en de combofix
en de combofix
[hijack]combofix 06.11.9 - running from: "c:\documents and settings\michael djalti\bureaublad"
((((((((((((((((((((((((((((((( files created from 2018-10-06 to 2018/11/2006 ))))))))))))))))))))))))))))))))))
no new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( find3m report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))
*note* empty entries are not shown
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"nvcpldaemon"="rundll32.exe c:\\windows\\system32\\nvcpl.dll,nvstartup"
"nwiz"="nwiz.exe /install"
"nerofiltercheck"="c:\\windows\\system32\\nerocheck.exe"
"speedtouch usb diagnostics"="\"c:\\program files\\thomson\\speedtouch usb\\dragdiag.exe\" /icon"
"tgcmd"="\"c:\\program files\\support.com\\bin\\tgcmd.exe\" /server /startmonitor "
"avg7_cc"="c:\\progra~1\\grisoft\\avgfre~1\\avgcc.exe /startup"
"ms windows executor process"="msexecp32.exe"
[hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents]
[hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail]
"installed"="1"
[hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\mapi]
"nochange"="1"
"installed"="1"
[hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\msfs]
"installed"="1"
[hkey_local_machine\software\microsoft\windows\currentversion\runonce]
"wextract_cleanup0"="rundll32.exe c:\\windows\\system32\\advpack.dll,delnoderundll32 \"c:\\docume~1\\michae~1\\locals~1\\temp\\ixp000.tmp\\\""
[hkey_local_machine\software\microsoft\windows\currentversion\runservices]
"ms windows executor process"="msexecp32.exe"
[hkey_current_user\software\microsoft\internet explorer\desktop\components]
"deskhtmlversion"=dword:00000110
"deskhtmlminorversion"=dword:00000005
"settings"=dword:00000001
"generalflags"=dword:00000005
[hkey_current_user\software\microsoft\internet explorer\desktop\components\0]
"source"="about:home"
"subscribedurl"="about:home"
"friendlyname"="mijn huidige introductiepagina"
"flags"=dword:00000002
"position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"currentstate"=hex:04,00,00,40
"originalstateinfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"restoredstateinfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\\windows\\system32\\ctfmon.exe"
"avg7_run"="c:\\progra~1\\grisoft\\avgfre~1\\avgw.exe /runonce"
"ms windows executor process"="msexecp32.exe"
[hkey_users\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\\windows\\system32\\ctfmon.exe"
"avg7_run"="c:\\progra~1\\grisoft\\avgfre~1\\avgw.exe /runonce"
"ms windows executor process"="msexecp32.exe"
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
" {438755c2-a8ba-11d1-b96b-00a0c90312e1} "="preloader van browseui"
" {8c7461ef-2b13-11d2-be35-3078302c2030} "="cache-daemon voor onderdeelcategorien"
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
" {aeb6717e-7e19-11d0-97ee-00c04fd91972} "=""
" {57b86673-276a-48b2-bae7-c6dbb3020eb8} "="avg anti-spyware 7.5"
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"nodrivetypeautorun"=dword:00000091
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer\run]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[hkey_users\.default\software\microsoft\windows\currentversion\policies\explorer]
"nodrivetypeautorun"=dword:00000091
[hkey_users\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"nodrivetypeautorun"=dword:00000091
[hkey_local_machine\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"postbootreminder"=" {7849596a-48ea-486e-8937-a2a3009f31a9} "
"cdburn"=" {fbeb8a05-beee-4442-804e-409d6c4515e9} "
"webcheck"=" {e6fb5e20-de35-11cf-9c87-00aa005127ed} "
"systray"=" {35cec8a3-2be6-11d2-8773-92e220524153} "
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^intervideo wincinema manager.lnk]
"path"="c:\\documents and settings\\all users\\menu start\\programma's\\opstarten\\intervideo wincinema manager.lnk"
"backup"="c:\\windows\\pss\\intervideo wincinema manager.lnkcommon startup"
"location"="common startup"
"command"="c:\\progra~1\\interv~1\\common\\bin\\wincin~1.exe "
"item"="intervideo wincinema manager"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^scanpanel.lnk]
"path"="c:\\documents and settings\\all users\\menu start\\programma's\\opstarten\\scanpanel.lnk"
"backup"="c:\\windows\\pss\\scanpanel.lnkcommon startup"
"location"="common startup"
"command"="c:\\progra~1\\scanpa~1\\scnpanel.exe "
"item"="scanpanel"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg]
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\c-media mixer]
"key"="software\\microsoft\\windows\\currentversion\\run"
"item"="mixer"
"hkey"="hklm"
"command"="mixer.exe /startup"
"inimapping"="0"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
"key"="software\\microsoft\\windows\\currentversion\\run"
"item"="msmsgs"
"hkey"="hkcu"
"command"="\"c:\\program files\\messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]
"key"="software\\microsoft\\windows\\currentversion\\run"
"item"="nvmctray"
"hkey"="hkcu"
"command"="rundll32.exe c:\\windows\\system32\\nvmctray.dll,nvtaskbarinit"
"inimapping"="0"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
"key"="software\\microsoft\\windows\\currentversion\\run"
"item"="qttask"
"hkey"="hklm"
"command"="\"c:\\program files\\quicktime\\qttask.exe\" -atboottime"
"inimapping"="0"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\winampagent]
"key"="software\\microsoft\\windows\\currentversion\\run"
"item"="winampa"
"hkey"="hklm"
"command"="\"c:\\program files\\winamp3\\winampa.exe\""
"inimapping"="0"
[hkey_local_machine\system\currentcontrolset\control\securityproviders]
"securityproviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
completion time: za 18/11/2006 22:12:18,89
c:\combofix.txt ... 18/11/2006 22:12
c:\combofix2.txt ... 18/11/2006 22:05
c:\combofix3.txt ... 18/11/2006 22:03[/hijack]