Vraag & Antwoord
een zoveelste slachtoffer van resycled\boot.com
24 antwoorden
- kan iemand mij helpen? ik heb op verschillende fora al rondgezocht maar ik heb de oplossing nog niet gevonden. Als ik via de verkenner op C: dubbelklik krijg ik een foutmelding, als ik in de adresbalk van de verkenner C:\ intyp, kan ik nog wel aan alle bestanden.
Ik heb ook al ontdekt dat die hijack-logs belangrijk zijn, ziehier de mijne:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:07, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe"
O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe"
O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdrkx.exe] C:\WINDOWS\system32\kdrkx.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdaws.exe] C:\WINDOWS\system32\kdaws.exe
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpds.exe] C:\WINDOWS\system32\kdpds.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkil.exe] C:\WINDOWS\system32\kdkil.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkwl.exe] C:\WINDOWS\system32\kdkwl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpkz.exe] C:\WINDOWS\system32\kdpkz.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
–
End of file - 16052 bytes
Hopelijk kan iemand mij helpen, alvast bedankt!! - Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:
[b:01e9e1f19e]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdrkx.exe] C:\WINDOWS\system32\kdrkx.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdaws.exe] C:\WINDOWS\system32\kdaws.exe
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 –u
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpds.exe] C:\WINDOWS\system32\kdpds.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkil.exe] C:\WINDOWS\system32\kdkil.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkwl.exe] C:\WINDOWS\system32\kdkwl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpkz.exe] C:\WINDOWS\system32\kdpkz.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe[/b:01e9e1f19e]
Klik op 'Fix checked' om de items te verwijderen.
Verwijder volgende vetgedrukte map met Windows Verkenner :
C:\Program Files\Common Files\[b:01e9e1f19e]BOONTY Shared[/b:01e9e1f19e]
Download [b:01e9e1f19e] naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:01e9e1f19e]download Combofix opnieuw[/b:01e9e1f19e].
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:01e9e1f19e]
Dubbelklik op [b:01e9e1f19e]Combofix.exe[/b:01e9e1f19e] om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op [b:01e9e1f19e]Ja[/b:01e9e1f19e] te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:01e9e1f19e]JA[/b:01e9e1f19e] te klikken in het "Query - Recovery Console" venster.
Klik op [b:01e9e1f19e]OK[/b:01e9e1f19e] en [b:01e9e1f19e]Ja[/b:01e9e1f19e] om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op [b:01e9e1f19e]Ja[/b:01e9e1f19e] om het scannen op malware te starten.
Tijdens het runnen van de fix, [b:01e9e1f19e]NIET[/b:01e9e1f19e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:01e9e1f19e]
Wanneer de fix voltooid is en na herstart, zal de log [b:01e9e1f19e]Combofix.txt[/b:01e9e1f19e] openen.
Post dit logje in je volgende antwoord, samen met een nieuw HijackThis log. - ComboFix 08-10-30.13 - Jeroen 2008-10-31 23:31:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2207 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Jeroen\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_BOONTY_GAMES
——-\Service_Boonty Games
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))))
.
2008-10-31 23:37 . 3,839 C:\WINDOWS\system32\drivers\GETPADD.sys
2008-10-31 23:16 . 2008-10-31 23:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
2008-10-30 20:11 . 2008-10-30 20:11 <DIR> d——– C:\Program Files\Trend Micro
2008-10-30 18:58 . 2008-10-30 18:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\SUPERAntiSpyware.com
2008-10-30 16:43 . 2008-10-15 17:37 337,408 ——— C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Malwarebytes
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 00:05 . 2008-10-22 16:10 38,496 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 00:05 . 2008-10-22 16:10 15,504 –a—— C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 19:09 . 2008-10-30 01:52 <DIR> d–h—– C:\$AVG8.VAULT$
2008-10-29 18:51 . 2008-10-29 18:51 97,928 –a—— C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-29 18:51 . 2008-10-29 18:51 76,040 –a—— C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-29 18:51 . 2008-10-29 18:51 10,520 –a—— C:\WINDOWS\system32\avgrsstx.dll
2008-10-29 18:50 . 2008-10-31 23:40 <DIR> d——– C:\WINDOWS\system32\drivers\Avg
2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d——– C:\Program Files\AVG
2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d——– C:\Program Files\PrevxCSI
2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-10-26 17:09 . 2008-10-26 17:09 25,400 –a—— C:\WINDOWS\system32\drivers\pxark.sys
2008-10-26 17:05 . 2008-10-31 18:41 <DIR> d——– C:\Program Files\Hitman Pro 3
2008-10-26 17:05 . 2008-10-26 17:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro
2008-10-22 18:41 . 2008-10-22 18:41 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\VST3 Presets
2008-10-22 11:52 . 2008-10-22 11:52 27,904 –a—— C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d——– C:\Program Files\Photodex Presenter
2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Netscape
2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d——– C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d——– C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-19 12:01 . 2008-10-19 12:01 <DIR> d–hs—- C:\Documents and Settings\NetworkService\PrivacIE
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> dr——- C:\Documents and Settings\NetworkService\Favorieten
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\ABIG
2008-10-18 18:18 . 2008-10-18 18:58 <DIR> d——– C:\Program Files\Collectorz.com
2008-10-16 11:44 . 2008-09-15 16:28 1,846,528 ——— C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:44 . 2008-09-08 11:41 333,824 ——— C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 11:43 . 2008-08-14 14:27 2,193,536 ——— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,149,888 ——— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,070,400 ——— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,028,544 ——— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 20:06 . 2008-10-15 20:06 <DIR> d——– C:\Program Files\Common Files\Adobe AIR
2008-10-14 18:56 . 2008-10-14 18:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-14 18:44 . 2008-10-14 18:44 <DIR> d——– C:\Program Files\Common Files\Control Panels
2008-10-14 18:41 . 2008-10-14 18:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ALM
2008-10-14 17:54 . 2007-02-20 15:04 2,463,976 –a—— C:\WINDOWS\system32\NPSWF32.dll
2008-10-14 17:54 . 2007-02-20 15:04 190,696 –a—— C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-14 17:15 . 2008-10-14 17:15 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
2008-10-12 15:43 . 2008-10-12 15:43 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Bullzip
2008-10-12 15:37 . 1999-05-06 23:00 140,288 –a—— C:\WINDOWS\system32\comdlg32.OCX
2008-10-06 18:53 . 2008-10-10 20:06 10,593 –a—— C:\WINDOWS\CSTBox.INI
2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d——– C:\Program Files\iTunes
2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d——– C:\Program Files\iPod
2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d——– C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 21:59 . 2006-10-12 09:40 716,800 –a—— C:\WINDOWS\system32\SysInternalsBluescreen.scr
2008-10-01 22:49 . 2008-10-01 22:49 <DIR> d——– C:\Program Files\ALCATech
2008-10-01 19:57 . 2008-10-03 16:31 <DIR> d——– C:\WINDOWS\system32\Adobe
2008-09-29 00:01 . 2008-09-29 00:01 0 –a—— C:\WINDOWS\NSREX.INI
2008-09-27 18:34 . 2008-09-27 18:34 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-27 10:28 . 2008-10-29 21:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-09-27 10:27 . 2008-10-29 21:24 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\NCH Swift Sound
2008-09-26 16:25 . 2008-10-08 18:09 <DIR> d——– C:\Documents and Settings\Jeroen\Tracing
2008-09-26 16:18 . 2008-09-26 16:18 <DIR> d——– C:\Program Files\Microsoft
2008-09-26 16:12 . 2008-09-26 16:12 <DIR> d——– C:\Program Files\Common Files\Windows Live
2008-09-25 17:34 . 2008-09-25 17:34 <DIR> d——– C:\WINDOWS\Sun
2008-09-25 17:34 . 2008-09-25 17:33 410,976 –a—— C:\WINDOWS\system32\deploytk.dll
2008-09-25 16:52 . 2008-09-26 16:00 <DIR> d——– C:\Program Files\NOS
2008-09-25 16:52 . 2008-09-26 16:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NOS
2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d——– C:\Program Files\Common Files\Supportsoft
2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d——– C:\Program Files\Belgacom
2008-09-24 19:12 . 2008-09-24 19:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-24 19:10 . 2008-09-24 19:11 <DIR> d——– C:\Belgacom.msi.2.2
2008-09-14 21:42 . 2008-09-14 21:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-09-14 21:42 . 2008-09-14 21:42 1,025 –a—— C:\WINDOWS\system32\sysprs7.tgz
2008-09-14 21:42 . 2008-09-14 21:42 1,025 –a—— C:\WINDOWS\system32\sysprs7.dll
2008-09-14 21:42 . 2008-09-14 21:42 1,025 –a—— C:\WINDOWS\system32\clauth2.dll
2008-09-14 21:42 . 2008-09-14 21:42 1,025 –a—— C:\WINDOWS\system32\clauth1.dll
2008-09-14 21:42 . 2008-10-29 17:02 219 –a—— C:\WINDOWS\system32\lsprst7.tgz
2008-09-14 21:42 . 2008-10-29 17:02 87 –a—— C:\WINDOWS\system32\ssprs.tgz
2008-09-13 12:33 . 2008-09-13 12:33 <DIR> d——– C:\Program Files\Macromedia
2008-09-13 11:26 . 2008-09-13 11:26 <DIR> d——– C:\Program Files\Common Files\DirectX
2008-09-13 11:09 . 2008-09-13 11:09 <DIR> d——– C:\Program Files\Warthog
2008-09-12 17:38 . 2008-09-12 17:38 <DIR> d——– C:\Program Files\Bonjour
2008-09-12 17:32 . 2008-09-12 17:32 <DIR> d——– C:\Program Files\Apple Software Update
2008-09-11 18:29 . 2008-09-22 21:25 1,838 –a—— C:\WINDOWS\SubCreator.INI
2008-09-11 18:25 . 2008-09-11 18:25 <DIR> d——– C:\Program Files\Subtitles Creator
2008-09-09 17:21 . 2008-10-29 17:19 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\FileZilla
2008-09-09 17:18 . 2008-10-27 22:30 <DIR> d——– C:\Program Files\FileZilla FTP Client
2008-09-07 13:14 . 2008-09-07 13:14 <DIR> d——– C:\Program Files\MagicDVDRipper
2008-09-07 13:14 . 2008-09-07 13:15 <DIR> d——– C:\Program Files\MagicDVDCopier
2008-09-06 18:59 . 2008-09-06 18:59 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Sibelius Software
2008-09-06 14:09 . 2008-09-06 14:09 90,112 –a—— C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 14:09 . 2008-09-06 14:09 57,344 –a—— C:\WINDOWS\system32\QuickTime.qts
2008-09-03 17:55 . 2008-09-25 17:33 73,728 –a—— C:\WINDOWS\system32\javacpl.cpl
2008-09-03 17:53 . 2008-09-25 17:33 <DIR> d——– C:\Program Files\Java
2008-09-03 17:53 . 2008-09-03 17:53 <DIR> d——– C:\Program Files\Common Files\Java
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 18:13 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-30 17:47 ——— d—–w C:\Program Files\Microsoft Silverlight
2008-10-29 20:23 ——— d—–w C:\Program Files\NCH Swift Sound
2008-10-29 17:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-27 01:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-10-27 01:08 ——— d—–w C:\Program Files\Spybot - Search & Destroy
2008-10-27 01:03 ——— d—–w C:\Program Files\Hitman Pro
2008-10-27 01:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 00:58 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\Lavasoft
2008-10-26 22:40 ——— d—–w C:\Program Files\FLV Player
2008-10-21 16:22 ——— d—–w C:\Program Files\ESET
2008-10-14 17:49 ——— d—–w C:\Program Files\Common Files\Adobe
2008-10-12 20:39 66,568 —-a-w C:\Documents and Settings\Jeroen\Application Data\GDIPFONTCACHEV1.DAT
2008-10-09 08:18 ——— d—–w C:\Program Files\Windows Live
2008-10-08 17:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 19:14 ——— d—–w C:\Program Files\Windows Live Safety Center
2008-09-12 22:33 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\Apple Computer
2008-09-12 17:01 ——— d—–w C:\Program Files\QuickTime
2008-09-12 17:01 ——— d—–w C:\Program Files\Common Files\Apple
2008-09-10 22:33 ——— d—–w C:\Program Files\CamStudio
2008-09-08 10:41 333,824 —-a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-01 21:35 ——— d—–w C:\Program Files\Musicnotes
2008-08-31 22:13 ——— d—–w C:\Program Files\Finale PrintMusic 2007
2008-07-06 18:27 606,848 —-a-w C:\WINDOWS\flashax.exe
2008-07-06 18:27 503,808 —-a-w C:\WINDOWS\Asus_A_Series_ScreenSaver.scr
2008-07-06 18:27 5,516,371 —-a-w C:\WINDOWS\A-series Demo.exe
2008-07-06 18:27 266,240 —-a-w C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe
2008-07-06 18:27 12,288 —-a-w C:\WINDOWS\impborl.dll
2008-07-07 01:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008063020080707\index.dat
2008-07-07 01:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008070720080708\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 03:08 599552 –a—— C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 39408]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-21 7335936]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2005-11-21 1519616]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2005-05-26 544768]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2005-09-06 14850560]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-25 144792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712]
"HitmanPro3"="C:\Program Files\Hitman Pro 3\hitmanpro3.exe" [2008-10-31 4590200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2008-07-06 32768]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\BoontyGames\\Insane\\Game.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-26 25400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-29 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-29 76040]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-26 880696]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 225280]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 331776]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278]
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
S3 hitmanpro3;Hitman Pro 3 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro3.sys [ ]
S3 krdpdre;krdpdre;C:\DOCUME~1\Jeroen\LOCALS~1\Temp\krdpdre.sys [ ]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-22 27904]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2007-12-18 360448]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2007-12-18 18944]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2007-12-18 33792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13967852-4cdd-11dd-94c1-001302dde7c2}]
\Shell\AutoRun\command - F:\PdtStart.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a218f69-4f30-11dd-94c9-001302dde7c2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ea3003a-4c29-11dd-94bd-001302dde7c2}]
\Shell\AutoRun\command - E:\SETUP.EXE -autorun
.
Inhoud van de 'Gedeelde Taken' map
2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-10-30 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-18 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-18 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-28 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-27 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-28 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-31 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-31 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-31 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-31 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-29 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-24 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\7o64J60F.exe []
2008-10-31 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-29 08:05]
2008-10-31 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-10-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 02:05]
.
.
——- Bijkomende Scan ——-
.
