[Opgelost] Trend micro waarschuwing

hhhh · 28 oktober 2007, 17:19

(Gesponsorde links- (Wat is dit?))

Ik krijg erg vaak de melding: Waarschuwing gevaarlijke website
U hebt geprobeerd een gevaarlijke website te openen

<KNIP> (linkje weggehaald)

Dit gebeurd echter spontaan zonder dat ik een IE venster heb geopend. Ik heb op het forum een dergelijk artikel gezien echter de oplossing voor mij staat daar niet in (HijackThis en Combofix)
Hier volgen de log files van HijackThis en Combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:14, on 28-10-2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Users\HH\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - C:\Windows\system32\wvuspqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O20 - Winlogon Notify: wvuspqn - C:\Windows\SYSTEM32\wvuspqn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11089 bytes
================

ComboFix 07-10-26.4 - HH 2007-10-28 12:29:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.898 [GMT 1:00]
Gestart vanuit: C:\Users\HH\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\HH.\svchost.exe
C:\Windows\system32\service.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))
.

2007-10-28 12:27 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-27 11:32 33,792 --a------ C:\Windows\System32\wvuspqn.dll
2007-10-26 19:15 <DIR> d-------- C:\Users\All Users\Nero
2007-10-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-26 19:15 <DIR> d-------- C:\PROGRA~2\Nero
2007-10-26 19:11 <DIR> d-------- C:\Program Files\Incomplete
2007-10-26 18:44 <DIR> d--hs---- C:\Users\HH\'
2007-10-26 18:44 278,544 --a------ C:\Users\HH\Setup.exe
2007-10-26 18:44 147,456 --a------ C:\Users\HH\vbzip10.dll
2007-10-26 18:41 82 --a------ C:\n.bat
2007-10-26 16:52 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility
2007-10-26 16:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-10-25 14:40 <DIR> d-------- C:\Program Files\HammerHead
2007-10-21 12:01 <DIR> d-------- C:\Users\HH\AppData\Roaming\Line 6
2007-10-21 12:00 <DIR> d-------- C:\Program Files\Line6
2007-10-16 16:27 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-10-15 16:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2007-10-11 21:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-10-11 21:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 21:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-10-11 21:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-10-11 21:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-07 21:50 <DIR> d--hs---- C:\Users\HH\Phone Browser
2007-10-07 13:13 <DIR> d-------- C:\Users\All Users\Nokia
2007-10-07 13:13 <DIR> d-------- C:\PROGRA~2\Nokia
2007-10-06 19:06 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia Multimedia Player
2007-10-06 18:50 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia
2007-10-06 18:50 <DIR> d-------- C:\Users\All Users\PC Suite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 18:50 <DIR> d-------- C:\PROGRA~2\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Users\HH\AppData\Roaming\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-06 18:48 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 17:15 <DIR> d-------- C:\Program Files\PlayMP3z
2007-10-06 17:15 <DIR> d-------- C:\Program Files\ContextTool
2007-10-02 18:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-02 18:26 737,280 --a------ C:\Windows\iun6002.exe
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iTunes
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iPod
2007-10-01 15:53 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-01 15:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-01 15:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-01 15:46 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-10-01 15:46 <DIR> d-------- C:\PROGRA~2\Microsoft Help
2007-10-01 15:41 <DIR> dr-h----- C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 11:24 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 08:56 --------- d-----w C:\Users\HH\AppData\Roaming\LimeWire
2007-10-28 08:50 --------- d-----w C:\Program Files\Lx_cats
2007-10-27 10:27 --------- d-----w C:\PROGRA~2\NVIDIA
2007-10-16 15:28 --------- d-----w C:\Program Files\Kodak
2007-10-15 19:04 --------- d-----w C:\PROGRA~2\DVD Shrink
2007-10-11 21:19 --------- d-----w C:\Program Files\Windows Mail
2007-10-11 20:36 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 20:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 20:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 20:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 20:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-01 15:39 --------- d-----w C:\PROGRA~2\Apple Computer
2007-10-01 14:53 --------- d-----w C:\Program Files\MSBuild
2007-09-21 11:52 --------- d-----w C:\Program Files\Apple Software Update
2007-09-12 03:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 03:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 03:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 03:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 03:28 7,623,968 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-12 03:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 03:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 03:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 03:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 03:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 03:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 03:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 03:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 03:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 03:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 03:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 03:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 03:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 03:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 03:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 03:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 03:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 03:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 03:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 03:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 03:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-03 05:00 174 --sha-w C:\Program Files\desktop.ini
2007-09-03 04:40 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-09-03 04:40 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-09-03 04:40 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-09-03 04:40 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-09-03 04:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-09-03 04:40 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-09-03 04:40 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-09-03 04:40 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-09-03 04:40 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-09-03 04:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-09-03 04:40 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-09-03 04:40 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-09-03 04:40 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-09-03 04:40 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-09-03 04:40 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-09-03 04:40 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-09-03 04:40 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-09-03 04:40 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-31 19:07 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-31 19:07 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-31 19:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-08-31 19:07 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-31 19:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-31 19:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-08-31 19:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-31 19:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-08-31 19:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-31 19:07 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-31 19:07 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-31 19:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-31 19:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-31 19:07 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-31 19:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-08-31 19:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-31 19:07 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-31 19:07 --------- d-----w C:\Program Files\Windows Calendar
2007-08-31 19:06 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-24 10:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-24 10:50 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-24 10:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-24 10:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-24 10:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-24 10:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-24 10:49 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-24 10:48 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-24 10:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-08-16 11:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-08-16 11:13 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-08-09 14:15 56,544 ----a-w C:\Users\HH\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-29 16:27 81,920 ----a-w C:\Users\HH\AppData\Roaming\ezpinst.exe
2007-05-29 16:27 47,360 ----a-w C:\Users\HH\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C3C907-6601-4D81-9941-18536FF6F333}]
2007-10-27 11:32 33792 --a------ C:\Windows\system32\wvuspqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""

"eRecoveryService"=""

"LXBUCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 04:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-27 16:15]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 C:\Windows\RtHDVCpl.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 01:39]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-13 23:16]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 12:29]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 13:26]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 18:16]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=""

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 19:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"Host Process"="C:\Users\HH\svchost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-19 17:03:33]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36C3C907-6601-4D81-9941-18536FF6F333}"= C:\Windows\system32\wvuspqn.dll [2007-10-27 11:32 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspqn]
wvuspqn.dll 2007-10-27 11:32 33792 C:\Windows\System32\wvuspqn.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys
R3 USB28xxBGA;PCTV 330e/8x0e Device;C:\Windows\system32\DRIVERS\emBDA.sys
R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
R4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 winusb;WinUsb-stuurprogramma;C:\Windows\system32\DRIVERS\winusb.sys
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ
AutoRun\command - K:\setupSNK.exe
AutoRun\command - K:\setupSNK.exe
AutoRun\command - setupSNK.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 12:32:03
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-10-28 12:32:40
.
--- E O F ---
=========

Ik hoop dat ik een reactie krijg waarmee ik als leek uit de voeten kan.
Alvast bedankt voor de moeite
Vr gr.
HHHH

**Marckie** · 28 oktober 2007, 17:27

Sluit alle open vensters, en zeker dat van internet explorer.

Rechtsklik op C:\Program Files\Trend Micro\HijackThis\HijackThis.exe en kies voor "Als Administrator uitvoeren.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Klik daarna op knop "Scan".
Plaats een vinkje bij de volgende items:
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - C:\Windows\system32\wvuspqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O20 - Winlogon Notify: wvuspqn - C:\Windows\SYSTEM32\wvuspqn.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.

Start HijackThis opnieuw, maak een nieuwe log en post deze

hhhh · 28 oktober 2007, 22:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08, on 2007-10-28
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11153 bytes

Ik hoop dat u er iets mee kunt
Vr. gr.
HHHH

**Marckie** · 29 oktober 2007, 18:43

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\Users\HH\svchost.exe

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

Rechtsklik op C:\Program Files\Trend Micro\HijackThis\HijackThis.exe en kies voor "Als Administrator uitvoeren.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Klik daarna op knop "Scan".
Plaats een vinkje bij de volgende items:
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe

Herstart de computer, maak een nieuwe hijackthislog en post deze.

hhhh · 29 oktober 2007, 19:35

ComboFix 07-10-26.4 - HH 2007-10-29 19:27:03.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.861 [GMT 1:00]
Gestart vanuit: C:\Users\HH\Desktop\ComboFix.exe
Command switches used :: C:\Users\HH\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE::
C:\Users\HH\svchost.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))
.

