Vraag & Antwoord
SideBySide adware of virus
20 antwoorden
- Hallo forum,
ik krijg steeds de SideBySide sleutels in mijn register, ook als ik ze verwijder. Ik heb een Hijackthiss logje gemaakt waarvan kopie. Kan mischien Juisterr er even naar kijkek, ik zie wat sleutels waar staat file is missing?? Kunnen die er uit.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:41:36, on 30-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\van Buuren\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1_01-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
–
End of file - 10002 bytes - Ik kan hier nog aan toevoegen dat het in het register verschijnt als ik de activ X van Adobe installeer. Die heb ik dus nu maar verwijderd
- Download [b:f24f9727ce]ATF cleaner[/b:f24f9727ce] (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords"
Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].
Ga naar het tabblad "Main" en klik op de knop [b:f24f9727ce]Exit[/b:f24f9727ce] om het programma af te sluiten.
De file missing lekker laten staan, bugje van HJT. - Bedankt, heb instructies uitgevoerd en hoop nu maar het beste ervan.
Gek is dat Norton Antivirus 2007 dit niet ontdekt en als ik handmatig het register opschoonde het na een paar dagen weer terug kwam??
Maar nu zou het gedaan moeten zijn. Dus niets te maken met Active Adobe??
- [quote:855e51d5ad="Edouard"]
Gek is dat Norton Antivirus 2007 dit niet ontdekt ?
[/quote:855e51d5ad]
nee dat vind ik niet gek! :-? - Ware het niet dat wij het volgende kunnenlezen op Symantic, je zou zeggen dat ze er zelf op filteren in hun antivirus / adware programma??
Symantec Security Responsehttp://www.symantec.com/security_response/index.jsp Adware.SideBySideUpdated: February 13, 2007 11:45:39 AM
Type: Adware
Publisher: sidebysidesearch.com
Risk Impact: Low
File Names: sbss.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
SUMMARYBehavior
Adware.SideBySide directs web searches to sidebysidesearch.com, and displays pop-up ads.
Symptoms
Your Symantec program detects Adware.SideBySide.
Transmission
The SideBySideSearch installer must be executed.
ProtectionVirus Definitions (LiveUpdate™ Weekly) July 6, 2005
Virus Definitions (Intelligent Updater) July 6, 2005
TECHNICAL DETAILS
When Adware.SideBySide is executed, it performs the following actions:
Creates the following files:
%ProgramFiles%\sbss\sbss.exe
%ProgramFiles%\sbss\Stop sbss.lnk
%ProgramFiles%\sbss\Uninstall sbss.exe
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\sbss
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss
Adds the value:
"sbss Launcher" = "%ProgramFiles%\sbss\sbss.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adds the values:
"DisplayName" = "sbss"
"NoModify" = "0x00000001"
"UninstallString" = "C:\Program Files\sbss\Uninstall sbss.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss
Adds the values:
"InstalledTo" = "C:\Program Files\sbss"
"LogURL" = "www.sidebysidesearch.com\nextvantage"
"mQuery" = "0x00000000"
"mGUID" = "{47A2A948-AB0A-4C20-A89F-6E847EDA7314}"
"mADCODE" = "2089!ascentive"
"startupflags" = "0x00000001"
"InstalledVN" = "0x00002710"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\sbss
Monitors the user's online activity, sends keyword searches to sidebysidesearch.com, then displays a pop-up window displaying the search results retrieved from sidebysidesearch.com.
Displays pop-up ads.
REMOVAL
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
Update the definitions.
Restart the computer in Safe mode.
Run a full system scan.
Delete the values added to the registry.
For specific details on each of these steps, read the following instructions.
1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. To restart the computer in Safe mode
Shut down the computer, and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read "How to start the computer in Safe Mode."
3. To run the scan
Start your Symantec antivirus program, and then run a full system scan.
If any files are detected as Adware.SideBySide, and depending on which software version you are using, you may see one or more of the following options:
Note: This applies only to versions of Norton AntiVirus that support Security Risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports Security Risk detection, and Security Risk detection has been enabled, you will see only a message box that gives the results of the scan. If you have questions about this situation, contact your network administrator.
Exclude (Not recommended)
If you click this button, it will set the threat so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.
Ignore or Skip
This option tells the scanner to ignore the threat for this scan only. It will be detected again the next time that you run a scan.
Cancel
This option is new to Norton AntiVirus 2005. It is used when Norton AntiVirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the threat for this scan only; the threat will be detected again the next time that you run a scan.
To delete the security risk
Click its file name (under the Filename column).
In the Item Information box that appears, write down the full path and file name.
Use Windows Explorer to locate and delete the file.
Delete
This option attempts to delete the detected files. In some cases, the scanner will not be able to do this.
If you see the message "Delete Failed" (or similar message), manually delete the file.
Click the file name of the threat that is under the Filename column.
In the Item Information box that appears, write down the full path and file name.
Use Windows Explorer to locate and delete the file.
4. To delete the values from the registry
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start > Run.
Type regedit
Then click OK.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"sbss Launcher" = "%ProgramFiles%\sbss\sbss.exe"
Delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\sbss
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss
Exit the Registry Editor.
Site Map · Legal Notices · Privacy Policy · Site Feedback · Contact Us · Global Sites · License Agreements
©1995 - 2007 Symantec Corporation - Ik ben er nu achter dat de SideBySide wordt gestart door de Gizmoplugin, een gratis belprogramma.
Ik heb nu ook de registersleutels van Gizmo verwijderd, het programma was al weg, maar de sleutels dus niet. Nu maar hopen dat SideBySide voorgoed weg is. - Eens kijken of we het vinden kunnen.
Download naar je [b:552de97c3c]Bureaublad[/b:552de97c3c] (by Deckard).[list:552de97c3c]
[*:552de97c3c][b:552de97c3c]Sluit[/b:552de97c3c] alle toepassingen en vensters.
[*:552de97c3c][b:552de97c3c]Dubbelklik[/b:552de97c3c] op [b:552de97c3c]Comboscan.exe[/b:552de97c3c] om het te activeren, en volg de aanwijzingen.
[*:552de97c3c]Wanneer de scan volledig is, zal een tekstbestand - [b:552de97c3c]ComboScan.txt[/b:552de97c3c] - openen.
[*:552de97c3c]Kopiëer [b:552de97c3c](Ctrl+A gevolgd door Ctrl+C)[/b:552de97c3c] en plak [b:552de97c3c](Ctrl+V)[/b:552de97c3c] de inhoud van [b:552de97c3c]ComboScan.txt[/b:552de97c3c] in je volgende antwoord.
[/list:u:552de97c3c] - Zie hier Comboscan, ondanks de verwijdering van Gizmosleutels, was SideBySide toch weer verschenen. Maar misschien met deze truc ??
ComboScan v20070306.20 run by van Buuren on 2007-04-02 at 08:52:06
Computer is in Normal Mode.
——————————————————————————–
– System Restore ————————————————————–
Successfully created ComboScan Restore Point.
– Last 5 Restore Point(s) –
16: 2007-04-02 06:52:13 UTC - RP16 - ComboScan Restore Point
15: 2007-04-01 13:48:05 UTC - RP15 - Controlepunt van systeem
14: 2007-03-31 13:02:53 UTC - RP14 - Controlepunt van systeem
13: 2007-03-30 12:43:47 UTC - RP13 - Removed Microsoft Money System Pack
12: 2007-03-30 12:42:50 UTC - RP12 - Removed Microsoft Money
– First Restore Point –
1: 2007-03-21 08:49:47 UTC - RP1 - Controlepunt van systeem
Performed disk cleanup.
– HijackThis Clone ————————————————————
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-02 08:52:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\APPS\ActivBoard\nhksrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Logitech\iTouch\iTouch.exe
C:\Program Files\MouseWare\system\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\APPS\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\APPS\ActivBoard\Traymon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\APPS\ActivBoard\osd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\van Buuren\Bureaublad\comboscan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Verbindingsproblemen vaststellen… - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1094718441921
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_01) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1_01-windows-i586.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37879.225474537
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Application Layer Gateway-service (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Indexing-service (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
O23 - Service: COM+-systeemtoepassing (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Services voor cryptografie (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService
O23 - Service: Service voor het rapporteren van fouten (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+-gebeurtenissysteem (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Compatibiliteit voor Snelle gebruikerswisseling (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Google Updater Service (gusvc) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: Help en ondersteuning (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: COM-service voor IMAPI cd-branders (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
O23 - Service: Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Netropa NHK Server (nhksrv) - C:\APPS\ActivBoard\nhksrv.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Verwisselbare opslag (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: Planner voor Automatische LiveUpdate - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IPSEC-services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Verbindingsbeheer voor RAS (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Helpsessiebeheer voor Extern bureaublad (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: SmartLinkService (SLService) - slserv.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore-service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: SSDP Discovery-service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{EE095DD3-1D83-4961-8911-DC75DD441C22}
O23 - Service: Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
O23 - Service: Symantec AppCore Service (SymAppCore) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Thema's (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Universele Plug en Play-apparaathost (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
O23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Serienummerservice voor draagbare media (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI-prestatieadapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
O23 - Service: Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatische updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
O23 - Service: Wireless Zero Configuration-service (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs
– File Associations ———————————————————–
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————
3S 61883 (61883-eenheidsapparaat) - C:\WINDOWS\system32\drivers\61883.sys
2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
0R agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\agpcpq.sys
3R ALCXWDM (Service for Avance AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
0R alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\alim1541.sys
0R amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\amdagp.sys
1R AmdK7 (Stuurprogramma voor AMD K7-processor) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP-clientprotocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S Avc (AVC-apparaat) - C:\WINDOWS\system32\drivers\avc.sys
3S BCM42RLY - C:\WINDOWS\system32\bcm42rly.sys
0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3S CCDECODE (Closed Caption-decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S cmudau (C-Media USB Sound Interface) - C:\WINDOWS\system32\drivers\cmudau.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3R FETNDIS (VIA Rhine Family Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\fetnd5b.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S hidusb (Microsoft HID Class-stuurprogramma) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
1R kbdhid (Stuurprogramma voor toetsenbord-HID) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R LCcFltr (Logitech USB Filter Driver) - C:\WINDOWS\system32\drivers\LCcfltr.sys
3R LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
3R LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsb.sys
3R LKbdFlt2 (Logitech Keyboard Class Filter Driver) - C:\WINDOWS\system32\drivers\lkbdflt2.sys
3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\lmouflt2.sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
3R MODEMCSA (Unimodem Streaming-filterapparaat) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Stuurprogramma voor muis-HID) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSDV (Microsoft DV Camera and VCR) - C:\WINDOWS\system32\drivers\msdv.sys
1R msikbd2k (Multimedia Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\Msikbd2k.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma) - C:\WINDOWS\system32\drivers\mstee.sys
3R Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070401.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070401.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video-verbinding) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394-stuurprogramma) - C:\WINDOWS\system32\drivers\nic1394.sys