FireFox -: Profile - C:\Documents and Settings\Jeroen\Application Data\Mozilla\Firefox\Profiles\am94dh5t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gva.be/
FF -: plugin - C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 23:37:19
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
**************************************************************************
.
———————— Andere Aktieve Processen ————————
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-31 23:55:48 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-31 22:54:40
Pre-Run: 20.576.937.472 bytes beschikbaar
Post-Run: 20,672,624,128 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
392 — E O F — 2008-10-31 17:44:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:58, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe"
O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe"
O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
–
End of file - 14767 bytes - Maakt het uit of ik mijn externe HDD niet aangesloten had op het moment van de scan? Misschien zit het virus daar ook op.
- De besmetting waar je mee zit, verspreidt zich inderdaad over alle schijven en partities (dus de kans is erg groot dat ook je externe HD besmet is, zodat je deze ook best kan scannen naar eventuele malware). Het “verborgen” bestand waar het om draait is autorun.inf. Best toch even ook dat eens grondig bekijken.
Voor je huidige Combofix-log moet je dit nog even uitvoeren :
Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.
[b:4f7dd562b4]File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job[/b:4f7dd562b4]
Sla dit bestand op je bureaublad op als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende bericht. - Ik zal dan nogeens een Hijackthis laten lopen terwijl mijn externe HDD er aan hangt & hier posten.
ComboFix 08-10-31.02 - Jeroen 2008-11-01 11:11:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2158 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Jeroen\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: C:\Documents and Settings\Jeroen\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{A12A1252-2527-488F-9D98-CD0EE217535E}.job
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-01 to 2008-11-01 ))))))))))))))))))))))))))))))
.
2008-10-31 23:16 . 2008-10-31 23:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
2008-10-30 20:11 . 2008-10-30 20:11 <DIR> d——– C:\Program Files\Trend Micro
2008-10-30 18:58 . 2008-10-30 18:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Program Files\SUPERAntiSpyware
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 18:57 . 2008-10-30 18:57 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\SUPERAntiSpyware.com
2008-10-30 16:43 . 2008-10-15 17:37 337,408 ——— C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Malwarebytes
2008-10-30 00:05 . 2008-10-30 00:05 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 00:05 . 2008-10-22 16:10 38,496 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 00:05 . 2008-10-22 16:10 15,504 –a—— C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 19:09 . 2008-10-30 01:52 <DIR> d–h—– C:\$AVG8.VAULT$
2008-10-29 18:51 . 2008-10-29 18:51 97,928 –a—— C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-29 18:51 . 2008-10-29 18:51 76,040 –a—— C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-29 18:51 . 2008-10-29 18:51 10,520 –a—— C:\WINDOWS\system32\avgrsstx.dll
2008-10-29 18:50 . 2008-10-31 23:40 <DIR> d——– C:\WINDOWS\system32\drivers\Avg
2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d——– C:\Program Files\AVG
2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d——– C:\Program Files\PrevxCSI
2008-10-26 17:09 . 2008-10-26 17:09 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-10-26 17:09 . 2008-10-26 17:09 25,400 –a—— C:\WINDOWS\system32\drivers\pxark.sys
2008-10-26 17:05 . 2008-10-31 18:41 <DIR> d——– C:\Program Files\Hitman Pro 3
2008-10-26 17:05 . 2008-10-26 17:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Hitman Pro
2008-10-22 18:41 . 2008-10-22 18:41 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\VST3 Presets
2008-10-22 11:52 . 2008-10-22 11:52 27,904 –a—— C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d——– C:\Program Files\Photodex Presenter
2008-10-21 21:38 . 2008-10-21 21:38 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Netscape
2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d——– C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-21 17:13 . 2008-10-21 17:13 <DIR> d——– C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-19 12:01 . 2008-10-19 12:01 <DIR> d–hs—- C:\Documents and Settings\NetworkService\PrivacIE
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> dr——- C:\Documents and Settings\NetworkService\Favorieten
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\ABIG
2008-10-18 18:18 . 2008-10-18 18:58 <DIR> d——– C:\Program Files\Collectorz.com
2008-10-16 11:44 . 2008-09-15 16:28 1,846,528 ——— C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:44 . 2008-09-08 11:41 333,824 ——— C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 11:43 . 2008-08-14 14:27 2,193,536 ——— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,149,888 ——— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,070,400 ——— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:43 . 2008-08-14 14:27 2,028,544 ——— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 20:06 . 2008-10-15 20:06 <DIR> d——– C:\Program Files\Common Files\Adobe AIR
2008-10-14 18:56 . 2008-10-14 18:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-14 18:44 . 2008-10-14 18:44 <DIR> d——– C:\Program Files\Common Files\Control Panels
2008-10-14 18:41 . 2008-10-14 18:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ALM
2008-10-14 17:54 . 2007-02-20 15:04 2,463,976 –a—— C:\WINDOWS\system32\NPSWF32.dll
2008-10-14 17:54 . 2007-02-20 15:04 190,696 –a—— C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-14 17:15 . 2008-10-14 17:15 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
2008-10-12 15:43 . 2008-10-12 15:43 <DIR> d——– C:\Documents and Settings\Jeroen\Application Data\Bullzip
2008-10-12 15:37 . 1999-05-06 23:00 140,288 –a—— C:\WINDOWS\system32\comdlg32.OCX
2008-10-06 18:53 . 2008-10-10 20:06 10,593 –a—— C:\WINDOWS\CSTBox.INI
2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d——– C:\Program Files\iTunes
2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d——– C:\Program Files\iPod
2008-10-05 17:06 . 2008-10-05 17:07 <DIR> d——– C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 21:59 . 2006-10-12 09:40 716,800 –a—— C:\WINDOWS\system32\SysInternalsBluescreen.scr
2008-10-01 22:49 . 2008-10-01 22:49 <DIR> d——– C:\Program Files\ALCATech
2008-10-01 19:57 . 2008-10-03 16:31 <DIR> d——– C:\WINDOWS\system32\Adobe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 18:13 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-30 17:47 ——— d—–w C:\Program Files\Microsoft Silverlight
2008-10-29 20:24 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\NCH Swift Sound
2008-10-29 20:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-10-29 20:23 ——— d—–w C:\Program Files\NCH Swift Sound
2008-10-29 17:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-29 16:19 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\FileZilla
2008-10-27 21:30 ——— d—–w C:\Program Files\FileZilla FTP Client
2008-10-27 01:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-10-27 01:08 ——— d—–w C:\Program Files\Spybot - Search & Destroy
2008-10-27 01:03 ——— d—–w C:\Program Files\Hitman Pro
2008-10-27 01:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 00:58 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\Lavasoft
2008-10-26 22:40 ——— d—–w C:\Program Files\FLV Player
2008-10-21 16:22 ——— d—–w C:\Program Files\ESET
2008-10-14 17:49 ——— d—–w C:\Program Files\Common Files\Adobe
2008-10-12 20:39 66,568 —-a-w C:\Documents and Settings\Jeroen\Application Data\GDIPFONTCACHEV1.DAT
2008-10-09 08:18 ——— d—–w C:\Program Files\Windows Live
2008-10-08 17:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-27 17:34 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-26 15:18 ——— d—–w C:\Program Files\Microsoft
2008-09-26 15:12 ——— d—–w C:\Program Files\Common Files\Windows Live
2008-09-26 15:00 ——— d—–w C:\Program Files\NOS
2008-09-26 15:00 ——— d—–w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-25 16:33 410,976 —-a-w C:\WINDOWS\system32\deploytk.dll
2008-09-25 16:33 ——— d—–w C:\Program Files\Java
2008-09-24 19:14 ——— d—–w C:\Program Files\Windows Live Safety Center
2008-09-24 18:12 ——— d—–w C:\Program Files\Common Files\Supportsoft
2008-09-24 18:12 ——— d—–w C:\Program Files\Belgacom