2007-10-28 21:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-10-28 21:37 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2007-10-28 13:47 <DIR> d-------- C:\Users\HH\AppData\Roaming\Lavasoft
2007-10-28 13:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-28 12:27 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-27 11:32 33,792 --a------ C:\Windows\System32\wvuspqn.dll
2007-10-26 19:15 <DIR> d-------- C:\Users\All Users\Nero
2007-10-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-26 19:15 <DIR> d-------- C:\PROGRA~2\Nero
2007-10-26 19:11 <DIR> d-------- C:\Program Files\Incomplete
2007-10-26 18:44 278,544 --a------ C:\Users\HH\Setup.exe
2007-10-26 18:44 147,456 --a------ C:\Users\HH\vbzip10.dll
2007-10-26 18:41 82 --a------ C:\n.bat
2007-10-26 16:52 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility
2007-10-26 16:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-10-25 14:40 <DIR> d-------- C:\Program Files\HammerHead
2007-10-21 12:01 <DIR> d-------- C:\Users\HH\AppData\Roaming\Line 6
2007-10-21 12:00 <DIR> d-------- C:\Program Files\Line6
2007-10-16 16:27 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-10-15 16:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2007-10-11 21:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-10-11 21:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 21:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-10-11 21:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-10-11 21:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-07 21:50 <DIR> d--hs---- C:\Users\HH\Phone Browser
2007-10-07 13:13 <DIR> d-------- C:\Users\All Users\Nokia
2007-10-07 13:13 <DIR> d-------- C:\PROGRA~2\Nokia
2007-10-06 19:06 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia Multimedia Player
2007-10-06 18:50 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia
2007-10-06 18:50 <DIR> d-------- C:\Users\All Users\PC Suite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 18:50 <DIR> d-------- C:\PROGRA~2\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Users\HH\AppData\Roaming\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-06 18:48 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 17:15 <DIR> d-------- C:\Program Files\PlayMP3z
2007-10-06 17:15 <DIR> d-------- C:\Program Files\ContextTool
2007-10-02 18:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-02 18:26 737,280 --a------ C:\Windows\iun6002.exe
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iTunes
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iPod
2007-10-01 15:53 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-01 15:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-01 15:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-01 15:46 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-10-01 15:46 <DIR> d-------- C:\PROGRA~2\Microsoft Help
2007-10-01 15:41 <DIR> dr-h----- C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 15:31 --------- d-----w C:\Program Files\Lx_cats
2007-10-28 11:24 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 08:56 --------- d-----w C:\Users\HH\AppData\Roaming\LimeWire
2007-10-27 10:27 --------- d-----w C:\PROGRA~2\NVIDIA
2007-10-16 15:28 --------- d-----w C:\Program Files\Kodak
2007-10-15 19:04 --------- d-----w C:\PROGRA~2\DVD Shrink
2007-10-11 21:19 --------- d-----w C:\Program Files\Windows Mail
2007-10-11 20:36 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 20:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 20:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 20:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 20:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-01 15:39 --------- d-----w C:\PROGRA~2\Apple Computer
2007-10-01 14:53 --------- d-----w C:\Program Files\MSBuild
2007-09-21 11:52 --------- d-----w C:\Program Files\Apple Software Update
2007-09-12 03:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 03:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 03:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 03:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 03:28 7,623,968 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-12 03:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 03:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 03:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 03:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 03:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 03:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 03:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 03:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 03:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 03:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 03:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 03:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 03:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 03:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 03:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 03:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 03:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 03:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 03:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 03:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 03:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-03 05:00 174 --sha-w C:\Program Files\desktop.ini
2007-09-03 04:40 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-09-03 04:40 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-09-03 04:40 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-09-03 04:40 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-09-03 04:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-09-03 04:40 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-09-03 04:40 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-09-03 04:40 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-09-03 04:40 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-09-03 04:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-09-03 04:40 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-09-03 04:40 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-09-03 04:40 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-09-03 04:40 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-09-03 04:40 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-09-03 04:40 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-09-03 04:40 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-09-03 04:40 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-31 19:07 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-31 19:07 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-31 19:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-08-31 19:07 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-31 19:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-31 19:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-08-31 19:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-31 19:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-08-31 19:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-31 19:07 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-31 19:07 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-31 19:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-31 19:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-31 19:07 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-31 19:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-08-31 19:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-31 19:07 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-31 19:07 --------- d-----w C:\Program Files\Windows Calendar
2007-08-31 19:06 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-24 10:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-24 10:50 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-24 10:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-24 10:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-24 10:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-24 10:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-24 10:49 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-24 10:48 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-24 10:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-08-16 11:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-08-16 11:13 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-08-09 14:15 56,544 ----a-w C:\Users\HH\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-29 16:27 81,920 ----a-w C:\Users\HH\AppData\Roaming\ezpinst.exe
2007-05-29 16:27 47,360 ----a-w C:\Users\HH\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-28_12.32.13,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-28 08:49:55 67,584 ----a-w C:\Windows\bootstat.dat
+ 2007-10-29 15:30:48 67,584 ----a-w C:\Windows\bootstat.dat
- 2007-10-26 11:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-10-28 21:38:03 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-10-28 08:51:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-10-29 15:32:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-10-26 11:24:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-10-28 21:38:04 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-10-28 09:38:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-29 18:30:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-29 18:30:19 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-10-28 10:24:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-29 17:46:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-28 10:24:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-29 17:46:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-28 10:24:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-29 17:46:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-28 11:29:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-10-29 18:26:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-08-07 16:20:44 182,248 ----a-w C:\Windows\System32\Macromed\Director\swdir.dll
+ 2007-08-07 16:21:02 55,272 ----a-w C:\Windows\System32\Macromed\Director\SwDnld.exe
- 2007-10-28 08:54:42 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-10-29 15:36:15 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2007-10-28 08:54:42 122,590 ----a-w C:\Windows\System32\perfc013.dat
+ 2007-10-29 15:36:15 122,590 ----a-w C:\Windows\System32\perfc013.dat
- 2007-10-28 08:54:42 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-10-29 15:36:15 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2007-10-28 08:54:42 689,380 ----a-w C:\Windows\System32\perfh013.dat
+ 2007-10-29 15:36:15 689,380 ----a-w C:\Windows\System32\perfh013.dat
- 2007-10-28 08:52:10 9,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3138983019-2224987015-149614728-1000_UserData.bin
+ 2007-10-29 15:32:46 9,870 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3138983019-2224987015-149614728-1000_UserData.bin
- 2007-10-28 08:52:09 78,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-29 15:32:46 79,064 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-10-28 08:51:54 51,584 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-29 15:32:42 52,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""