3S NtMtlFax - C:\WINDOWS\system32\drivers\ntmtlfax.sys
0R ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S RecAgent - C:\WINDOWS\system32\drivers\recagent.sys
3R RT73 (Sitecom Wireless Network USB Adapter RT73 Turbo G Driver) - C:\WINDOWS\system32\drivers\rt73.sys
3S sermouse (Stuurprogramma voor seriële muis) - C:\WINDOWS\system32\drivers\sermouse.sys
0R sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\sisagp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R Slntamr (SmartLink AMR_PCI Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
3R SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
3S SONYPVU1 (Sony USB-filterstuurrapparaat (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3S ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ssm_bus.sys
3S ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - C:\WINDOWS\system32\drivers\ssm_mdfl.sys
3S ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - C:\WINDOWS\system32\drivers\ssm_mdm.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070330.003\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3S usbaudio (Stuurprogramma voor USB-audio (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3R usbccgp (Microsoft generiek hoofd-USB-stuurprogramma) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (Stuurprogramma voor USB-scanner) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Stuurprogramma voor USB-massaopslag) - C:\WINDOWS\system32\drivers\usbstor.sys
3S V90drv - C:\WINDOWS\system32\DRIVERS\v90drv.sys (not found)
1R vcsmpdrv - C:\WINDOWS\system32\drivers\vcsmpdrv.sys
0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\viaagp.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext-codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R nhksrv (Netropa NHK Server) - C:\Apps\ActivBoard\nhksrv.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R Planner voor Automatische LiveUpdate - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
3S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R SLService (SmartLinkService) - slserv.exe
3R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
2R VCSSecS (Virtual CD v4 Security service (SDK - Version)) - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
– Scheduled Tasks ————————————————————-
2007-03-21 14:23:41 564 –a—— C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - van Buuren.job<NORTON~1.JOB>
– Files created between 2007-03-02 and 2007-04-02 —————————–
2007-03-29 15:55:22 0 d——– C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-21 11:10:47 28672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-03-15 18:04:21 0 d——– C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
– Find3M Report —————————————————————
2007-04-01 12:16:00 0 d——– C:\Documents and Settings\van Buuren\Application Data\Skype
2007-04-01 12:15:09 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-29 15:56:45 0 d——– C:\Program Files\Common Files\Adobe
2007-03-28 11:36:41 0 d——– C:\Documents and Settings\van Buuren\Application Data\OfficeUpdate12<OFFICE~1>
2007-03-25 10:56:27 367286 –a—— C:\WINDOWS\system32\perfh013.dat
2007-03-25 10:56:27 54464 –a—— C:\WINDOWS\system32\perfc013.dat
2007-03-21 14:23:12 0 d——– C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-21 14:20:08 0 d——– C:\Program Files\Symantec
2007-03-21 14:20:07 48776 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-21 14:11:22 0 d——– C:\Documents and Settings\van Buuren\Application Data\Symantec
2007-03-18 15:00:48 0 d——– C:\Documents and Settings\van Buuren\Application Data\Adobe
2007-03-04 15:13:29 0 d—s—- C:\Documents and Settings\van Buuren\Application Data\Microsoft<MICROS~1>
2007-02-27 14:59:53 0 d——– C:\Program Files\Google
2007-02-20 14:41:46 0 d——– C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-13 13:10:41 0 d——– C:\Program Files\Java Web Start<JAVAWE~1>
2007-02-13 13:10:20 0 d——– C:\Program Files\Java
2007-02-13 13:10:20 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-06 12:39:42 0 d——– C:\Documents and Settings\van Buuren\Application Data\Apple Computer<APPLEC~1>
2007-02-04 20:12:48 0 d——– C:\Program Files\TRUST 640U SILVERLINE HEADSET USB<TRUST6~1>
2007-02-03 20:27:02 0 d——– C:\Program Files\Skype
2007-02-03 20:27:02 0 d——– C:\Program Files\Common Files\Skype
2007-01-29 10:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
2007-01-23 16:15:22 676224 –a—— C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL>
2007-01-12 10:27:42 232960 –a—— C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 —–n— C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 —–n— C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 –a—— C:\WINDOWS\system32\ieframe.dll
2007-01-09 20:47:38 242320 –a—— C:\WINDOWS\system32\SymRedir.dll
2007-01-09 20:47:38 624784 –a—— C:\WINDOWS\system32\SymNeti.dll
2007-01-08 20:04:54 105984 –a—— C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 –a—— C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 –a—— C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 –a—— C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 –a—— C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 —–n— C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 –a—— C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 –a—— C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:00:48 124928 –a—— C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 –a—— C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 –a—— C:\WINDOWS\system32\ieudinit.exe
– Registry Dump —————————————————————
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"zBrowser Launcher"="C:\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ACTIVBOARD"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"VCSPlayer"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"CleanEasyImg"="c:\\apps\\easydvd\\cleanall.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
– End of ComboScan: finished at 2007-04-02 at 08:53:23 ———————— - En nog meer van Comboscan
ComboScan v20070306.20 run by van Buuren on 2007-04-02 at 08:52:06
Supplementary logfile - please post this as an attachment with your post.