2008-09-24 18:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-15 15:28 1,846,528 —-a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-09-13 11:33 ——— d—–w C:\Program Files\Macromedia
2008-09-13 10:26 ——— d—–w C:\Program Files\Common Files\DirectX
2008-09-13 10:09 ——— d—–w C:\Program Files\Warthog
2008-09-12 22:33 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\Apple Computer
2008-09-12 17:01 ——— d—–w C:\Program Files\QuickTime
2008-09-12 17:01 ——— d—–w C:\Program Files\Common Files\Apple
2008-09-12 16:38 ——— d—–w C:\Program Files\Bonjour
2008-09-12 16:32 ——— d—–w C:\Program Files\Apple Software Update
2008-09-11 17:25 ——— d—–w C:\Program Files\Subtitles Creator
2008-09-10 22:33 ——— d—–w C:\Program Files\CamStudio
2008-09-08 10:41 333,824 —-a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 12:15 ——— d—–w C:\Program Files\MagicDVDCopier
2008-09-07 12:14 ——— d—–w C:\Program Files\MagicDVDRipper
2008-09-06 17:59 ——— d—–w C:\Documents and Settings\Jeroen\Application Data\Sibelius Software
2008-09-03 16:53 ——— d—–w C:\Program Files\Common Files\Java
2008-09-01 21:35 ——— d—–w C:\Program Files\Musicnotes
2008-08-29 08:18 87,336 —-a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 —-a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 17:17 4,608 —-a-w C:\WINDOWS\system32\w95inf32.dll
2008-08-27 17:17 2,272 —-a-w C:\WINDOWS\system32\w95inf16.dll
2008-08-22 01:16 637,984 —-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 01:09 5,699,584 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 01:08 878,592 —-a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 01:08 878,592 —-a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 01:08 43,008 —-a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 01:08 43,008 —-a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 01:08 236,544 —-a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 01:08 1,206,784 —-a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 01:07 755,200 —-a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 01:07 193,536 —-a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 01:07 18,944 —-a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 01:07 18,944 ——w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 01:07 116,224 —-a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 01:07 105,984 —-a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 01:05 70,656 —-a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 01:05 630,272 —-a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-08-22 01:05 48,640 ——w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05 48,128 —-a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 01:05 48,128 —-a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-08-22 01:05 45,056 —-a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-08-22 01:05 35,840 —-a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 01:05 35,840 —-a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2008-08-22 01:05 346,624 —-a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-08-22 01:05 217,088 —-a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-08-22 01:05 186,880 —-a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-08-22 01:04 45,568 —-a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 01:04 45,568 —-a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 01:00 68,608 —-a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 00:57 156,160 —-a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 00:57 156,160 —-a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-14 13:27 2,149,888 —-a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:27 2,028,544 —-a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ——w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-05 15:55 265,720 —-a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-07 01:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008063020080707\index.dat
2008-07-07 01:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008070720080708\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-31_23.53.56.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-01 09:52:26 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 03:08 599552 –a—— C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 39408]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-21 7335936]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2005-11-21 1519616]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2005-05-26 544768]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2005-09-06 14850560]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-25 144792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712]
"HitmanPro3"="C:\Program Files\Hitman Pro 3\hitmanpro3.exe" [2008-10-31 4590200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
C:\Documents and Settings\Jeroen\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2008-07-06 32768]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\BoontyGames\\Insane\\Game.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\NSREX.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-26 25400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-29 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-29 76040]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-26 880696]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 225280]
R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 331776]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 8278]
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
S3 hitmanpro3;Hitman Pro 3 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro3.sys [ ]
S3 krdpdre;krdpdre;C:\DOCUME~1\Jeroen\LOCALS~1\Temp\krdpdre.sys [ ]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-22 27904]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2007-12-18 360448]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2007-12-18 18944]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2007-12-18 33792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13967852-4cdd-11dd-94c1-001302dde7c2}]
\Shell\AutoRun\command - F:\PdtStart.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a218f69-4f30-11dd-94c9-001302dde7c2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Inhoud van de 'Gedeelde Taken' map
2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-10-31 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-29 08:05]
2008-11-01 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 11:17:00
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
**************************************************************************
.
Voltooingstijd: 2008-11-01 11:26:36
ComboFix-quarantined-files.txt 2008-11-01 10:25:32
ComboFix2.txt 2008-10-31 22:55:50
Pre-Run: 20.646.250.496 bytes beschikbaar
Post-Run: 20,632,525,312 bytes beschikbaar
349 — E O F — 2008-10-31 17:44:00 - [quote:dd36b85ccc="JDO0909"]Ik zal dan nogeens een Hijackthis laten lopen terwijl mijn externe HDD er aan hangt & hier posten[/quote:dd36b85ccc] Prima, laat maar komen.
- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:35, on 1/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HControl] "C:\WINDOWS\ATK0100\HControl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [SMSERIAL] "C:\WINDOWS\sm56hlpr.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ABLKSR] "C:\WINDOWS\ABLKSR\ABLKSR.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe"
O4 - HKLM\..\Run: [Ulead Calendar Checker] "C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe"
O4 - HKLM\..\Run: [beidsystemtray] "C:\Program Files\Belgium Identity Card\beidsystemtray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215380685078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
–
End of file - 14412 bytes - Ziet er netjes uit. Hoe staat het ondertussen met de problemen ? Nog steeds last van dezelfde symptomen of zijn deze inmiddels opgelost ?
- Mijn C-schijf is blijkbaar terug in orde, maar zowel mijn F-schijf als mijn G-schijf krijgen nu dezelfde foutmelding. Bij het openen geeft AVG ook de melding dat resycled/boot.com een mogelijke bedreiging is…
- Wil je dan even A-Squared hier http://www.emsisoft.com/en/software/antimalware/ downloaden (is een trialversie van 30 dagen) en deze je systeem laten controleren. Zou normaal tot een oplossing op alle schijven moeten leiden. Ben benieuwd of dat in jouw geval ook zo is ?
- ik ben ook zeer benieuwd! Welke antivirus raad jij eigenlijk aan?
- [quote:0d09ca1f3a="JDO0909"]Welke antivirus raad jij eigenlijk aan?[/quote:0d09ca1f3a] Ach … hier krijg je evenveel verschillende antwoorden op als er forumgebruikers zijn
En dat is allemaal gebaseerd op eigen (goede of slechte) ervaringen. Persoonlijk doe ik het al jaren probleemloos met AVG Pro … dus dat is - voor mij - een aanrader.
