nod 32
- Status
Plaats maar eens een HJT-logje!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:19, on 2/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\VistaCodecPack\QT\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\Windows\TEMP\E_S95F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\Windows\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11090 bytes
Scan saved at 13:07:19, on 2/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\VistaCodecPack\QT\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\Windows\TEMP\E_S95F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\Windows\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11090 bytes
Laatst bewerkt:
C:\Users\Downloads\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe » NSIS » Toolbar.exe - Win32/Toolbar.AskSBar application
C:\Users\Downloads\Nero 8\Toolbar.exe - Win32/Toolbar.AskSBar application - cleaned by deleting - quarantined [1]
het 2de heeft hij zelf al weggedaan
C:\Users\Downloads\Nero 8\Toolbar.exe - Win32/Toolbar.AskSBar application - cleaned by deleting - quarantined [1]
het 2de heeft hij zelf al weggedaan
Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.
- Dubbelklik op mbam-setup.exe om het programma te installeren.
- Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
- Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
- Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
- Het scannen kan een tijdje duren, dus wees geduldig.
- Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
- Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
- De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
- Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Malwarebytes' Anti-Malware 1.10
Database versie: 583
Scan type: Snelle Scan
Objecten gescand: 29717
Verstreken tijd: 4 minute(s), 0 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Database versie: 583
Scan type: Snelle Scan
Objecten gescand: 29717
Verstreken tijd: 4 minute(s), 0 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Hoi,
ik dacht iets meer te zien met deze scan maar dus niet! Er staat een regel in je log die ik niet vertrouw, dus doe eens volgende:
Download SDFix en sla het progje op naar je bureaublad.
Dubbelklik SDFix.exe en kies Install om het uit te pakken. Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk hier: C:\SDFix).
Herstart de pc in de veilige modus.
ik dacht iets meer te zien met deze scan maar dus niet! Er staat een regel in je log die ik niet vertrouw, dus doe eens volgende:
Download SDFix en sla het progje op naar je bureaublad.
Dubbelklik SDFix.exe en kies Install om het uit te pakken. Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk hier: C:\SDFix).
Herstart de pc in de veilige modus.
- Herstart de computer
- Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
- Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
- Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
- Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
- Typ Y en klik enter om het schoonmaakproces te starten.
- Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
- De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
- De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
- Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
- Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 19:36:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
meer was daar niet te vinden
grz
Rootkit scan 2008-04-02 19:36:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
meer was daar niet te vinden
grz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:33, on 2/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007
\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDET.exe
C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft
IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Program
Files\VistaCodecPack\QT\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\Program Files\Netlog 24
\Notifier\Netlog24Notifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft
IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
Live Search:
FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
Google
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
MSN.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\Program Files\Microsoft Office\Office12
\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-
B692-46c4-B683-905236F6F655} - c:\progra~1
\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %
ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240
Series] C:\Windows\system32
\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F
"C:\Windows\TEMP\E_S95F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -
start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program
Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program
Files\Lavasoft\Ad-Aware 2007\Ad-
Watch2007.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program
Files\ESET\ESET NOD32 Antivirus\egui.exe"
/hide /waitservice
O4 - HKLM\..\Run: [ThreatFire] C:\Program
Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\VistaCodecPack\QT\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ISUSPM Startup]
"C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-startup
O4 - HKCU\..\Run: [Netlog 24] "C:\Program
Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program
Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run:
[WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB]
C:\Windows\system32\READREG /SILENT
/FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run:
[DevconDefaultDB] C:\Windows\system32
\READREG /SILENT /FAIL=1 (User 'Default
user')
O8 - Extra context menu item: Add to Windows
&Live Favorites -
Add to Windows Live Favorites
O9 - Extra button: Verzenden naar OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar
OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1\MICROS~2
\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-
D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/2007050
1/qtinstall.info.apple.com/qtactivex/qtplugin.c
ab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-
7F76E0CE5F3F} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab?
v=13,0,1609,00
O16 - DPF: {05D44720-58E3-49E6-BDF6-
D00330E511D3} (StagingUI Object) -
MSN Games - Free Online Games
ngUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-
83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrc
hkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-
B5388FFDD0D8} (MSN Games – Buddy Invite) -
MSN Games - Free Online Games
dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.live.com/mail/w1/resources/V
istaMSNPUpldnl-be.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-
989993B5D08B} (OnlineScanner Control) -
Eset - Antivirus Software NOD32.
cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-
917ABDD035B3} (ZonePAChat Object) -
MSN Games - Free Online Games
hat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-
CC0F21721616} (DivXBrowserPlugin Object) -
DivX Video Player - DivX Codec - DivX Converter - DivX Web Player - Download DivX for Windows
Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-
220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/
ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-
3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe
ngerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc
kwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-
C771BB369937} (MSN Games – Game
Communicator) -
MSN Games - Free Online Games
xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-
4709194C2AD3} (CheckersZPA Object) -
MSN Games - Free Online Games
ckersZPA.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-
F0CA-4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12
\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc.
- C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM
Access - Unknown owner -
C:\Windows\System32\CTSVCCDA.EXE (file
missing)
O23 - Service: Eset HTTP Server (EhttpSrv) -
ESET - C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) -
How2 Studios - C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
O23 - Service: McAfee WSC Integration
(McDetect.exe) - Unknown owner - c:\program
files\mcafee.com\agent\mcdetect.exe (file
missing)
O23 - Service: McAfee Task Scheduler
(McTskshd.exe) - Unknown owner -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
(file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero
AG - C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service -
Prolific Technology Inc. -
C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools -
C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11177 bytes
ik hoop dat het goe is zene
Scan saved at 21:11:33, on 2/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007
\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDET.exe
C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft
IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Program
Files\VistaCodecPack\QT\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\Program Files\Netlog 24
\Notifier\Netlog24Notifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft
IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
Live Search:
FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
MSN.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\Program Files\Microsoft Office\Office12
\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-
B692-46c4-B683-905236F6F655} - c:\progra~1
\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %
ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240
Series] C:\Windows\system32
\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F
"C:\Windows\TEMP\E_S95F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -
start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program
Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program
Files\Lavasoft\Ad-Aware 2007\Ad-
Watch2007.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program
Files\ESET\ESET NOD32 Antivirus\egui.exe"
/hide /waitservice
O4 - HKLM\..\Run: [ThreatFire] C:\Program
Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\VistaCodecPack\QT\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ISUSPM Startup]
"C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-startup
O4 - HKCU\..\Run: [Netlog 24] "C:\Program
Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program
Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run:
[WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB]
C:\Windows\system32\READREG /SILENT
/FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run:
[DevconDefaultDB] C:\Windows\system32
\READREG /SILENT /FAIL=1 (User 'Default
user')
O8 - Extra context menu item: Add to Windows
&Live Favorites -
Add to Windows Live Favorites
O9 - Extra button: Verzenden naar OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar
OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1\MICROS~2
\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-
D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/2007050
1/qtinstall.info.apple.com/qtactivex/qtplugin.c
ab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-
7F76E0CE5F3F} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab?
v=13,0,1609,00
O16 - DPF: {05D44720-58E3-49E6-BDF6-
D00330E511D3} (StagingUI Object) -
MSN Games - Free Online Games
ngUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-
83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrc
hkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-
B5388FFDD0D8} (MSN Games – Buddy Invite) -
MSN Games - Free Online Games
dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.live.com/mail/w1/resources/V
istaMSNPUpldnl-be.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-
989993B5D08B} (OnlineScanner Control) -
Eset - Antivirus Software NOD32.
cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-
917ABDD035B3} (ZonePAChat Object) -
MSN Games - Free Online Games
hat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-
CC0F21721616} (DivXBrowserPlugin Object) -
DivX Video Player - DivX Codec - DivX Converter - DivX Web Player - Download DivX for Windows
Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-
220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/
ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-
3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe
ngerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc
kwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-
C771BB369937} (MSN Games – Game
Communicator) -
MSN Games - Free Online Games
xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-
4709194C2AD3} (CheckersZPA Object) -
MSN Games - Free Online Games
ckersZPA.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-
F0CA-4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12
\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc.
- C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM
Access - Unknown owner -
C:\Windows\System32\CTSVCCDA.EXE (file
missing)
O23 - Service: Eset HTTP Server (EhttpSrv) -
ESET - C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) -
How2 Studios - C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
O23 - Service: McAfee WSC Integration
(McDetect.exe) - Unknown owner - c:\program
files\mcafee.com\agent\mcdetect.exe (file
missing)
O23 - Service: McAfee Task Scheduler
(McTskshd.exe) - Unknown owner -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
(file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero
AG - C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service -
Prolific Technology Inc. -
C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools -
C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11177 bytes
ik hoop dat het goe is zene
- Status