Nucia Security Forums Klik hier om een nieuwe vraag te stellen  

 

 


Ook dit probleem?
Indien jij ook last denkt te hebben van onderstaand probleem vragen we je de volgende stappen te doorlopen:
1. Gratis registeren.
2. Dit bericht doorlezen.
3. Het gemaakte log in deze sectie plaatsen.
(Gesponsorde links- (Wat is dit?))
(Gesponsorde links - (Wat is dit?))

Thread Status: Solved
 
Thread Tools Rate Thread
Old 28-10-2007, 17:19   #1
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Trend micro waarschuwing
(Gesponsorde links- (Wat is dit?))
Ik krijg erg vaak de melding: Waarschuwing gevaarlijke website
U hebt geprobeerd een gevaarlijke website te openen

<KNIP> (linkje weggehaald)

Dit gebeurd echter spontaan zonder dat ik een IE venster heb geopend. Ik heb op het forum een dergelijk artikel gezien echter de oplossing voor mij staat daar niet in (HijackThis en Combofix)
Hier volgen de log files van HijackThis en Combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:14, on 28-10-2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Users\HH\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - C:\Windows\system32\wvuspqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O20 - Winlogon Notify: wvuspqn - C:\Windows\SYSTEM32\wvuspqn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11089 bytes
================

ComboFix 07-10-26.4 - HH 2007-10-28 12:29:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.898 [GMT 1:00]
Gestart vanuit: C:\Users\HH\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\HH.\svchost.exe
C:\Windows\system32\service.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))
.

2007-10-28 12:27 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-27 11:32 33,792 --a------ C:\Windows\System32\wvuspqn.dll
2007-10-26 19:15 <DIR> d-------- C:\Users\All Users\Nero
2007-10-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-26 19:15 <DIR> d-------- C:\PROGRA~2\Nero
2007-10-26 19:11 <DIR> d-------- C:\Program Files\Incomplete
2007-10-26 18:44 <DIR> d--hs---- C:\Users\HH\'
2007-10-26 18:44 278,544 --a------ C:\Users\HH\Setup.exe
2007-10-26 18:44 147,456 --a------ C:\Users\HH\vbzip10.dll
2007-10-26 18:41 82 --a------ C:\n.bat
2007-10-26 16:52 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility
2007-10-26 16:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-10-25 14:40 <DIR> d-------- C:\Program Files\HammerHead
2007-10-21 12:01 <DIR> d-------- C:\Users\HH\AppData\Roaming\Line 6
2007-10-21 12:00 <DIR> d-------- C:\Program Files\Line6
2007-10-16 16:27 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-10-15 16:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2007-10-11 21:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-10-11 21:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 21:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-10-11 21:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-10-11 21:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-07 21:50 <DIR> d--hs---- C:\Users\HH\Phone Browser
2007-10-07 13:13 <DIR> d-------- C:\Users\All Users\Nokia
2007-10-07 13:13 <DIR> d-------- C:\PROGRA~2\Nokia
2007-10-06 19:06 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia Multimedia Player
2007-10-06 18:50 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia
2007-10-06 18:50 <DIR> d-------- C:\Users\All Users\PC Suite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 18:50 <DIR> d-------- C:\PROGRA~2\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Users\HH\AppData\Roaming\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-06 18:48 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 17:15 <DIR> d-------- C:\Program Files\PlayMP3z
2007-10-06 17:15 <DIR> d-------- C:\Program Files\ContextTool
2007-10-02 18:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-02 18:26 737,280 --a------ C:\Windows\iun6002.exe
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iTunes
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iPod
2007-10-01 15:53 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-01 15:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-01 15:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-01 15:46 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-10-01 15:46 <DIR> d-------- C:\PROGRA~2\Microsoft Help
2007-10-01 15:41 <DIR> dr-h----- C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 11:24 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 08:56 --------- d-----w C:\Users\HH\AppData\Roaming\LimeWire
2007-10-28 08:50 --------- d-----w C:\Program Files\Lx_cats
2007-10-27 10:27 --------- d-----w C:\PROGRA~2\NVIDIA
2007-10-16 15:28 --------- d-----w C:\Program Files\Kodak
2007-10-15 19:04 --------- d-----w C:\PROGRA~2\DVD Shrink
2007-10-11 21:19 --------- d-----w C:\Program Files\Windows Mail
2007-10-11 20:36 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 20:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 20:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 20:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 20:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-01 15:39 --------- d-----w C:\PROGRA~2\Apple Computer
2007-10-01 14:53 --------- d-----w C:\Program Files\MSBuild
2007-09-21 11:52 --------- d-----w C:\Program Files\Apple Software Update
2007-09-12 03:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 03:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 03:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 03:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 03:28 7,623,968 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-12 03:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 03:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 03:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 03:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 03:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 03:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 03:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 03:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 03:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 03:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 03:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 03:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 03:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 03:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 03:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 03:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 03:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 03:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 03:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 03:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 03:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-03 05:00 174 --sha-w C:\Program Files\desktop.ini
2007-09-03 04:40 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-09-03 04:40 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-09-03 04:40 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-09-03 04:40 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-09-03 04:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-09-03 04:40 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-09-03 04:40 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-09-03 04:40 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-09-03 04:40 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-09-03 04:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-09-03 04:40 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-09-03 04:40 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-09-03 04:40 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-09-03 04:40 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-09-03 04:40 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-09-03 04:40 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-09-03 04:40 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-09-03 04:40 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-31 19:07 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-31 19:07 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-31 19:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-08-31 19:07 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-31 19:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-31 19:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-08-31 19:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-31 19:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-08-31 19:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-31 19:07 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-31 19:07 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-31 19:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-31 19:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-31 19:07 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-31 19:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-08-31 19:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-31 19:07 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-31 19:07 --------- d-----w C:\Program Files\Windows Calendar
2007-08-31 19:06 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-24 10:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-24 10:50 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-24 10:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-24 10:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-24 10:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-24 10:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-24 10:49 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-24 10:48 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-24 10:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-08-16 11:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-08-16 11:13 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-08-09 14:15 56,544 ----a-w C:\Users\HH\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-29 16:27 81,920 ----a-w C:\Users\HH\AppData\Roaming\ezpinst.exe
2007-05-29 16:27 47,360 ----a-w C:\Users\HH\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C3C907-6601-4D81-9941-18536FF6F333}]
2007-10-27 11:32 33792 --a------ C:\Windows\system32\wvuspqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""
"eRecoveryService"=""
"LXBUCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 04:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-27 16:15]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 C:\Windows\RtHDVCpl.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 01:39]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-13 23:16]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 12:29]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 13:26]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 18:16]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=""
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 19:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"Host Process"="C:\Users\HH\svchost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-19 17:03:33]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36C3C907-6601-4D81-9941-18536FF6F333}"= C:\Windows\system32\wvuspqn.dll [2007-10-27 11:32 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspqn]
wvuspqn.dll 2007-10-27 11:32 33792 C:\Windows\System32\wvuspqn.dll

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys
R3 USB28xxBGA;PCTV 330e/8x0e Device;C:\Windows\system32\DRIVERS\emBDA.sys
R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
R4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 winusb;WinUsb-stuurprogramma;C:\Windows\system32\DRIVERS\winusb.sys
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ
AutoRun\command - K:\setupSNK.exe
AutoRun\command - K:\setupSNK.exe
AutoRun\command - setupSNK.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 12:32:03
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-10-28 12:32:40
.
--- E O F ---
=========

Ik hoop dat ik een reactie krijg waarmee ik als leek uit de voeten kan.
Alvast bedankt voor de moeite
Vr gr.
HHHH
Last edited by Marckie; 28-10-2007 at 17:23.
hhhh is offline  
Old 28-10-2007, 17:27   #2
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Sluit alle open vensters, en zeker dat van internet explorer.

Rechtsklik op C:\Program Files\Trend Micro\HijackThis\HijackThis.exe en kies voor "Als Administrator uitvoeren.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Klik daarna op knop "Scan".
Plaats een vinkje bij de volgende items:
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - C:\Windows\system32\wvuspqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O20 - Winlogon Notify: wvuspqn - C:\Windows\SYSTEM32\wvuspqn.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.

Start HijackThis opnieuw, maak een nieuwe log en post deze
Handtekening van Marckie:
Marckie is offline  
Old 28-10-2007, 22:09   #3
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08, on 2007-10-28
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11153 bytes

Ik hoop dat u er iets mee kunt
Vr. gr.
HHHH
hhhh is offline  
Old 29-10-2007, 18:43   #4
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Code:
File::
C:\Users\HH\svchost.exe
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

Rechtsklik op C:\Program Files\Trend Micro\HijackThis\HijackThis.exe en kies voor "Als Administrator uitvoeren.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Klik daarna op knop "Scan".
Plaats een vinkje bij de volgende items:
O4 - HKCU\..\Run: [Host Process] C:\Users\HH\svchost.exe

Herstart de computer, maak een nieuwe hijackthislog en post deze.
Handtekening van Marckie:
Marckie is offline  
Old 29-10-2007, 19:35   #5
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
ComboFix 07-10-26.4 - HH 2007-10-29 19:27:03.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.861 [GMT 1:00]
Gestart vanuit: C:\Users\HH\Desktop\ComboFix.exe
Command switches used :: C:\Users\HH\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE::
C:\Users\HH\svchost.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))
.

2007-10-28 21:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-10-28 21:37 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2007-10-28 13:47 <DIR> d-------- C:\Users\HH\AppData\Roaming\Lavasoft
2007-10-28 13:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-28 12:27 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-27 11:32 33,792 --a------ C:\Windows\System32\wvuspqn.dll
2007-10-26 19:15 <DIR> d-------- C:\Users\All Users\Nero
2007-10-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-26 19:15 <DIR> d-------- C:\PROGRA~2\Nero
2007-10-26 19:11 <DIR> d-------- C:\Program Files\Incomplete
2007-10-26 18:44 278,544 --a------ C:\Users\HH\Setup.exe
2007-10-26 18:44 147,456 --a------ C:\Users\HH\vbzip10.dll
2007-10-26 18:41 82 --a------ C:\n.bat
2007-10-26 16:52 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility
2007-10-26 16:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-10-25 14:40 <DIR> d-------- C:\Program Files\HammerHead
2007-10-21 12:01 <DIR> d-------- C:\Users\HH\AppData\Roaming\Line 6
2007-10-21 12:00 <DIR> d-------- C:\Program Files\Line6
2007-10-16 16:27 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-10-15 16:52 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2007-10-11 21:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-10-11 21:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 21:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-10-11 21:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-10-11 21:35 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-07 21:50 <DIR> d--hs---- C:\Users\HH\Phone Browser
2007-10-07 13:13 <DIR> d-------- C:\Users\All Users\Nokia
2007-10-07 13:13 <DIR> d-------- C:\PROGRA~2\Nokia
2007-10-06 19:06 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia Multimedia Player
2007-10-06 18:50 <DIR> d-------- C:\Users\HH\AppData\Roaming\Nokia
2007-10-06 18:50 <DIR> d-------- C:\Users\All Users\PC Suite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 18:50 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 18:50 <DIR> d-------- C:\PROGRA~2\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Users\HH\AppData\Roaming\PC Suite
2007-10-06 18:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-06 18:48 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 17:15 <DIR> d-------- C:\Program Files\PlayMP3z
2007-10-06 17:15 <DIR> d-------- C:\Program Files\ContextTool
2007-10-02 18:26 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-10-02 18:26 737,280 --a------ C:\Windows\iun6002.exe
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iTunes
2007-10-01 16:39 <DIR> d-------- C:\Program Files\iPod
2007-10-01 15:53 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-01 15:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-01 15:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-01 15:46 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-10-01 15:46 <DIR> d-------- C:\PROGRA~2\Microsoft Help
2007-10-01 15:41 <DIR> dr-h----- C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 15:31 --------- d-----w C:\Program Files\Lx_cats
2007-10-28 11:24 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 08:56 --------- d-----w C:\Users\HH\AppData\Roaming\LimeWire
2007-10-27 10:27 --------- d-----w C:\PROGRA~2\NVIDIA
2007-10-16 15:28 --------- d-----w C:\Program Files\Kodak
2007-10-15 19:04 --------- d-----w C:\PROGRA~2\DVD Shrink
2007-10-11 21:19 --------- d-----w C:\Program Files\Windows Mail
2007-10-11 20:36 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 20:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 20:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 20:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 20:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-01 15:39 --------- d-----w C:\PROGRA~2\Apple Computer
2007-10-01 14:53 --------- d-----w C:\Program Files\MSBuild
2007-09-21 11:52 --------- d-----w C:\Program Files\Apple Software Update
2007-09-12 03:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 03:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 03:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 03:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 03:28 7,623,968 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-12 03:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 03:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 03:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 03:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 03:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 03:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 03:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 03:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 03:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 03:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 03:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 03:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 03:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 03:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 03:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 03:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 03:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 03:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 03:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 03:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 03:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 03:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 03:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-03 05:00 174 --sha-w C:\Program Files\desktop.ini
2007-09-03 04:40 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-09-03 04:40 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-09-03 04:40 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-09-03 04:40 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-09-03 04:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-09-03 04:40 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-09-03 04:40 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-09-03 04:40 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-09-03 04:40 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-09-03 04:40 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-09-03 04:40 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-09-03 04:40 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-09-03 04:40 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-09-03 04:40 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-09-03 04:40 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-09-03 04:40 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-09-03 04:40 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-09-03 04:40 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-31 19:07 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-31 19:07 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-31 19:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-08-31 19:07 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-31 19:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-31 19:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-08-31 19:07 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-31 19:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-08-31 19:07 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-31 19:07 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-31 19:07 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-31 19:07 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-31 19:07 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-31 19:07 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-31 19:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-08-31 19:07 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-31 19:07 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-31 19:07 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-31 19:07 --------- d-----w C:\Program Files\Windows Calendar
2007-08-31 19:06 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-24 10:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-24 10:50 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-24 10:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-24 10:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-24 10:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-24 10:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-24 10:49 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-24 10:48 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-24 10:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-08-16 11:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-08-16 11:13 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-08-09 14:15 56,544 ----a-w C:\Users\HH\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-29 16:27 81,920 ----a-w C:\Users\HH\AppData\Roaming\ezpinst.exe
2007-05-29 16:27 47,360 ----a-w C:\Users\HH\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-28_12.32.13,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-28 08:49:55 67,584 ----a-w C:\Windows\bootstat.dat
+ 2007-10-29 15:30:48 67,584 ----a-w C:\Windows\bootstat.dat
- 2007-10-26 11:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-10-28 21:38:03 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-10-28 08:51:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-10-29 15:32:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-10-26 11:24:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2007-10-28 21:38:04 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2007-10-28 09:38:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-29 18:30:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-29 18:30:19 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-10-28 10:24:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-29 17:46:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-28 10:24:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-29 17:46:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-28 10:24:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-29 17:46:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-28 11:29:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-10-29 18:26:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-08-07 16:20:44 182,248 ----a-w C:\Windows\System32\Macromed\Director\swdir.dll
+ 2007-08-07 16:21:02 55,272 ----a-w C:\Windows\System32\Macromed\Director\SwDnld.exe
- 2007-10-28 08:54:42 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-10-29 15:36:15 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2007-10-28 08:54:42 122,590 ----a-w C:\Windows\System32\perfc013.dat
+ 2007-10-29 15:36:15 122,590 ----a-w C:\Windows\System32\perfc013.dat
- 2007-10-28 08:54:42 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-10-29 15:36:15 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2007-10-28 08:54:42 689,380 ----a-w C:\Windows\System32\perfh013.dat
+ 2007-10-29 15:36:15 689,380 ----a-w C:\Windows\System32\perfh013.dat
