dll
    2007-01-19 00:54:36 237568 –a—— C:\Windows\system32\atipdlxx.dll
    2007-01-19 00:54:26 221184 –a—— C:\Windows\system32\Oemdspif.dll
    2007-01-19 00:54:14 42496 –a—— C:\Windows\system32\ati2edxx.dll
    2007-01-19 00:54:05 229376 –a—— C:\Windows\system32\Ati2evxx.dll
    2007-01-19 00:53:00 561152 –a—— C:\Windows\system32\Ati2evxx.exe
    2007-01-19 00:51:59 2671104 –a—— C:\Windows\system32\atiumdag.dll
    2007-01-19 00:46:43 7856128 –a—— C:\Windows\system32\atioglxx.dll
    2007-01-19 00:40:58 2676736 –a—— C:\Windows\system32\atiumdva.dll
    2007-01-19 00:40:40 3107788 –a—— C:\Windows\system32\atiumdva.dat
    2007-01-15 16:46:44 198656 –a—— C:\Windows\system32\fdco1.dll
    2006-12-22 23:44:42 4096 –a—— C:\Windows\system32\TimerStop.sys<TIMERS~1.SYS>
    2006-12-22 21:43:37 145112 –a—— C:\Windows\system32\atiicdxx.dat


    – Registry Dump —————————————————————


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "PowerArchiver Tray"="C:\\Program Files\\PowerArchiver\\PASTARTER.EXE"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
    6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\
    65,20,2d,68,69,64,65,00
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=dword:00000002
    "ConsentPromptBehaviorUser"=dword:00000001
    "EnableInstallerDetection"=dword:00000001
    "EnableLUA"=dword:00000000
    "EnableSecureUIAPaths"=dword:00000001
    "EnableVirtualization"=dword:00000001
    "PromptOnSecureDesktop"=dword:00000001
    "ValidateAdminCodeSignatures"=dword:00000000
    "scforceoption"=dword:00000000
    "FilterAdministratorToken"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
    "CF_TEXT"=dword:00000001
    "CF_BITMAP"=dword:00000002
    "CF_OEMTEXT"=dword:00000007
    "CF_DIB"=dword:00000008
    "CF_PALETTE"=dword:00000009
    "CF_UNICODETEXT"=dword:0000000d
    "CF_DIBV5"=dword:00000011

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="credssp.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
    LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0CscService\0wlansvc\0UmRdpService\0EMDMgmt\0WPDBusEnum\0TabletInputService\0\0
    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
    LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
    NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WerSvcGroup REG_MULTI_SZ wersvc\0\0
    swprv REG_MULTI_SZ swprv\0\0
    LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    regsvc REG_MULTI_SZ RemoteRegistry\0\0
    wcssvc REG_MULTI_SZ WcsPlugInService\0\0
    DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
    wdisvc REG_MULTI_SZ WdiServiceHost\0\0
    sdrsvc REG_MULTI_SZ sdrsvc\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    secsvcs REG_MULTI_SZ WinDefend\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    AeLookupSvc
    wercplsupport
    CertPropSvc
    SCPolicySvc
    gpsvc
    IKEEXT
    LogonHours
    PCAudit
    iphlpsvc
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    SessionEnv
    hkmsvc


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85d384c6-b621-11db-8fda-000129d2937f}]
    shell\AutoRun\command N:\AutoRun.exe


    – Hosts ———————————————————————–

    127.0.0.1 www.newsleecher.com
    127.0.0.1 newsleecher.com


    – End of ComboScan: finished at 2007-03-12 at 22:09:57 ————————
  • 1) Open een kladblokbestand.
    2) Kopieer onderstaande code in dit kladblokbestand.
    3) Ga naar Bestand - Opslaan als.
    -Bij "Opslaan in" kies je: Bureaublad
    -Bij "Bestandsnaam" zet je: fix.reg
    -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    -Klik op de knop Opslaan.

    [code:1:c6c018caf2]
    REGEDIT4

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=""
    [/code:1:c6c018caf2]
    4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Wil je daarna een nieuw logje van Comboscan posten en wil je vertellen of er nog problemen zijn.
  • Blijkbaar is het probleem weg. Om zeker te zijn ga ik dit morgen pas effectief bevestigen. Hier is in elk geval een nieuwe combo scan…

    ComboScan v20070306.20 run by Death Dealer on 2007-03-14 at 22:51:55
    Computer is in Normal Mode.
    ——————————————————————————–



    – HijackThis (run as Death Dealer.exe) —————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 22:52:00, on 14-3-2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\PowerArchiver\PASTARTER.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Users\Death Dealer\Desktop\comboscan.exe
    C:\ANTISP~1\HIJACK~1\DEATHD~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: CCC.lnk = ?
    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote-inhoudsopgave.onetoc2
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


    – Files created between 2007-02-14 and 2007-03-14 —————————–



    – Find3M Report —————————————————————

    2099-02-03 23:26:28 0 d——– C:\Users\Death Dealer\AppData\Roaming\Identities<IDENTI~1>
    2099-02-03 23:22:55 0 d——– C:\Program Files\Windows NT<WINDOW~2>
    2007-03-14 22:49:35 692336 –a—— C:\Windows\system32\perfh013.dat
    2007-03-14 22:49:35 123636 –a—— C:\Windows\system32\perfc013.dat
    2007-03-14 22:40:59 0 d——– C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-03-14 22:40:35 414208 –a—— C:\Windows\system32\msscp.dll
    2007-03-14 22:39:49 4153344 –a—— C:\Windows\system32\GameUXLegacyGDFs.dll
    2007-03-14 22:39:49 1686016 –a—— C:\Windows\system32\gameux.dll
    2007-03-12 22:09:17 0 d——– C:\Users\Death Dealer\AppData\Roaming\Azureus
    2007-03-12 22:05:37 0 d——– C:\Program Files\PowerArchiver<POWERA~1>
    2007-03-12 22:03:02 0 d——– C:\Program Files\Yahoo!
    2007-03-12 21:30:19 0 d——– C:\Program Files\Registry Mechanic<REGIST~1>
    2007-03-09 23:06:28 0 d——– C:\Program Files\SpeedFan
    2007-03-09 22:42:14 0 d——– C:\Program Files\CDisplay
    2007-03-09 22:32:29 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-03-09 22:31:48 0 d——– C:\Program Files\CyberLink<CYBERL~1>
    2007-03-08 22:34:10 0 d——– C:\Users\Death Dealer\AppData\Roaming\NewsLeecher<NEWSLE~1>
    2007-03-08 22:33:48 0 d——– C:\Program Files\NewsLeecher<NEWSLE~1>
    2007-03-06 22:52:33 0 d—s—- C:\Users\Death Dealer\AppData\Roaming\Microsoft<MICROS~1>
    2007-03-02 23:38:55 0 d——– C:\Program Files\Your Uninstaller 2006<YOURUN~1>
    2007-03-02 00:20:00 0 d——– C:\Program Files\Common Files\Ahead
    2007-03-01 23:34:22 0 d——– C:\Users\Death Dealer\AppData\Roaming\URSoft
    2007-03-01 22:59:40 0 d——– C:\Program Files\K-Lite Codec Pack<K-LITE~1>
    2007-02-27 21:24:48 0 d——– C:\Users\Death Dealer\AppData\Roaming\Corel
    2007-02-27 21:20:57 1056 –ahs—- C:\Windows\system32\KGyGaAvL.sys
    2007-02-25 22:43:19 0 d——– C:\Program Files\Yamicsoft<YAMICS~1>
    2007-02-25 17:46:36 0 d——– C:\Program Files\MP3Gain
    2007-02-25 17:09:22 0 d——– C:\Program Files\Lavalys
    2007-02-23 22:49:36 0 d——– C:\Users\Death Dealer\AppData\Roaming\LimeWire
    2007-02-23 22:27:50 0 d——– C:\Program Files\LimeWire
    2007-02-23 12:03:17 0 d——– C:\Users\Death Dealer\AppData\Roaming\Ahead
    2007-02-23 11:51:07 0 d——– C:\Program Files\DVD Decrypter<DVDDEC~1>
    2007-02-23 11:48:59 0 d——– C:\Program Files\DVD Shrink<DVDSHR~1>
    2007-02-22 23:30:41 0 d——– C:\Users\Death Dealer\AppData\Roaming\Mp3tag
    2007-02-22 23:22:58 0 d——– C:\Program Files\Mp3tag
    2007-02-21 22:56:31 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
    2007-02-21 22:32:15 0 d——– C:\Program Files\VistaCodecPack<VISTAC~1>
    2007-02-21 21:00:28 10752 –a—— C:\Windows\system32\ff_vfw.dll
    2007-02-18 10:58:22 0 d——– C:\Program Files\MSN Messenger<MSNMES~1>
    2007-02-16 17:53:41 0 d——– C:\Program Files\Windows Mail<WINDOW~1>
    2007-02-12 20:21:22 0 d——– C:\Users\Death Dealer\AppData\Roaming\Canon
    2007-02-11 11:07:44 0 d——– C:\Program Files\VistaFirewallControl<VISTAF~1>
    2007-02-11 00:40:34 0 d——– C:\Program Files\Acoustica CD Label Maker<ACOUST~1>
    2007-02-11 00:28:33 0 d——– C:\Users\Death Dealer\AppData\Roaming\Acoustica<ACOUST~1>
    2007-02-10 23:27:41 0 d——– C:\Program Files\CCleaner
    2007-02-10 22:49:12 229888 –a—— C:\Windows\system32\msshsq.dll
    2007-02-10 22:18:54 0 d——– C:\Users\Death Dealer\AppData\Roaming\InstallShield<INSTAL~1>
    2007-02-10 21:14:18 0 d——– C:\Users\Death Dealer\AppData\Roaming\Logitech
    2007-02-10 21:12:17 0 d——– C:\Program Files\Common Files\Logitech
    2007-02-10 21:12:07 0 d——– C:\Program Files\Logitech
    2007-02-10 21:12:03 0 d——– C:\Program Files\Common Files\InstallShield<INSTAL~1>
    2007-02-10 00:49:16 0 d——– C:\Program Files\MSXML 4.0<MSXML4~1.0>
    2007-02-09 00:23:34 0 d——– C:\Users\Death Dealer\AppData\Roaming\Symantec
    2007-02-08 22:15:22 0 d——– C:\Program Files\Common Files\Corel