Maar er zijn er ongetwijfeld nog een pak "goede", zowel bij de gratis versies als bij de betalende versies. Hangt vaak ook een beetje af van het gebruiksgemak en hoe je daar als gebruiker tegenover staat. En de komst van de volledig geïntegreerde pakketten (met antivirus, antispyware, firewall, antispam, … ) maakt de keuze er niet gemakkelijker op. - bij het scannen met a-squared antimalware krijg ik onderstaande fout:
date/time : 2008-11-01, 17:31:37, 359ms
computer name : UW-6EA5E1F99BA9
user name : Jeroen <admin>
registered owner : Jeroen De Ost
operating system : Windows XP Service Pack 3 build 2600
system language : Dutch
system up time : 25 minutes 21 seconds
program up time : 20 minutes 2 seconds
processors : 2x Genuine Intel(R) CPU T2300 @ 1.66GHz
physical memory : 1674/2943 MB (free/total)
free disk space : (C
18,23 GB
display mode : 1280x800, 32 bit
process id : $1310
allocated memory : 36,21 MB
command line : "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe" /R="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2start.exe"
executable : a2scan.exe
exec. date/time : 2008-10-19 09:56
version : 4.0.0.51
compiled with : Delphi 2006/07
madExcept version : 3.0h
contact name : Jeroen De Ost
contact email : Jeroen_De_Ost@hotmail.com
callstack crc : $08d9e1ca, $d636a5a7, $d7ca5285
exception number : 1
exception class : EOutOfResources
exception message : Onvoldoende opslagruimte beschikbaar om deze opdracht te verwerken.
main thread ($131c):
0047e158 +07c a2scan.exe Graphics 2926 +4 GDIError
0047e197 +00f a2scan.exe Graphics 2933 +1 GDICheck
00481fe7 +117 a2scan.exe Graphics 5439 +23 CopyBitmap
00482a2b +073 a2scan.exe Graphics 5706 +9 TBitmap.CopyImage
00484a5b +073 a2scan.exe Graphics 6810 +10 TBitmap.SetSize
0054cc51 +095 a2scan.exe GraphicsEx 244 +10 DrawVGradient
00585de5 +03d a2scan.exe Main 725 +1 TScannerMainForm.pnlCleanComputerPaintBox2Paint
00493caf +097 a2scan.exe ExtCtrls 1802 +10 TPaintBox.Paint
004b517c +05c a2scan.exe Controls 9690 +7 TGraphicControl.WMPaint
004ab4f5 +335 a2scan.exe Controls 5143 +83 TControl.WndProc
004ab0a2 +036 a2scan.exe Controls 5018 +5 TControl.Perform
004b061a +19a a2scan.exe Controls 7369 +26 TWinControl.PaintControls
004b0411 +175 a2scan.exe Controls 7322 +24 TWinControl.PaintHandler
004b09bc +04c a2scan.exe Controls 7458 +6 TWinControl.WMPaint
004b0a65 +0f5 a2scan.exe Controls 7471 +19 TWinControl.WMPaint
004ab4f5 +335 a2scan.exe Controls 5143 +83 TControl.WndProc
004b00c1 +49d a2scan.exe Controls 7242 +101 TWinControl.WndProc
004af7b0 +034 a2scan.exe Controls 7021 +3 TWinControl.MainWndProc
00477184 +014 a2scan.exe Classes 11572 +8 StdWndProc
7c90e450 +010 ntdll.dll KiUserCallbackDispatcher
7e3996c2 +00a USER32.dll DispatchMessageA
004ce87e +136 a2scan.exe Forms 7651 +23 TApplication.ProcessMessage
004ce8c3 +00f a2scan.exe Forms 7670 +1 TApplication.HandleMessage
004ceb5e +0a6 a2scan.exe Forms 7754 +16 TApplication.Run
thread $1558:
7c90df3a +00a ntdll.dll NtWaitForSingleObject
7c8025d5 +085 kernel32.dll WaitForSingleObjectEx
7c80253d +00d kernel32.dll WaitForSingleObject
0047573e +112 a2scan.exe Classes 10157 +34 TThread.Synchronize
004757fc +034 a2scan.exe Classes 10185 +4 TThread.Synchronize
0058cd1e +0d2 a2scan.exe uTScanThread 293 +16 TScanThread.DoFilesMessageHandler
005841f4 +020 a2scan.exe Main 327 +2 FilesMessageHandler
0044fecd +00d a2scan.exe madExcept CallThreadProcSafe
0044ff37 +037 a2scan.exe madExcept ThreadExceptFrame
>> created by main thread ($131c) at:
0229a0e2 +000 a2framework.dll
thread $16f8:
7c90d1fa +a ntdll.dll NtDelayExecution
thread $1048 (TScanThread):
7c90df3a +00a ntdll.dll NtWaitForSingleObject
7c8025d5 +085 kernel32.dll WaitForSingleObjectEx
7c80253d +00d kernel32.dll WaitForSingleObject
00577bef +00f a2scan.exe EngineInterface 543 +2 ScanDirectory
0058f108 +048 a2scan.exe uTScanThread 728 +6 TScanThread.DoScanDirectory
0058c9c6 +10a a2scan.exe uTScanThread 213 +18 TScanThread.Execute
0044ffeb +02b a2scan.exe madExcept HookedTThreadExecute
00475226 +036 a2scan.exe Classes 9866 +7 ThreadProc
00404fbc +028 a2scan.exe System 12127 +33 ThreadWrapper
0044fecd +00d a2scan.exe madExcept CallThreadProcSafe
0044ff37 +037 a2scan.exe madExcept ThreadExceptFrame
>> created by main thread ($131c) at:
0058c7d4 +10c a2scan.exe uTScanThread 176 +22 TScanThread.Create
modules:
00400000 a2scan.exe 4.0.0.51 C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE
02210000 a2framework.dll 4.0.0.3 C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE
02fd0000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
04140000 FileptcIconOverlay.dll 4.6.1.2 C:\WINDOWS\system32\FPAP-EXL600
10000000 avgrsstx.dll 8.0.0.134 C:\WINDOWS\system32
129b0000 OpHookSE4.dll 15.0.0.0 C:\Program Files\ScanSoft\OmniPageSE4.0
1a400000 urlmon.dll 8.0.6001.18241 C:\WINDOWS\system32
5b190000 uxtheme.dll 6.0.2900.5512 C:\WINDOWS\system32
5dca0000 iertutil.dll 8.0.6001.18241 C:\WINDOWS\system32
62980000 sprthook.dll 7.0.940.0 C:\Program Files\Belgacom\bin
63000000 WININET.dll 8.0.6001.18241 C:\WINDOWS\system32
6ff20000 NETAPI32.dll 5.1.2600.5694 C:\WINDOWS\system32
71a20000 WS2HELP.dll 5.1.2600.5512 C:\WINDOWS\system32
71a30000 WS2_32.dll 5.1.2600.5512 C:\WINDOWS\system32
71a50000 wsock32.dll 5.1.2600.5512 C:\WINDOWS\system32
71f10000 security.dll 5.1.2600.5512 C:\WINDOWS\system32
72f70000 winspool.drv 5.1.2600.5512 C:\WINDOWS\system32
73250000 RICHED32.DLL 5.1.2600.0 C:\WINDOWS\system32
746a0000 MSCTF.dll 5.1.2600.5512 C:\WINDOWS\system32
74c00000 OLEACC.dll 4.2.5406.0 C:\WINDOWS\system32
74db0000 RICHED20.DLL 5.30.23.1230 C:\WINDOWS\system32
75250000 msctfime.ime 5.1.2600.5512 C:\WINDOWS\system32
75f20000 browseui.dll 6.0.2900.5512 C:\WINDOWS\system32
76020000 MSVCP60.dll 6.2.3104.0 C:\WINDOWS\system32
76320000 msimg32.dll 5.1.2600.5512 C:\WINDOWS\system32
76330000 IMM32.DLL 5.1.2600.5512 C:\WINDOWS\system32
76350000 comdlg32.dll 6.0.2900.5512 C:\WINDOWS\system32
765a0000 CSCDLL.dll 5.1.2600.5512 C:\WINDOWS\System32
76880000 CRYPTUI.dll 5.131.2600.5512 C:\WINDOWS\system32
76930000 LINKINFO.dll 5.1.2600.5512 C:\WINDOWS\system32
76940000 ntshrui.dll 5.1.2600.5512 C:\WINDOWS\system32
76970000 USERENV.dll 5.1.2600.5512 C:\WINDOWS\system32
76ad0000 ATL.DLL 3.5.2284.1 C:\WINDOWS\system32
76bb0000 PSAPI.dll 5.1.2600.5512 C:\WINDOWS\system32
76bf0000 WINTRUST.dll 5.131.2600.5512 C:\WINDOWS\system32
76c50000 IMAGEHLP.dll 5.1.2600.5512 C:\WINDOWS\system32
76f20000 WLDAP32.dll 5.1.2600.5512 C:\WINDOWS\system32
76f90000 CLBCATQ.DLL 2001.12.4414.700 C:\WINDOWS\system32
77010000 COMRes.dll 2001.12.4414.700 C:\WINDOWS\system32
770e0000 oleaut32.dll 5.1.2600.5512 C:\WINDOWS\system32
77390000 comctl32.dll 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
774a0000 ole32.dll 5.1.2600.5512 C:\WINDOWS\system32
778e0000 SETUPAPI.dll 5.1.2600.5512 C:\WINDOWS\system32
779e0000 cscui.dll 5.1.2600.5512 C:\WINDOWS\System32
77a40000 CRYPT32.dll 5.131.2600.5512 C:\WINDOWS\system32
77ae0000 MSASN1.dll 5.1.2600.5512 C:\WINDOWS\system32
77b00000 apphelp.dll 5.1.2600.5512 C:\WINDOWS\system32
77bd0000 version.dll 5.1.2600.5512 C:\WINDOWS\system32
77be0000 msvcrt.dll 7.0.2600.5512 C:\WINDOWS\system32
77da0000 RPCRT4.dll 5.1.2600.5512 C:\WINDOWS\system32
77e40000 GDI32.dll 5.1.2600.5512 C:\WINDOWS\system32
77e90000 SHLWAPI.dll 6.0.2900.5512 C:\WINDOWS\system32
77f10000 Secur32.dll 5.1.2600.5512 C:\WINDOWS\system32
77f40000 advapi32.dll 5.1.2600.5512 C:\WINDOWS\system32
7c800000 kernel32.dll 5.1.2600.5512 C:\WINDOWS\system32
7c900000 ntdll.dll 5.1.2600.5512 C:\WINDOWS\system32
7c9c0000 SHELL32.dll 6.0.2900.5512 C:\WINDOWS\system32
7e210000 shdocvw.dll 6.0.2900.5512 C:\WINDOWS\system32
7e390000 USER32.dll 5.1.2600.5512 C:\WINDOWS\system32
processes:
0000 Idle
0004 System normal
0328 smss.exe normal C:\WINDOWS\system32
03dc csrss.exe normal C:\WINDOWS\system32
03f8 winlogon.exe high C:\WINDOWS\system32
0440 services.exe normal C:\WINDOWS\system32
044c lsass.exe normal C:\WINDOWS\system32
0520 svchost.exe normal C:\WINDOWS\system32
05f8 svchost.exe normal C:\WINDOWS\system32
0620 MsMpEng.exe normal C:\Program Files\Windows Defender
0660 svchost.exe normal C:\WINDOWS\System32
06a0 EvtEng.exe normal C:\Program Files\Intel\Wireless\Bin
06c0 S24EvMon.exe normal C:\Program Files\Intel\Wireless\Bin
0734 svchost.exe normal C:\WINDOWS\system32
075c svchost.exe normal C:\WINDOWS\system32
00c8 spoolsv.exe normal C:\WINDOWS\system32
0104 SCardSvr.exe normal C:\WINDOWS\System32
0250 a2service.exe normal C:\Program Files\a-squared Anti-Malware
0274 AppleMobileDeviceService.exe normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin
0288 avgwdsvc.exe normal C:\PROGRA~1\AVG\AVG8
0298 mDNSResponder.exe normal C:\Program Files\Bonjour
03e0 prevxcsi.exe normal C:\Program Files\PrevxCSI
0578 beidservicecrl.exe normal C:\WINDOWS\system32
05b8 beidservicepcsc.exe normal C:\WINDOWS\system32
063c GoogleUpdaterService.exe normal C:\Program Files\Google\Common\Google Updater
0690 jqs.exe idle C:\Program Files\Java\jre6\bin
06f8 LSSrvc.exe normal C:\Program Files\Common Files\LightScribe
0698 mdm.exe normal C:\Program Files\Common Files\Microsoft Shared\VS7Debug
0728 nod32krn.exe normal C:\Program Files\Eset
07a8 avgrsx.exe normal C:\PROGRA~1\AVG\AVG8
07c4 nvsvc32.exe normal C:\WINDOWS\system32
016c RegSrvc.exe normal C:\Program Files\Intel\Wireless\Bin
01dc sprtsvc.exe normal C:\Program Files\Belgacom\bin
0238 StarWindServiceAE.exe normal C:\Program Files\Alcohol Soft\Alcohol 120\StarWind
02d4 svchost.exe normal C:\WINDOWS\system32
05e4 UTSCSI.EXE normal C:\WINDOWS\system32
0804 avgemc.exe normal C:\PROGRA~1\AVG\AVG8
08e4 SearchIndexer.exe normal C:\WINDOWS\system32
0a7c Explorer.EXE normal C:\WINDOWS
0ab8 prevxcsi.exe normal C:\Program Files\PrevxCSI
0c18 HControl.exe normal C:\WINDOWS\ATK0100
0c78 sm56hlpr.exe normal C:\WINDOWS
0cd0 ATKOSD.exe normal C:\WINDOWS\ATK0100
0cec RTHDCPL.EXE normal C:\WINDOWS
0cf8 ALU.exe normal C:\Program Files\ASUS\ASUS Live Update
0d04 BatteryLife.exe normal C:\Program Files\ASUS\Power4 Gear
0d34 wcourier.exe normal C:\Program Files\Wireless Console 2
0d4c SynTPEnh.exe normal C:\Program Files\Synaptics\SynTP
0de0 ZCfgSvc.exe normal C:\Program Files\Intel\Wireless\bin
0ea4 ifrmewrk.exe normal C:\Program Files\Intel\Wireless\Bin
0ed8 EOUWiz.exe normal C:\Program Files\Intel\Wireless\Bin
0fb8 PDVDServ.exe normal C:\Program Files\ASUSTek\ASUSDVD
02c0 Monitor.exe normal C:\Program Files\Common Files\Ulead Systems\AutoDetector
0158 CalCheck.exe normal C:\Program Files\Ulead Systems\Ulead Photo Express 6
01e4 beidsystemtray.exe normal C:\Program Files\Belgium Identity Card
09fc alg.exe normal C:\WINDOWS\System32
0a1c OpwareSE4.exe normal C:\Program Files\ScanSoft\OmniPageSE4.0
0cbc jusched.exe normal C:\Program Files\Java\jre6\bin
0ff0 sprtcmd.exe normal C:\Program Files\Belgacom\bin
00e8 iTunesHelper.exe normal C:\Program Files\iTunes
0f74 Dot1XCfg.exe normal C:\PROGRA~1\Intel\Wireless\Bin
0f18 avgtray.exe normal C:\PROGRA~1\AVG\AVG8
0d2c ctfmon.exe normal C:\WINDOWS\system32
0f58 GoogleToolbarNotifier.exe normal C:\Program Files\Google\GoogleToolbarNotifier
0fa0 MsnMsgr.Exe normal C:\Program Files\Windows Live\Messenger
0c88 iPodService.exe normal C:\Program Files\iPod\bin
0a60 svchost.exe normal C:\WINDOWS\System32
0eb8 GoogleUpdate.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Update