"eRecoveryService"=""

"LXBUCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 04:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-27 16:15]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 C:\Windows\RtHDVCpl.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 01:39]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-13 23:16]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 12:29]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 13:26]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 18:16]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=""

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 19:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Host Process"="C:\Users\HH\svchost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-19 17:03:33]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;ISA/EISA Class-stuurprogramma;C:\Windows\system32\drivers\msisadrv.sys
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys
R0 volmgr;Stuurprogramma voor Volumebeheer;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Bericht-georiënteerd TCP/IP- en TCP/IPv6-protocol (SMB-sessie);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;Stuurprogramma voor ondersteuning van NetIO Legacy TDI;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Diagnostic Policy-service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Network List-service;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Network Store Interface-service;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Program Compatibility Assistant-service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;User Profile-service;C:\Windows\system32\svchost.exe -k netsvcs
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Tablet PC Input-service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WerSvc;Windows Error Reporting-service;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 Wlansvc;WLAN Auto Config;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 WPDBusEnum;Portable Device Enumerator-service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 circlass;Consumer IR Devices;C:\Windows\system32\DRIVERS\circlass.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService
R3 iScsiPrt;iScsiPort-stuurprogramma;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe
R3 monitor;Microsoft Monitor Class Function Driver-service;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Autorisatiestuurprogramma van Windows Firewall;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapterstuurprogramma;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;UMBus Enumerator-stuurprogramma;C:\Windows\system32\DRIVERS\umbus.sys
R3 USB28xxBGA;PCTV 330e/8x0e Device;C:\Windows\system32\DRIVERS\emBDA.sys
R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys
R3 usbcir;eHome-infraroodontvanger (USBCIR);C:\Windows\system32\DRIVERS\usbcir.sys
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService
S3 MSiSCSI;Microsoft iSCSI Initiator-service;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;PNRP Machine Name Publication-service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;QWAVE-stuurprogramma;C:\Windows\system32\drivers\qwavedrv.sys
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Windows Back-up;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;SL UI Notification-service;C:\Windows\system32\svchost.exe -k LocalService
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery-service;C:\Windows\system32\svchost.exe -k LocalService
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService
S3 winusb;WinUsb-stuurprogramma;C:\Windows\system32\DRIVERS\winusb.sys
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 Mcx2Svc;Windows Media Center Extender-service;C:\Windows\system32\svchost.exe -k LocalService
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted PolicyAgent
LocalServiceNoNetwork PLA DPS BFE mpssvc ehstart
NetworkService CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup wersvc
swprv swprv
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc RemoteRegistry
wcssvc WcsPlugInService
DcomLaunch PlugPlay DcomLaunch
wdisvc WdiServiceHost
sdrsvc sdrsvc
secsvcs WinDefend
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
AutoRun\command - K:\setupSNK.exe
AutoRun\command - K:\setupSNK.exe
AutoRun\command - setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 19:30:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-10-29 19:31:31
C:\ComboFix2.txt ... 2007-10-28 13:03
C:\ComboFix3.txt ... 2007-10-28 12:50
.
--- E O F ---

hhhh · 29 oktober 2007, 19:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2007-10-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11145 bytes

**Marckie** · 29 oktober 2007, 20:09

Zijn er nog problemen?

hhhh · 29 oktober 2007, 20:22

Tot nu toe heb ik de melding nog niet gekregen.
Tot zover alvast hartelijk bedankt. Hoe je achter het probleem bent gekomen is mij een raadsel. Kennelijk zijn toch de juiste vinkjes gezet.

Ik heb wel een ander probleempje nl. Ik weet niet of dit een gevolg is van alles wat er inmiddels door het zojuist opgeloste probleem is ontstaan maar....
Een regelmatige pop-up van Windows beveiligingscentrum. Deze vermeldt dat die is uitgeschakelt. Zodra ik de knop "Nu inschakelen" indruk dan krijg ik een
andere pop-up: "X De Security Center-service is niet gestart"

Vr. gr.
HHHH

**Marckie** · 29 oktober 2007, 20:29

Ga naar Start - Uitvoeren en tik in: services.msc
Druk op Enter.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
In het scherm dat nu opent zoek je deze service: Security Center.
Dubbelklik er op, start de service en zet dan het opstarttype op automatisch (vertraagd starten).
Klik op Toepassen en klik op OK.
Sluit het venster.

Herstart de computer en controleer of de instellingen behouden blijven.
(de melding zou niet meer mogen verschijnen)

hhhh · 29 oktober 2007, 20:45

Ik krijg na het openen van de service eerst een pop-up
Services

Configuratiebeheer: De opgegeven ingang voor een apparaatinstantie verwijst niet naar een huidig apparaat
Vervolgens OK
Dan het Venster Eigenschappen van security-center (lokale computer)
Tabblad Algemeen
Status van de service Gestopt
Vervolgen Starten ingedrukt gevolg:
Pop-up Services met melding:
Kan de Security Center service op lokale computer niet starten
Fout 1083: het programma waarmee deze service wordt uitgevoerd brengt de service niet tot uitvoer

Ik hoop dat je er nog iets van snapt
Gr. HHHH

**Marckie** · 29 oktober 2007, 20:49

Log eens in als Administrator en probeer opnieuw.

hhhh · 29 oktober 2007, 21:09

Ik heb maar 1 account dus volgens mij ben ik als administrator ingelogd. Ik heb de computer opnieuw opgestart (slechts 1 mogelijkheid om in te loggen). Ik krijg meteen rechtsonderin een melding van het beveiligingscentrum. Ik krijg de service niet gestart. Alles meldingen blijven zoals hiervoor is beschreven. ???
Gr.
HHHH

**Marckie** · 29 oktober 2007, 22:20

Wanneer is dit probleem ontstaan?

hhhh · 29 oktober 2007, 22:51

Sinds de problemen die we hebben opgelost. Ik heb ontdekt dat bij eigenschappen van Security center het volgende pad naar uitvoerbaar bestand wordt aangegeven:
C:\Windows\System32\svchost.exe -k netsvcs. Misschien heeft dat er iets mee te maken?
HHHH

**Marckie** · 29 oktober 2007, 23:04

Hoe staat het opstarttype van deze service?

Lijkt me niet correct wat je daar post hoor.

hhhh · 29 oktober 2007, 23:08

Op Automatisch (vertraagd starten)
Als Servicenaam staat vermeld: wscsvc
HHHH

**Marckie** · 29 oktober 2007, 23:14

De service zou moeten starten onder een andere groep, daarom dat ie waarschijnlijk faalt.

Doe dit:

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: look.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Code:

regedit /e look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc" 
start notepad look.txt

Rechtsklik op look.bat en kies voor uitvoeren als Administrator.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Post de inhoud van de logfile die opent.

hhhh · 31 oktober 2007, 07:51

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DisplayName"="Security Center"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"FailureCommand"="\"\" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00

**Marckie** · 31 oktober 2007, 18:56

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.reg
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
  76,69,63,65,4e,65,74,77,6f,72,6b,52,65,73,74,72,69,63,74,65,64,00
"ObjectName"="NT AUTHORITY\\LocalService"

Rechtsklik op fix.reg en kies uitvoeren als Administrator.
Bevestig de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken en laat de wijzigingen aan het register toevoegen.

Herstart de computer.
Meldt of het probleem verholpen is.

hhhh · 31 oktober 2007, 21:42

Ik krijg de melding nu niet meer direct na het opstarten dus ik ga er van uit dat dit is opgelost. Ik moet zeggen petje af hoor. harstikke bedankt

**Marckie** · 31 oktober 2007, 22:41

Graag gedaan.
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Best dat je nog even de bestaande systeemherstelpunten wist.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