    2007-02-08 22:14:40 0 d——– C:\Program Files\Corel
    2007-02-08 21:54:35 0 d——– C:\Users\Death Dealer\AppData\Roaming\Lavasoft
    2007-02-08 21:53:03 0 d——– C:\Program Files\Lavasoft
    2007-02-08 21:23:08 0 d——– C:\Program Files\Canon
    2007-02-08 21:20:41 0 d——– C:\Program Files\DAEMON Tools<DAEMON~1>
    2007-02-07 22:35:27 0 d——– C:\Program Files\Nero
    2007-02-07 20:50:43 0 d——– C:\Program Files\Common Files\Adobe
    2007-02-07 20:14:04 0 d——– C:\Users\Death Dealer\AppData\Roaming\Adobe
    2007-02-07 20:13:57 0 d——– C:\Users\Death Dealer\AppData\Roaming\AdobeUM
    2007-02-05 23:05:49 0 d——– C:\Program Files\Microsoft Works<MIF2B0~1>
    2007-02-05 23:05:41 0 d——– C:\Program Files\MSBuild
    2007-02-05 23:04:50 0 d——– C:\Program Files\Microsoft.NET<MICROS~1.NET>
    2007-02-05 23:03:13 0 d——– C:\Program Files\Microsoft Visual Studio 8<MICROS~3>
    2007-02-05 22:26:17 0 d——– C:\Program Files\Azureus
    2007-02-05 22:18:44 0 d——– C:\Program Files\Common Files\Java
    2007-02-05 22:18:40 0 d——– C:\Program Files\Java
    2007-02-05 22:12:14 0 d——– C:\Program Files\QuickPar
    2007-02-05 22:03:57 0 d——– C:\Users\Death Dealer\AppData\Roaming\KoalaFTDSearch<KOALAF~1>
    2007-02-05 22:03:55 0 d——– C:\Program Files\FTDv3.7.3<FTDV37~1.3>
    2007-02-04 12:01:26 0 d——– C:\Program Files\NewsSearcher<NEWSSE~1>
    2007-02-04 10:49:16 1168 –a—— C:\Windows\mozver.dat
    2007-02-04 00:25:04 104448 –a—— C:\Windows\system32\DWWIN.EXE
    2007-02-04 00:24:17 383488 –a—— C:\Windows\system32\ieapfltr.dll
    2007-02-04 00:23:55 974336 –a—— C:\Windows\system32\crypt32.dll
    2007-02-03 23:54:55 0 d——– C:\Users\Death Dealer\AppData\Roaming\ATI
    2007-02-03 23:52:20 0 d——– C:\Program Files\ATI Technologies<ATITEC~1>
    2007-02-03 23:50:50 0 d——– C:\Program Files\ATI
    2007-02-03 23:47:22 0 –a—— C:\Windows\nsreg.dat
    2007-02-03 23:47:19 0 d——– C:\Users\Death Dealer\AppData\Roaming\Mozilla
    2007-02-03 23:40:51 298104 –a—— C:\Windows\system32\imon.dll
    2007-02-03 23:38:01 0 d——– C:\Users\Death Dealer\AppData\Roaming\Macromedia<MACROM~1>
    2007-02-01 05:56:06 639066 –a—— C:\Windows\system32\divx.dll
    2007-01-30 06:03:42 3596288 –a—— C:\Windows\system32\qt-dx331.dll
    2007-01-30 06:03:28 200704 –a—— C:\Windows\system32\ssldivx.dll
    2007-01-30 06:03:28 1044480 –a—— C:\Windows\system32\libdivx.dll
    2007-01-30 05:56:58 196608 –a—— C:\Windows\system32\dtu100.dll
    2007-01-30 05:56:58 73728 –a—— C:\Windows\system32\dpl100.dll
    2007-01-30 01:46:32 69632 –a—— C:\Windows\system32\KemXML.dll
    2007-01-30 01:46:26 163840 –a—— C:\Windows\system32\kemutb.dll
    2007-01-30 01:46:18 110592 –a—— C:\Windows\system32\KemWnd.dll
    2007-01-30 01:46:08 135168 –a—— C:\Windows\system32\KemUtil.dll
    2007-01-29 10:59:02 13824 –a—— C:\Windows\system32\Ph3xIB32MV.dll<PH3XIB~1.DLL>
    2007-01-23 15:45:00 1419024 –a—— C:\Windows\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL>
    2007-01-23 15:44:00 101136 –a—— C:\Windows\KHALMNPR.Exe
    2007-01-19 12:53:04 51056 –a—— C:\Windows\system32\sirenacm.dll
    2007-01-19 00:54:47 159744 –a—— C:\Windows\system32\atitmmxx.dll
    2007-01-19 00:54:36 237568 –a—— C:\Windows\system32\atipdlxx.dll
    2007-01-19 00:54:26 221184 –a—— C:\Windows\system32\Oemdspif.dll
    2007-01-19 00:54:14 42496 –a—— C:\Windows\system32\ati2edxx.dll
    2007-01-19 00:54:05 229376 –a—— C:\Windows\system32\Ati2evxx.dll
    2007-01-19 00:53:00 561152 –a—— C:\Windows\system32\Ati2evxx.exe
    2007-01-19 00:51:59 2671104 –a—— C:\Windows\system32\atiumdag.dll
    2007-01-19 00:46:43 7856128 –a—— C:\Windows\system32\atioglxx.dll
    2007-01-19 00:40:58 2676736 –a—— C:\Windows\system32\atiumdva.dll
    2007-01-19 00:40:40 3107788 –a—— C:\Windows\system32\atiumdva.dat
    2007-01-15 16:46:44 198656 –a—— C:\Windows\system32\fdco1.dll
    2006-12-22 23:44:42 4096 –a—— C:\Windows\system32\TimerStop.sys<TIMERS~1.SYS>
    2006-12-22 21:43:37 145112 –a—— C:\Windows\system32\atiicdxx.dat