0f68 SUPERAntiSpyware.exe normal C:\Program Files\SUPERAntiSpyware
0488 ChkMail.exe normal C:\Program Files\Asus\Asus ChkMail
0dac WindowsSearch.exe normal C:\Program Files\Windows Desktop Search
09ec TosBtMng.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
0ec8 TosA2dp.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
1218 TosBtHid.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
1228 TosBtHsp.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
14e8 tosOBEX.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
15b4 tosBtProc.exe normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack
1310 a2scan.exe normal C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE
14c4 usnsvc.exe normal C:\Program Files\Windows Live\Messenger
0b8c filezilla.exe normal C:\Program Files\FileZilla FTP Client
09b0 chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application
1204 chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application
08ac chrome.exe normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application
1188 wuauclt.exe normal C:\WINDOWS\system32
1578 chrome.exe below normal C:\Documents and Settings\Jeroen\Local Settings\Application Data\Google\Chrome\Application
13bc MpCmdRun.exe normal C:\Program Files\Windows Defender
hardware:
+ Accu's
- Accu die voldoet aan Microsoft ACPI-besturingsmethode
- Microsoft AC-adapter
+ Beeldapparaten (camera's en scanners)
- USB2.0 1.3M Web Cam (driver 1.0.0.10)
+ Beeldschermadapters
- NVIDIA GeForce Go 7300 (driver 8.2.9.3)
+ Besturing voor geluid, video en spelletjes
- Audiocodecs
- Legacy-audiostuurprogramma's
- Legacy-videovastlegapparaten
- Mediabeheerapparaten
- Realtek High Definition Audio (driver 5.10.0.5165)
- TASCAM US-122L (driver 1.11.4.0)
- TASCAM US-122L MIDI (driver 1.11.4.0)
- Videocodecs
+ Bluetooth
- Bluetooth RFBNEP (driver 4.0.920.0)
- Bluetooth RFBUS (driver 4.0.915.0)
- Bluetooth RFCOMM (driver 4.0.920.0)
- Bluetooth RFHID (driver 4.0.903.0)
+ Computer
- ACPI Multiprocessor-pc
+ Dvd-/cd-rom-stations
- IX4080S RLC643A SCSI CdRom Device
- TSSTcorp CD/DVDW TS-L632D
+ Human Interface Devices
- USB-HID
+ IDE ATA/ATAPI-controllers
- Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF (driver 7.0.0.1020)
- Primair IDE-kanaal
- Ricoh Memory Stick Host Controller (driver 1.0.1.12)
- Ricoh SD Bus Host Adapter (driver 1.0.3.6)
+ IEEE 1394 Bus Host Controllers
- OHCI Compliant IEEE 1394 Host Controller
+ Modems
- Motorola SM56 Data Fax Modem (driver 6.10.3.0)
- Standaardmodem (33600 bps)
+ Monitors
- Plug en Play-monitor
- Plug en Play-monitor
- Standaardbeeldscherm
- Standaardbeeldscherm
+ Muizen en andere aanwijsapparaten
- HID-compliant muis
- Synaptics PS/2 Port TouchPad (driver 8.2.0.0)
+ Netwerkadapters
- 1394-netwerkkaart
- Bluetooth Personal Area Network (driver 4.0.920.0)
- Intel(R) PRO/Wireless 3945ABG Network Connection (driver 10.1.0.13)
- Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC (driver 5.638.1116.2005)
+ PCMCIA-adapters
- Ricoh R/RL/5C476(II) of compatibele CardBus Controller
+ Poorten (COM & LPT)
- BT Port (COM10)
- BT Port (COM11)
- BT Port (COM12)
- BT Port (COM13)
- BT Port (COM14)
- BT Port (COM20)
- BT Port (COM21)
- BT Port (COM40)
- BT Port (COM6)
- BT Port (COM7)
+ Processors
- Genuine Intel(R) CPU T2300 @ 1.66GHz
- Genuine Intel(R) CPU T2300 @ 1.66GHz
+ Schijfstations
- HTS541010G9AT00
- WD 4000AAJ External USB Device
- WD 5000AAJ External USB Device
+ SCSI- en RAID-controllers
- SCSI/RAID Host Controller
+ Systeemapparaten
- ACPI-aan/uit-knop
- ACPI-deksel
- ACPI-slaapstandknop
- ACPI-thermale zone
- ACPI-vaste-functieknop
- ACPI-ventilator
- ATK0100 ACPI UTILITY (driver 1043.2.15.101)
- BIOS-stuurprogramma voor Microsoft Systeembeheer
- Controller voor directe geheugentoegang
- Ingesloten controller die voldoet aan Microsoft ACPI
- Intel(R) 82801 PCI Bridge - 2448
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D6 (driver 7.0.0.1020)
- Intel(R) 82801GBM (ICH7-M) LPC Interface Controller - 27B9 (driver 7.0.0.1020)
- ISAPNP Read Data-poort
- Microcode Update-apparaat
- Microsoft Composite Battery
- Microsoft UAA-busstuurprogramma voor High Definition Audio
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express PCI Express Root Port - 27A1 (driver 7.1.0.1011)
- Mobile Intel(R) 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0 (driver 7.1.0.1011)
- Moederbordbronnen
- Moederbordbronnen
- Moederbordbronnen
- Moederbordbronnen
- Moederbordbronnen
- Numerieke-gegevensprocessor
- PCI-bus
- Programmeerbare interruptcontroller
- Stuurprogramma voor muis van Terminal Server
- Systeem dat voldoet aan Microsoft ACPI
- Systeem-CMOS/Real-timeklok
- Systeemkaart
- Systeemkaart
- Systeemluidspreker
- Systeemtimer
- Teller voor Plug en Play-apparatuur
- Toestenbordstuurprogramma voor Terminal Server
- Uitgebreide I/O-bus
- Volumebeheer
+ Toetsenborden
- Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
+ USB-controllers
- BT-183 Bluetooth 2.0 (driver 4.0.1216.0)
- Generic USB Hub
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9 (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB (driver 7.0.0.1020)
- Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC (driver 7.0.0.1020)
- TASCAM US-122L (driver 1.11.4.0)
- USB-apparaat voor massaopslag
- USB-apparaat voor massaopslag
- USB-hoofdhub
- USB-hoofdhub
- USB-hoofdhub
- USB-hoofdhub
- USB-hoofdhub
+ VSO devices
- Patin Couffin engine
cpu registers:
eax = 00d31438
ebx = 0047b454
ecx = 00d31438
edx = 0047e15d
esi = 0013f7e4
edi = 0013f768
eip = 0047e15d
esp = 0013f4d8
ebp = 0013f61c
stack dump:
0013f4d8 5d e1 47 00 de fa ed 0e - 01 00 00 00 07 00 00 00 ].G………….
0013f4e8 ec f4 13 00 5d e1 47 00 - 38 14 d3 00 54 b4 47 00 ….].G.8…T.G.
0013f4f8 e4 f7 13 00 68 f7 13 00 - 1c f6 13 00 08 f5 13 00 ….h………..
0013f508 34 f6 13 00 7c 48 40 00 - 1c f6 13 00 00 00 00 00 4…|H@………
0013f518 4f 6e 76 6f 6c 64 6f 65 - 6e 64 65 20 6f 70 73 6c Onvoldoende.opsl
0013f528 61 67 72 75 69 6d 74 65 - 20 62 65 73 63 68 69 6b agruimte.beschik
0013f538 62 61 61 72 20 6f 6d 20 - 64 65 7a 65 20 6f 70 64 baar.om.deze.opd
0013f548 72 61 63 68 74 20 74 65 - 20 76 65 72 77 65 72 6b racht.te.verwerk
0013f558 65 6e 2e 0d 0a 00 e4 77 - ec 0c 01 fa 7c 9f 87 02 en…..w….|…
0013f568 33 00 00 00 98 f5 13 00 - 01 00 00 00 a8 f5 13 00 3……………
0013f578 1a b9 3a 7e ec 0c 01 fa - 7c 9f 87 02 33 00 00 00 ..:~….|…3…
0013f588 98 f5 13 00 00 00 00 00 - 44 f6 13 00 33 00 00 00 ……..D…3…
0013f598 08 01 00 00 0d 00 00 00 - 00 e0 fd 7f 26 00 00 00 …………&…
0013f5a8 e0 f5 13 00 6d 45 3a 7e - ec 0c 01 fa 7c 9f 87 02 ….mE:~….|…
0013f5b8 33 00 00 00 40 00 00 00 - 00 00 00 00 44 f6 13 00 3…@…….D…
0013f5c8 ff ff ff ff 40 00 00 00 - 00 00 00 00 44 f6 13 00 ….@…….D…
0013f5d8 e2 9f 87 02 00 00 00 00 - 64 f7 13 00 e0 f7 13 00 ……..d…….
0013f5e8 54 b4 47 00 e8 f6 13 00 - d8 5f e4 77 10 f6 13 00 T.G……_.w….
0013f5f8 1d 6e e4 77 0a 6f e4 77 - 19 04 01 8a 1c f6 13 00 .n.w.o.w……..
0013f608 fd 59 e4 77 ab 20 01 c1 - e0 f7 13 00 54 b4 47 00 .Y.w……..T.G.
disassembling:
0047e0dc public Graphics.GDIError: ; function entry point
0047e0dc 2922 push ebp
0047e0dd mov ebp, esp
0047e0df add esp, -$108
0047e0e5 xor eax, eax
0047e0e7 mov [ebp-$108], eax
0047e0ed xor eax, eax
0047e0ef push ebp
0047e0f0 push $47e17d ; System.@HandleFinally
0047e0f5 push dword ptr fs:[eax]
0047e0f8 mov fs:[eax], esp
0047e0fb 2923 call -$7625c ($407ea4) ; Windows.GetLastError
0047e0fb
0047e100 mov [ebp-4], eax
0047e103 2924 cmp dword ptr [ebp-4], 0
0047e107 jz loc_47e15f
0047e107
0047e109 push 0
0047e10b push $100
0047e110 lea eax, [ebp-$104]
0047e116 push eax
0047e117 push $400
0047e11c mov eax, [ebp-4]
0047e11f push eax
0047e120 push 0
0047e122 push $1000
0047e127 call -$76380 ($407dac) ; Windows.FormatMessage
0047e127
0047e12c test eax, eax
0047e12e jz loc_47e15f
0047e12e
0047e130 2926 lea eax, [ebp-$108]
0047e136 lea edx, [ebp-$104]
0047e13c mov ecx, $100
0047e141 call -$78e8e ($4052b8) ; System.@LStrFromArray
0047e141
0047e146 mov ecx, [ebp-$108]
0047e14c mov dl, 1
0047e14e mov eax, [$4674a0]
0047e153 call -$2241c ($45bd3c) ; SysUtils.Exception.Create
0047e153
0047e158 > call -$797bd ($4049a0) ; System.@RaiseExcept
0047e158
0047e15d jmp loc_47e164
0047e15d
0047e15d ; ———————————————————
0047e15d
0047e15f loc_47e15f:
0047e15f 2928 call -$dc ($47e088) ; Graphics.OutOfResources
0047e15f
0047e164 loc_47e164:
0047e164 2929 xor eax, eax
0047e166 pop edx
0047e167 pop ecx
0047e168 pop ecx
0047e169 mov fs:[eax], edx
0047e16c push $47e184
0047e169
0047e171 loc_47e171:
0047e171 lea eax, [ebp-$108]
0047e177 call -$79134 ($405048) ; System.@LStrClr
0047e177
0047e17c ret
0047e17c
0047e17c ; ———————————————————
0047e17c
0047e17d jmp -$79986 ($4047fc) ; System.@HandleFinally
0047e17d
0047e182 jmp loc_47e171
0047e182
0047e182 ; ———————————————————
0047e182
0047e184 mov esp, ebp
0047e186 pop ebp
0047e187 ret - Heb je enig idee wanneer deze stop van A Square heeft plaatsgevonden ? Was dit op een héél groot bestand ? Of in speciale omstandigheden ? Moeilijke vragen, weet ik … maar het is dan ook een ongewone fout
- Wat is hééél groot? Ik hou mij bezig met film, dus ik heb hier wel bestanden van 10 GB staan…
- [quote:2a11b0afc1="JDO0909"]Wat is hééél groot? Ik hou mij bezig met film, dus ik heb hier wel bestanden van 10 GB staan…[/quote:2a11b0afc1] Dat is dus (waarschijnlijk) de oorzaak van de foutmelding. A Squared opent alle bestanden ter controle … en bij té grote bestanden zou dit fenomeen zich kunnen voordoen.
Hoe omzeilen we dat om je probleem toch op te lossen ? Mag ik je een Engelstalige handleiding toesturen in het volgende bericht voor de manuele oplossing van je probleem ? - ja, doe maar
- Best uitvoeren in "veilige modus".
1) Navigate to the problem drive(s) via the Explore option.
"Verborgen bestanden" vrijgeven.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files
Bestanden verwijderen.
5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)
En dan in het register via "uitvoeren" :
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should work now.
Laat eens horen of dit helemaal verloopt zoals hier aangeduidt … en dat het dan nog een positief resultaat heeft ook ? - PRACHTIG!! Het is volledig in orde nu. De externe HDD's waar ik mee werk zijn van Western Digital Elements, dus hier stond standaard een autorun.inf op bestaande uit
[autorun]
icon=Elements.ico
Als er nog mensen zijn die dit voor hebben moeten ze de autorun.inf die ze verwijderen later vervangen door bovenstaande.
Alles is verlopen zoals hierboven beschreven, alleen heb ik geen resultaten gehad bij stap 14, maar die zullen al verwijderd zijn bij de vorige stappen die je al geadviseerd had.
Verschrikkelijk hard bedankt voor alle moeite!!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