28 oktober 2007, 17:19	#1
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Trend micro waarschuwing (Gesponsorde links- (Wat is dit?)) Ik krijg erg vaak de melding: Waarschuwing gevaarlijke website U hebt geprobeerd een gevaarlijke website te openen <KNIP> (linkje weggehaald) Dit gebeurd echter spontaan zonder dat ik een IE venster heb geopend. Ik heb op het forum een dergelijk artikel gezien echter de oplossing voor mij staat daar niet in (HijackThis en Combofix) Hier volgen de log files van HijackThis en Combofix: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:14, on 28-10-2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\System32\SysMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Users\HH\svchost.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - C:\Windows\system32\wvuspqn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab O20 - Winlogon Notify: wvuspqn - C:\Windows\SYSTEM32\wvuspqn.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 11089 bytes ================ ComboFix 07-10-26.4 - HH 2007-10-28 12:29:21.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.898 [GMT 1:00] Gestart vanuit: C:\Users\HH\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\HH.\svchost.exe C:\Windows\system32\service.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))) . 2007-10-28 12:27 51,200 --a------ C:\Windows\NirCmd.exe 2007-10-27 11:32 33,792 --a------ C:\Windows\System32\wvuspqn.dll 2007-10-26 19:15 <DIR> d-------- C:\Users\All Users\Nero 2007-10-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-10-26 19:15 <DIR> d-------- C:\PROGRA~2\Nero 2007-10-26 19:11 <DIR> d-------- C:\Program Files\Incomplete 2007-10-26 18:44 <DIR> d--hs---- C:\Users\HH\' 2007-10-26 18:44 278,544 --a------ C:\Users\HH\Setup.exe 2007-10-26 18:44 147,456 --a------ C:\Users\HH\vbzip10.dll 2007-10-26 18:41 82 --a------ C:\n.bat 2007-10-26 16:52 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility 2007-10-26 16:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2007-10-25 14:40 <DIR> d-------- C:\Program Files\HammerHead 2007-10-21 12:01 <DIR> d-------- C:\Users\HH\AppData\Roaming\Line 6 2007-10-21 12:00 <DIR> d-------- C:\Program Files\Line6 2007-10-16 16:27 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2007-10-15 16:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0) 2007-10-11 21:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2007-10-11 21:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2007-10-11 21:38 7,680 --a------ C:\Windows\System32\spwmp.dll 2007-10-11 21:38 4,096 --a------ C:\Windows\System32\dxmasf.dll 2007-10-11 21:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2007-10-07 21:50 <DIR> d--hs---- C:\Users\HH\Phone Browser 2007-10-07 13:13 <DIR> d-------- C:\Users\All Users\Nokia 2007-10-07 13:13 <DIR> d-------- C:\PROGRA~2\Nokia 2007-10-06 19:06 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia Multimedia Player 2007-10-06 18:50 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia 2007-10-06 18:50 <DIR> d-------- C:\Users\All Users\PC Suite 2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-10-06 18:50 <DIR> d-------- C:\PROGRA~2\PC Suite 2007-10-06 18:49 <DIR> d-------- C:\Users\HH\AppData\Roaming\PC Suite 2007-10-06 18:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-10-06 18:48 <DIR> d-------- C:\Program Files\Nokia 2007-10-06 17:15 <DIR> d-------- C:\Program Files\PlayMP3z 2007-10-06 17:15 <DIR> d-------- C:\Program Files\ContextTool 2007-10-02 18:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1 2007-10-02 18:26 737,280 --a------ C:\Windows\iun6002.exe 2007-10-01 16:39 <DIR> d-------- C:\Program Files\iTunes 2007-10-01 16:39 <DIR> d-------- C:\Program Files\iPod 2007-10-01 15:53 <DIR> d-------- C:\Program Files\Microsoft Works 2007-10-01 15:52 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-10-01 15:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-10-01 15:46 <DIR> d-------- C:\Users\All Users\Microsoft Help 2007-10-01 15:46 <DIR> d-------- C:\PROGRA~2\Microsoft Help 2007-10-01 15:41 <DIR> dr-h----- C:\MSOCache . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 11:24 --------- d-----w C:\Program Files\Trend Micro 2007-10-28 08:56 --------- d-----w C:\Users\HH\AppData\Roaming\LimeWire 2007-10-28 08:50 --------- d-----w C:\Program Files\Lx_cats 2007-10-27 10:27 --------- d-----w C:\PROGRA~2\NVIDIA 2007-10-16 15:28 --------- d-----w C:\Program Files\Kodak 2007-10-15 19:04 --------- d-----w C:\PROGRA~2\DVD Shrink 2007-10-11 21:19 --------- d-----w C:\Program Files\Windows Mail 2007-10-11 20:36 84,480 ----a-w C:\Windows\System32\INETRES.dll 2007-10-11 20:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2007-10-11 20:36 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-10-11 20:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-10-11 20:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-10-01 15:39 --------- d-----w C:\PROGRA~2\Apple Computer 2007-10-01 14:53 --------- d-----w C:\Program Files\MSBuild 2007-09-21 11:52 --------- d-----w C:\Program Files\Apple Software Update 2007-09-12 03:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll 2007-09-12 03:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll 2007-09-12 03:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll 2007-09-12 03:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe 2007-09-12 03:28 7,623,968 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys 2007-09-12 03:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll 2007-09-12 03:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll 2007-09-12 03:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll 2007-09-12 03:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll 2007-09-12 03:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll 2007-09-12 03:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll 2007-09-12 03:28 364,544 ----a-w C:\Windows\System32\nvapi.dll 2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll 2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod.dll 2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe 2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe 2007-09-12 03:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll 2007-09-12 03:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll 2007-09-12 03:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll 2007-09-12 03:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll 2007-09-12 03:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll 2007-09-12 03:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll 2007-09-12 03:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll 2007-09-12 03:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll 2007-09-12 03:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll 2007-09-12 03:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll 2007-09-12 03:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe 2007-09-12 03:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll 2007-09-12 03:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll 2007-09-12 03:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll 2007-09-03 05:00 174 --sha-w C:\Program Files\desktop.ini 2007-09-03 04:40 88,576 ----a-w C:\Windows\System32\avifil32.dll 2007-09-03 04:40 82,944 ----a-w C:\Windows\System32\mciavi32.dll 2007-09-03 04:40 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr 2007-09-03 04:40 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll 2007-09-03 04:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-09-03 04:40 69,632 ----a-w C:\Windows\System32\sendmail.dll 2007-09-03 04:40 65,024 ----a-w C:\Windows\System32\avicap32.dll 2007-09-03 04:40 61,440 ----a-w C:\Windows\System32\ntprint.exe 2007-09-03 04:40 31,232 ----a-w C:\Windows\System32\msvidc32.dll 2007-09-03 04:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-09-03 04:40 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-09-03 04:40 269,824 ----a-w C:\Windows\System32\schannel.dll 2007-09-03 04:40 220,160 ----a-w C:\Windows\System32\ntprint.dll 2007-09-03 04:40 123,904 ----a-w C:\Windows\System32\msvfw32.dll 2007-09-03 04:40 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll 2007-09-03 04:40 12,800 ----a-w C:\Windows\System32\msrle32.dll 2007-09-03 04:40 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll 2007-09-03 04:40 1,984,512 ----a-w C:\Windows\System32\authui.dll 2007-08-31 19:07 8,192 ----a-w C:\Windows\System32\riched32.dll 2007-08-31 19:07 77,824 ----a-w C:\Windows\System32\rascfg.dll 2007-08-31 19:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2007-08-31 19:07 694,784 ----a-w C:\Windows\System32\localspl.dll 2007-08-31 19:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2007-08-31 19:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2007-08-31 19:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll 2007-08-31 19:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2007-08-31 19:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll 2007-08-31 19:07 36,864 ----a-w C:\Windows\System32\cdd.dll 2007-08-31 19:07 33,280 ----a-w C:\Windows\System32\traffic.dll 2007-08-31 19:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll 2007-08-31 19:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll 2007-08-31 19:07 22,016 ----a-w C:\Windows\System32\rasser.dll 2007-08-31 19:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys 2007-08-31 19:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll 2007-08-31 19:07 134,656 ----a-w C:\Windows\System32\dps.dll 2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\wshqos.dll 2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe 2007-08-31 19:07 --------- d-----w C:\Program Files\Windows Calendar 2007-08-31 19:06 750,080 ----a-w C:\Windows\System32\qmgr.dll 2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll 2007-08-24 10:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2007-08-24 10:50 43,352 ----a-w C:\Windows\System32\wups2.dll 2007-08-24 10:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2007-08-24 10:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2007-08-24 10:49 80,896 ----a-w C:\Windows\System32\wudriver.dll 2007-08-24 10:49 549,720 ----a-w C:\Windows\System32\wuapi.dll 2007-08-24 10:49 33,624 ----a-w C:\Windows\System32\wups.dll 2007-08-24 10:48 31,232 ----a-w C:\Windows\System32\wuapp.exe 2007-08-24 10:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2007-08-16 11:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2007-08-16 11:13 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2007-08-09 14:15 56,544 ----a-w C:\Users\HH\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-05-29 16:27 81,920 ----a-w C:\Users\HH\AppData\Roaming\ezpinst.exe 2007-05-29 16:27 47,360 ----a-w C:\Users\HH\AppData\Roaming\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 21:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C3C907-6601-4D81-9941-18536FF6F333}] 2007-10-27 11:32 33792 --a------ C:\Windows\system32\wvuspqn.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Tour"="" "eRecoveryService"="" "LXBUCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 04:12] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-27 16:15] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 C:\Windows\RtHDVCpl.exe] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 01:39] "MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-13 23:16] "lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 12:29] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 13:26] "EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 18:16] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12] "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"="" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35] "PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 19:12] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03] "PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 15:20] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36] "Host Process"="C:\Users\HH\svchost.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-19 17:03:33] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{36C3C907-6601-4D81-9941-18536FF6F333}"= C:\Windows\system32\wvuspqn.dll [2007-10-27 11:32 33792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspqn] wvuspqn.dll 2007-10-27 11:32 33792 C:\Windows\System32\wvuspqn.dll R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys R3 USB28xxBGA;PCTV 330e/8x0e Device;C:\Windows\system32\DRIVERS\emBDA.sys R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys R4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys S3 winusb;WinUsb-stuurprogramma;C:\Windows\system32\DRIVERS\winusb.sys S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum WindowsMobile wcescomm rapimgr LocalServiceRestricted WcesComm RapiMgr bthsvcs BthServ AutoRun\command - K:\setupSNK.exe AutoRun\command - K:\setupSNK.exe AutoRun\command - setupSNK.exe Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************ catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-28 12:32:03 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************ . Voltooingstijd: 2007-10-28 12:32:40 . --- E O F --- ========= Ik hoop dat ik een reactie krijg waarmee ik als leek uit de voeten kan. Alvast bedankt voor de moeite Vr gr. HHHH Laatst gewijzigd door Marckie; 28 oktober 2007 om 17:23

