[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:20, on 26/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\nero\nero8\nero backitup\nbservice.exe
c:\windows\system32\ioctlsvc.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\microsoft sql server\90\shared\sqlwriter.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\citrix\ica client\ssonsvr.exe
c:\windows\explorer.exe
c:\windows\soundman.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\microsoft intellitype pro\dpupdchk.exe
c:\windows\system32\ctfmon.exe
c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\system32\searchprotocolhost.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
r3 - urlsearchhook: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: askbar bho - {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askbar.dll
o2 - bho: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\s wg.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o2 - bho: nitropdfbho class - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: epsontoolbandkicker class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: epson web-to-page - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - (no file)
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o3 - toolbar: ask toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askbar.dll
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe
o4 - hklm\..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [istray] c:\program files\spyware doctor\pctstray.exe
o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe /splash
o4 - hklm\..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_fatic ae.exe /fu c:\windows\temp\e_sb0.tmp /ef "hkcu"
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkcu\..\run: [google update] c:\documents and settings\danny\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6 ff0c6d236bf8.dll/cmsidewiki.html
o8 - extra context menu item: save page as pdf ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra 'tools' menuitem: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra 'tools' menuitem: pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra button: pdf download - {f1c0fd6c-a6a0-49a7-a932-71a56461867f} - c:\program files\nitro pdf\pdf download\nitropdf.dll (hkcu)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/res...scbase6087.cab[/noparse]
o16 - dpf: {9191f686-7f0a-441d-8a98-2fe3ac1bd913} (activescan 2.0 installer class) - [noparse]http://acs.pandasoftware.com/actives.../as2stubie.cab[/noparse]
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (f-secure online scanner 3.3) - [noparse]http://virusscanner.telenet.be/fscax.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: symantec lic netconnect service (cltnetcnservice) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: epson v3 service4(01) (epson_pm_rpcv4_01) - seiko epson corporation - c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files\telenet security pack\fwes\program\fsdfwd.exe
o23 - service: fsma - f-secure corporation - c:\program files\telenet security pack\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files\telenet security pack\orsp client\fsorsp.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: hasp license manager (hasplms) - aladdin knowledge systems ltd. - c:\windows\system32\hasplms.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: mcafee proxy service (mcproxy) - unknown owner - c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe (file missing)
o23 - service: mcafee personal firewall service (mpfservice) - unknown owner - c:\program files\mcafee\mpf\mpfsrv.exe (file missing)
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 13292 bytes
[/hjt]
:rules:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:20, on 26/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\nero\nero8\nero backitup\nbservice.exe
c:\windows\system32\ioctlsvc.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\microsoft sql server\90\shared\sqlwriter.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\citrix\ica client\ssonsvr.exe
c:\windows\explorer.exe
c:\windows\soundman.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\microsoft intellitype pro\dpupdchk.exe
c:\windows\system32\ctfmon.exe
c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\system32\searchprotocolhost.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
r3 - urlsearchhook: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: askbar bho - {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askbar.dll
o2 - bho: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\s wg.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o2 - bho: nitropdfbho class - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: epsontoolbandkicker class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: epson web-to-page - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - (no file)
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o3 - toolbar: ask toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askbar.dll
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe
o4 - hklm\..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [istray] c:\program files\spyware doctor\pctstray.exe
o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe /splash
o4 - hklm\..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_fatic ae.exe /fu c:\windows\temp\e_sb0.tmp /ef "hkcu"
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkcu\..\run: [google update] c:\documents and settings\danny\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6 ff0c6d236bf8.dll/cmsidewiki.html
o8 - extra context menu item: save page as pdf ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra 'tools' menuitem: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra 'tools' menuitem: pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra button: pdf download - {f1c0fd6c-a6a0-49a7-a932-71a56461867f} - c:\program files\nitro pdf\pdf download\nitropdf.dll (hkcu)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/res...scbase6087.cab[/noparse]
o16 - dpf: {9191f686-7f0a-441d-8a98-2fe3ac1bd913} (activescan 2.0 installer class) - [noparse]http://acs.pandasoftware.com/actives.../as2stubie.cab[/noparse]
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (f-secure online scanner 3.3) - [noparse]http://virusscanner.telenet.be/fscax.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: symantec lic netconnect service (cltnetcnservice) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: epson v3 service4(01) (epson_pm_rpcv4_01) - seiko epson corporation - c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files\telenet security pack\fwes\program\fsdfwd.exe
o23 - service: fsma - f-secure corporation - c:\program files\telenet security pack\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files\telenet security pack\orsp client\fsorsp.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: hasp license manager (hasplms) - aladdin knowledge systems ltd. - c:\windows\system32\hasplms.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: mcafee proxy service (mcproxy) - unknown owner - c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe (file missing)
o23 - service: mcafee personal firewall service (mpfservice) - unknown owner - c:\program files\mcafee\mpf\mpfsrv.exe (file missing)
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 13292 bytes
[/hjt]
:rules:
Laatst bewerkt door een moderator: