tyche
Nieuw lid
- Lid geworden
- 25 feb 2009
- Berichten
- 21
- Waarderingsscore
- 0
Hoi allen.
Ik ben ook besmet met het msn-virus. :wacko:
Ik heb geprobeerd msn te verwijderen maar als ik via config-scherm op software verwijderen klik gebeurt het niet.
beetje vervelend wel.
Ik heb een hijackthis log gemaakt.
en dat is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:29, on 26-2-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
E:\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\PND Speed Camera Sync\PndSync\PndSync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ron\Mijn documenten\hjt this\HijackThis.exe
C:\Documents and Settings\Ron\Mijn documenten\hjt this\realscan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {75E71CC4-F4B6-4A58-9B47-DEE58CB7FFB1} - C:\WINDOWS\system32\advpack(8.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\PROGRA~1\MUSICM~1\MUSICM~2\PHILIP~1.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PND Speed Camera Synchronization.lnk = C:\Program Files\PND Speed Camera Sync\PndSync\PndSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ron\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 16778 bytes
en ik heb een combofixlog en dat is:
ComboFix 09-02-26.01 - Ron 2009-02-26 20:49:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.558 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Ron\Bureaublad\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ron\Application Data\urlredir.cfg
c:\documents and settings\Ron\Menu Start\Programma's\AntivirusXP
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\fxavx.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patch.exe
c:\windows\system32\303369.exe
c:\windows\system32\4Ha3Kyki.exe.a_a
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekabbekvdsv.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\init32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\remove.exe
c:\windows\system32\senekaamtkifod.dat
c:\windows\system32\senekabpxeuyfv.dll
c:\windows\system32\senekabrxnsgit.dat
c:\windows\system32\senekacfumlxyl.dll
c:\windows\system32\senekailrooqxw.dll
c:\windows\system32\senekasvgcpeqc.dll
c:\windows\system32\senekaxvmplvho.db
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))
.
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-19 22:59 . 2009-02-20 09:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-18 22:09 . 2009-02-18 22:09 45 --a------ c:\windows\SFEditorU.INI
2009-02-12 22:24 . 2009-02-12 22:25 <DIR> d----c--- C:\RVAXO
2009-02-12 21:54 . 2009-02-18 22:20 <DIR> dr-h----- c:\documents and settings\Ron\Onlangs geopend
2009-02-11 20:10 . 2009-02-11 20:10 1,025 --a--c--- C:\pap.exe
2009-02-09 20:46 . 2009-02-10 19:46 <DIR> d-------- c:\documents and settings\Ron\Application Data\Belastingdienst
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-01 10:08 . 2009-02-01 10:08 70,656 --a------ c:\windows\system32\4Ha3Kyki.exe_
2009-01-29 20:17 . 2009-01-29 20:17 <DIR> d-------- c:\program files\SweetIM
2009-01-29 20:17 . 2009-01-29 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 19:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-25 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 19:53 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 22:06 --------- d-----w c:\documents and settings\Ron\Application Data\IMVU
2009-02-14 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-12 20:04 --------- d-----w c:\program files\Hitman Pro
2009-02-12 20:03 --------- d-----w c:\documents and settings\Ron\Application Data\IMVUClient
2009-02-10 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-29 13:30 --------- d-----w c:\documents and settings\Ron\Application Data\MSN6
2009-01-19 19:05 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-19 19:05 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-19 19:05 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-19 19:05 --------- d-----w c:\program files\Symantec
2009-01-17 20:21 --------- d-----w c:\program files\Windows Live
2009-01-09 04:18 --------- d-----w c:\program files\Microsoft
2009-01-09 04:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 04:12 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-07 14:59 --------- d-----w c:\documents and settings\Ron\Application Data\RegTool
2008-09-20 18:49 5,632 --sha-w c:\program files\Thumbs.db
2008-05-25 18:58 625 ---ha-w c:\documents and settings\Ron\hpothb07.dat
2007-01-28 20:56 71,192 ----a-w c:\documents and settings\Ron\Application Data\GDIPFONTCACHEV1.DAT
2005-10-24 09:27 185 ---ha-w c:\documents and settings\All Users\Application Data\hpothb07.dat
2005-10-24 09:27 0 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2004-08-13 12:42 484 ----a-r c:\program files\setup.reg
2004-06-09 07:05 2,990 ----a-w c:\program files\license.txt
2004-04-28 08:38 3,667 ----a-w c:\program files\readme.txt
2004-04-28 08:38 130,560 ----a-w c:\program files\fmod.dll
2004-04-28 08:38 102,196 ----a-w c:\program files\bass.dll
2004-02-06 09:52 17,542 ----a-w c:\program files\zylom.ico
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SPSTEALT"="c:\program files\Free History Eraser\HistoryEraser.exe" [2006-08-24 327680]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 39408]
"Google Update"="c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-01-14 892928]
"QuickTime Task"="E:\qttask.exe" [2005-01-07 98304]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"mm_server"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe" [2006-01-17 86016]
"PhilipsRemote"="c:\progra~1\MUSICM~1\MUSICM~2\PHILIP~1.EXE" [2006-01-17 745472]
"OdTray.exe"="c:\program files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe" [2004-03-15 626746]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-26 69632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-05 29744]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-09-29 169472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-09-29 169472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-02-28 581632]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PND Speed Camera Synchronization.lnk - c:\program files\PND Speed Camera Sync\PndSync\PndSync.exe [2007-09-16 421888]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-09-29 106560]
ZDWlan.lnk - c:\program files\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe [2006-08-14 1097728]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.IV41"= ir41_32.dll
"MSACM.MI-SC4"= MI-SC4.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 pqheviib;pqheviib;c:\windows\system32\drivers\ivdcadfy.dat --> c:\windows\system32\drivers\ivdcadfy.dat [?]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [2006-10-15 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
R3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\saintsub.sys [2004-03-27 19200]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-04-25 148352]
S3 adiusbae;USB ADSL LAN Adapter; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-26 29744]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-09-29 14095]
S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);c:\windows\system32\drivers\ZD1211U.sys [2006-08-14 237568]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\DPFMate.exe
.
Inhoud van de 'Gedeelde Taken' map
2004-01-08 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1064846831.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
2009-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844823847-682003330-1003.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 11:05]
2009-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-02-23 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Ron.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
2009-02-01 c:\windows\Tasks\RegTool Scan.job
- D:\RegTool.exe [2009-01-02 13:59]
2009-02-26 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 16:43]
2009-01-27 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 16:43]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{75E71CC4-F4B6-4A58-9B47-DEE58CB7FFB1} - c:\windows\system32\advpack(8.dll
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
------- Bijkomende Scan -------
.
IE: &Google Search
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: E&xporteren naar Microsoft Excel
IE: Si&milar Pages
IE: Translate into English
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Ron\Menu Start\Programma's\IMVU\Run IMVU.lnk
LSP: c:\windows\TEMP\ntdll64.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 20:58:40
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???????????U?9~??9~\???\????????Oa??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@
scannen van verborgen bestanden ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqheviib]
"ImagePath"="system32\drivers\ivdcadfy.dat"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-842925246-1844823847-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\cfusionmx7\db\slserver54\bin\swagent.exe
c:\cfusionmx7\db\slserver54\bin\swstrtr.exe
c:\cfusionmx7\db\slserver54\bin\swsoc.exe
c:\cfusionmx7\runtime\bin\jrun.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\ewido\security suite\ewidoctrl.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-26 21:08:48 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-26 20:07:25
ComboFix2.txt 2008-02-27 20:20:09
Pre-Run: 11,420,459,008 bytes beschikbaar
Post-Run: 11,474,030,592 bytes beschikbaar
400 --- E O F --- 2009-02-25 19:51:39
ik hoop dat iemand mij kan helpen dit virus te verwijderen.
alvast bedankt voor de moeite,
groetjes,
Tyche
Ik ben ook besmet met het msn-virus. :wacko:
Ik heb geprobeerd msn te verwijderen maar als ik via config-scherm op software verwijderen klik gebeurt het niet.
beetje vervelend wel.
Ik heb een hijackthis log gemaakt.
en dat is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:29, on 26-2-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
E:\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\PND Speed Camera Sync\PndSync\PndSync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ron\Mijn documenten\hjt this\HijackThis.exe
C:\Documents and Settings\Ron\Mijn documenten\hjt this\realscan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {75E71CC4-F4B6-4A58-9B47-DEE58CB7FFB1} - C:\WINDOWS\system32\advpack(8.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\PROGRA~1\MUSICM~1\MUSICM~2\PHILIP~1.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PND Speed Camera Synchronization.lnk = C:\Program Files\PND Speed Camera Sync\PndSync\PndSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ron\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Odyssey Client for ZyXEL (odClientService) - Funk Software, Inc. - C:\Program Files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 16778 bytes
en ik heb een combofixlog en dat is:
ComboFix 09-02-26.01 - Ron 2009-02-26 20:49:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.558 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Ron\Bureaublad\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ron\Application Data\urlredir.cfg
c:\documents and settings\Ron\Menu Start\Programma's\AntivirusXP
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\fxavx.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patch.exe
c:\windows\system32\303369.exe
c:\windows\system32\4Ha3Kyki.exe.a_a
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekabbekvdsv.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\init32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\remove.exe
c:\windows\system32\senekaamtkifod.dat
c:\windows\system32\senekabpxeuyfv.dll
c:\windows\system32\senekabrxnsgit.dat
c:\windows\system32\senekacfumlxyl.dll
c:\windows\system32\senekailrooqxw.dll
c:\windows\system32\senekasvgcpeqc.dll
c:\windows\system32\senekaxvmplvho.db
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))
.
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-25 21:00 . 2009-02-25 21:00 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-19 22:59 . 2009-02-20 09:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-18 22:09 . 2009-02-18 22:09 45 --a------ c:\windows\SFEditorU.INI
2009-02-12 22:24 . 2009-02-12 22:25 <DIR> d----c--- C:\RVAXO
2009-02-12 21:54 . 2009-02-18 22:20 <DIR> dr-h----- c:\documents and settings\Ron\Onlangs geopend
2009-02-11 20:10 . 2009-02-11 20:10 1,025 --a--c--- C:\pap.exe
2009-02-09 20:46 . 2009-02-10 19:46 <DIR> d-------- c:\documents and settings\Ron\Application Data\Belastingdienst
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-01 10:08 . 2009-02-01 10:08 70,656 --a------ c:\windows\system32\4Ha3Kyki.exe_
2009-01-29 20:17 . 2009-01-29 20:17 <DIR> d-------- c:\program files\SweetIM
2009-01-29 20:17 . 2009-01-29 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 19:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-25 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 19:53 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 22:06 --------- d-----w c:\documents and settings\Ron\Application Data\IMVU
2009-02-14 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-12 20:04 --------- d-----w c:\program files\Hitman Pro
2009-02-12 20:03 --------- d-----w c:\documents and settings\Ron\Application Data\IMVUClient
2009-02-10 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-29 13:30 --------- d-----w c:\documents and settings\Ron\Application Data\MSN6
2009-01-19 19:05 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-19 19:05 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-19 19:05 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-19 19:05 --------- d-----w c:\program files\Symantec
2009-01-17 20:21 --------- d-----w c:\program files\Windows Live
2009-01-09 04:18 --------- d-----w c:\program files\Microsoft
2009-01-09 04:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 04:12 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-07 14:59 --------- d-----w c:\documents and settings\Ron\Application Data\RegTool
2008-09-20 18:49 5,632 --sha-w c:\program files\Thumbs.db
2008-05-25 18:58 625 ---ha-w c:\documents and settings\Ron\hpothb07.dat
2007-01-28 20:56 71,192 ----a-w c:\documents and settings\Ron\Application Data\GDIPFONTCACHEV1.DAT
2005-10-24 09:27 185 ---ha-w c:\documents and settings\All Users\Application Data\hpothb07.dat
2005-10-24 09:27 0 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2004-08-13 12:42 484 ----a-r c:\program files\setup.reg
2004-06-09 07:05 2,990 ----a-w c:\program files\license.txt
2004-04-28 08:38 3,667 ----a-w c:\program files\readme.txt
2004-04-28 08:38 130,560 ----a-w c:\program files\fmod.dll
2004-04-28 08:38 102,196 ----a-w c:\program files\bass.dll
2004-02-06 09:52 17,542 ----a-w c:\program files\zylom.ico
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SPSTEALT"="c:\program files\Free History Eraser\HistoryEraser.exe" [2006-08-24 327680]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-30 39408]
"Google Update"="c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-01-14 892928]
"QuickTime Task"="E:\qttask.exe" [2005-01-07 98304]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"mm_server"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe" [2006-01-17 86016]
"PhilipsRemote"="c:\progra~1\MUSICM~1\MUSICM~2\PHILIP~1.EXE" [2006-01-17 745472]
"OdTray.exe"="c:\program files\ZyXEL\Odyssey Client for ZyXEL\OdTray.exe" [2004-03-15 626746]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-26 69632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-05 29744]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-09-29 169472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-09-29 169472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-02-28 581632]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PND Speed Camera Synchronization.lnk - c:\program files\PND Speed Camera Sync\PndSync\PndSync.exe [2007-09-16 421888]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-09-29 106560]
ZDWlan.lnk - c:\program files\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe [2006-08-14 1097728]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.IV41"= ir41_32.dll
"MSACM.MI-SC4"= MI-SC4.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 pqheviib;pqheviib;c:\windows\system32\drivers\ivdcadfy.dat --> c:\windows\system32\drivers\ivdcadfy.dat [?]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [2006-10-15 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
R3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\saintsub.sys [2004-03-27 19200]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-04-25 148352]
S3 adiusbae;USB ADSL LAN Adapter; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-26 29744]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-09-29 14095]
S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);c:\windows\system32\drivers\ZD1211U.sys [2006-08-14 237568]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\DPFMate.exe
.
Inhoud van de 'Gedeelde Taken' map
2004-01-08 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1064846831.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
2009-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844823847-682003330-1003.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 11:05]
2009-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-02-23 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Ron.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
2009-02-01 c:\windows\Tasks\RegTool Scan.job
- D:\RegTool.exe [2009-01-02 13:59]
2009-02-26 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 16:43]
2009-01-27 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 16:43]
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{75E71CC4-F4B6-4A58-9B47-DEE58CB7FFB1} - c:\windows\system32\advpack(8.dll
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
------- Bijkomende Scan -------
.
IE: &Google Search
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: E&xporteren naar Microsoft Excel
IE: Si&milar Pages
IE: Translate into English
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Ron\Menu Start\Programma's\IMVU\Run IMVU.lnk
LSP: c:\windows\TEMP\ntdll64.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 20:58:40
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???????????U?9~??9~\???\????????Oa??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@
scannen van verborgen bestanden ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqheviib]
"ImagePath"="system32\drivers\ivdcadfy.dat"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-842925246-1844823847-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\cfusionmx7\db\slserver54\bin\swagent.exe
c:\cfusionmx7\db\slserver54\bin\swstrtr.exe
c:\cfusionmx7\db\slserver54\bin\swsoc.exe
c:\cfusionmx7\runtime\bin\jrun.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\ewido\security suite\ewidoctrl.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ZyXEL\Odyssey Client for ZyXEL\odClientService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-26 21:08:48 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-26 20:07:25
ComboFix2.txt 2008-02-27 20:20:09
Pre-Run: 11,420,459,008 bytes beschikbaar
Post-Run: 11,474,030,592 bytes beschikbaar
400 --- E O F --- 2009-02-25 19:51:39
ik hoop dat iemand mij kan helpen dit virus te verwijderen.
alvast bedankt voor de moeite,
groetjes,
Tyche