Discussietools
Printversie tonen Deze pagina e-mailen
Geef een waardering voor deze discussie
Geef een waardering voor deze discussie:

Soortgelijke discussies
Discussie	Auteur	Forum	Reacties	Laatste bericht
Logfile of Trend Micro HijackThis v2.0.2	sorosh	Opgeloste / inactieve HJT-logs	8	23 september 2007 18:06
Veiligheidsproblemen met Trend Micro producten	Geeske	Nieuws	1	24 augustus 2007 10:48
Trend Micro online scanner	shivan	Privacy	1	24 juni 2007 23:28
Trend Micro Sysclean	Huini041	Geïnfecteerd?	1	5 april 2005 18:32

28 oktober 2007, 22:09	#3
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:08, on 2007-10-28 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\System32\SysMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 11153 bytes Ik hoop dat u er iets mee kunt Vr. gr. HHHH

29 oktober 2007, 19:46	#6
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:45, on 2007-10-29 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\System32\SysMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Windows\System32\mobsync.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 11145 bytes

29 oktober 2007, 20:22	#8
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Tot nu toe heb ik de melding nog niet gekregen. Tot zover alvast hartelijk bedankt. Hoe je achter het probleem bent gekomen is mij een raadsel. Kennelijk zijn toch de juiste vinkjes gezet. Ik heb wel een ander probleempje nl. Ik weet niet of dit een gevolg is van alles wat er inmiddels door het zojuist opgeloste probleem is ontstaan maar.... Een regelmatige pop-up van Windows beveiligingscentrum. Deze vermeldt dat die is uitgeschakelt. Zodra ik de knop "Nu inschakelen" indruk dan krijg ik een andere pop-up: "X De Security Center-service is niet gestart" Vr. gr. HHHH

29 oktober 2007, 20:45	#10
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Ik krijg na het openen van de service eerst een pop-up Services Configuratiebeheer: De opgegeven ingang voor een apparaatinstantie verwijst niet naar een huidig apparaat Vervolgens OK Dan het Venster Eigenschappen van security-center (lokale computer) Tabblad Algemeen Status van de service Gestopt Vervolgen Starten ingedrukt gevolg: Pop-up Services met melding: Kan de Security Center service op lokale computer niet starten Fout 1083: het programma waarmee deze service wordt uitgevoerd brengt de service niet tot uitvoer Ik hoop dat je er nog iets van snapt Gr. HHHH

29 oktober 2007, 21:09	#12
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Ik heb maar 1 account dus volgens mij ben ik als administrator ingelogd. Ik heb de computer opnieuw opgestart (slechts 1 mogelijkheid om in te loggen). Ik krijg meteen rechtsonderin een melding van het beveiligingscentrum. Ik krijg de service niet gestart. Alles meldingen blijven zoals hiervoor is beschreven. ??? Gr. HHHH

29 oktober 2007, 22:51	#14
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Sinds de problemen die we hebben opgelost. Ik heb ontdekt dat bij eigenschappen van Security center het volgende pad naar uitvoerbaar bestand wordt aangegeven: C:\Windows\System32\svchost.exe -k netsvcs. Misschien heeft dat er iets mee te maken? HHHH

29 oktober 2007, 23:08	#16
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Op Automatisch (vertraagd starten) Als Servicenaam staat vermeld: wscsvc HHHH

31 oktober 2007, 07:51	#18
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "DisplayName"="Security Center" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Start"=dword:00000002 "Type"=dword:00000020 "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\ 6d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="LocalSystem" "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00 "DelayedAutoStart"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 "FailureCommand"="\"\" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\ 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\ 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\ 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\ 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\ 00,00,00

31 oktober 2007, 21:42	#20
hhhh Gewenste moeilijkheid bij antwoorden: 1. Starter Besturingssysteem: Windows Vista Home Premium Berichten: 11	Ik krijg de melding nu niet meer direct na het opstarten dus ik ga er van uit dat dit is opgelost. Ik moet zeggen petje af hoor. harstikke bedankt