——————————————————————————–
– System Information ———————————————————-
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch
CPU 0: AMD Athlon™ XP 2700+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 511.49 MiB / 235.63 MiB
Pagefile Memory (total/avail): 1246.18 MiB / 973.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1977.33 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 112.53 GiB total, 97.63 GiB free.
Q: is CDROM (No Media)
R: is CDROM (No Media)
– Security Center ————————————————————-
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.
FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation) - En hij wordt gestart door :
GizmoPluginCPL in C:\Windows\system32
Dat kan ik zien door in eventlog op de foutmelding van SideBySide te klikken.
Ik neem aan dat ik die gewoon kan wegggooien. - Heb ik inmiddels weggegooid, en lijkt voorbij te zijn ???
Maar misschien nog een advies op de Comborun - En is het voorbij??
- Yes,
SideBySide laat zich niet meer zien. Had de tip over Gizmo call gratis bellen notabene uit de Elsevier. Die journalist heeft het nu ook.
Merci aan u allen - SideBySide vertoonde zich weer, maar nu als een onderdeel van een plugin die behoort bij automatische updates van Itunes van Apple.
Plugin verwijderd en de registersleutels van deze plugin, tevens opnieuw de SideBySide sleutels verwijderd.
Je kunt nu alleen geen automatische updates meer krijgen van Itunes, maar sowhat. Ga je ze gewoon manueel updaten.
Het is jammer dat een programma als Itunes zich ook laat gebruiken door een organisatie als SideBySide.com vanwege reclame doeleinden en opbrengsten. - amen
- Mensen!
Op: http://www.mazecomputer.com/sxs/help/whatis.htm
Kunnen jullie precies lezen waarom jullie deze SideBySide sleutels krijgen.
Dit is namelijk een nieuwe implementatie van Microsoft.
Programma's gemaakt met Visual C++ 2005 bijv. maken gebruik van deze sleutels waarbij dll's niet meer naar de system32 gekopieerd hoeften.
Nu jullie die Itunes afkraken, dat is dus flauw! - Mogelijk, bij was het een virus, zie ook dit
http://www.symantec.com/security_response/writeup.jsp?docid=2005-070514-5200-99
Wel een late reactie ??? - Ik zie dit forum voor het eerst.
Tijdens mijn eigen zoektocht, kwam ik er dus achter wat SideBySide dus inhoud.
Natuurlijk kunnen ook virussen zich hierin nestellen.!
Maar uiteindelijk is SideBySide de nieuwe methode van Microsoft voor de programmeurs, om hun assemblys kwijt te kunnen. (heel krom gezegt)
Nadeel is wel van deze techniek is dat je Windows directory nog sneller gaat groeien door alle assemblys. + Het register loopt sneller vol door de verwijzingen naar de assemblys.
Wat ik zou doen is een complete virusscan van de machine.!
Maar niet zomaar er al vanuit gaan dat het virussen zijn! - Side-by-Side zoals jij het brengt of
sidebyside zoals ik het had aangegeven.
Mijn versie is de virus variant, je moet wel op de schrijfwijze letten en kijk toch maar eens op de link van Symantic, die zijn echt niet gek.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.