    – Registry Dump —————————————————————


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "PowerArchiver Tray"="C:\\Program Files\\PowerArchiver\\PASTARTER.EXE"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
    6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\
    65,20,2d,68,69,64,65,00
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=dword:00000002
    "ConsentPromptBehaviorUser"=dword:00000001
    "EnableInstallerDetection"=dword:00000001
    "EnableLUA"=dword:00000000
    "EnableSecureUIAPaths"=dword:00000001
    "EnableVirtualization"=dword:00000001
    "PromptOnSecureDesktop"=dword:00000001
    "ValidateAdminCodeSignatures"=dword:00000000
    "scforceoption"=dword:00000000
    "FilterAdministratorToken"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
    "CF_TEXT"=dword:00000001
    "CF_BITMAP"=dword:00000002
    "CF_OEMTEXT"=dword:00000007
    "CF_DIB"=dword:00000008
    "CF_PALETTE"=dword:00000009
    "CF_UNICODETEXT"=dword:0000000d
    "CF_DIBV5"=dword:00000011

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
    LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0CscService\0wlansvc\0UmRdpService\0EMDMgmt\0WPDBusEnum\0TabletInputService\0\0
    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
    LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
    NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WerSvcGroup REG_MULTI_SZ wersvc\0\0
    swprv REG_MULTI_SZ swprv\0\0
    LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    regsvc REG_MULTI_SZ RemoteRegistry\0\0
    wcssvc REG_MULTI_SZ WcsPlugInService\0\0
    DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
    wdisvc REG_MULTI_SZ WdiServiceHost\0\0
    sdrsvc REG_MULTI_SZ sdrsvc\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    secsvcs REG_MULTI_SZ WinDefend\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    AeLookupSvc
    wercplsupport
    CertPropSvc
    SCPolicySvc
    gpsvc
    IKEEXT
    LogonHours
    PCAudit
    iphlpsvc
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    SessionEnv
    hkmsvc


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85d384c6-b621-11db-8fda-000129d2937f}]
    shell\AutoRun\command N:\AutoRun.exe


    – End of ComboScan: finished at 2007-03-14 at 22:52:15 ————————
  • man man man :cry:
    Het probleem is er nog steeds :roll:
    Wat is dit toch voor rotzooi :-?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.