- 2007-10-28 08:52:10 9,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3138983019-2224987015-149614728-1000_UserData.bin
+ 2007-10-29 15:32:46 9,870 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3138983019-2224987015-149614728-1000_UserData.bin
- 2007-10-28 08:52:09 78,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-29 15:32:46 79,064 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-10-28 08:51:54 51,584 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-29 15:32:42 52,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""
"eRecoveryService"=""
"LXBUCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 04:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-27 16:15]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 C:\Windows\RtHDVCpl.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-08 01:39]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [2006-12-13 23:16]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 12:29]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 13:26]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 18:16]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 04:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 04:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=""
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-02-12 19:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 15:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Host Process"="C:\Users\HH\svchost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-19 17:03:33]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;ISA/EISA Class-stuurprogramma;C:\Windows\system32\drivers\msisadrv.sys
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys
R0 volmgr;Stuurprogramma voor Volumebeheer;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Bericht-georiënteerd TCP/IP- en TCP/IPv6-protocol (SMB-sessie);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;Stuurprogramma voor ondersteuning van NetIO Legacy TDI;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Diagnostic Policy-service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Network List-service;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Network Store Interface-service;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Program Compatibility Assistant-service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;User Profile-service;C:\Windows\system32\svchost.exe -k netsvcs
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Tablet PC Input-service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WerSvc;Windows Error Reporting-service;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 Wlansvc;WLAN Auto Config;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 WPDBusEnum;Portable Device Enumerator-service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 circlass;Consumer IR Devices;C:\Windows\system32\DRIVERS\circlass.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService
R3 iScsiPrt;iScsiPort-stuurprogramma;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe
R3 monitor;Microsoft Monitor Class Function Driver-service;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Autorisatiestuurprogramma van Windows Firewall;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapterstuurprogramma;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;UMBus Enumerator-stuurprogramma;C:\Windows\system32\DRIVERS\umbus.sys
R3 USB28xxBGA;PCTV 330e/8x0e Device;C:\Windows\system32\DRIVERS\emBDA.sys
R3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys
R3 usbcir;eHome-infraroodontvanger (USBCIR);C:\Windows\system32\DRIVERS\usbcir.sys
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService
S3 MSiSCSI;Microsoft iSCSI Initiator-service;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;PNRP Machine Name Publication-service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;QWAVE-stuurprogramma;C:\Windows\system32\drivers\qwavedrv.sys
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Windows Back-up;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;SL UI Notification-service;C:\Windows\system32\svchost.exe -k LocalService
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery-service;C:\Windows\system32\svchost.exe -k LocalService
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService
S3 winusb;WinUsb-stuurprogramma;C:\Windows\system32\DRIVERS\winusb.sys
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 Mcx2Svc;Windows Media Center Extender-service;C:\Windows\system32\svchost.exe -k LocalService
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted PolicyAgent
LocalServiceNoNetwork PLA DPS BFE mpssvc ehstart
NetworkService CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup wersvc
swprv swprv
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc RemoteRegistry
wcssvc WcsPlugInService
DcomLaunch PlugPlay DcomLaunch
wdisvc WdiServiceHost
sdrsvc sdrsvc
secsvcs WinDefend
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
AutoRun\command - K:\setupSNK.exe
AutoRun\command - K:\setupSNK.exe
AutoRun\command - setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 19:30:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-10-29 19:31:31
C:\ComboFix2.txt ... 2007-10-28 13:03
C:\ComboFix3.txt ... 2007-10-28 12:50
.
--- E O F ---
hhhh is offline  
Old 29-10-2007, 19:46   #6
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2007-10-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.vdholst.nl/src/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-nl.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11145 bytes
hhhh is offline  
Old 29-10-2007, 20:09   #7
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Zijn er nog problemen?
Handtekening van Marckie:
Marckie is offline  
Old 29-10-2007, 20:22   #8
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Tot nu toe heb ik de melding nog niet gekregen.
Tot zover alvast hartelijk bedankt. Hoe je achter het probleem bent gekomen is mij een raadsel. Kennelijk zijn toch de juiste vinkjes gezet.

Ik heb wel een ander probleempje nl. Ik weet niet of dit een gevolg is van alles wat er inmiddels door het zojuist opgeloste probleem is ontstaan maar....
Een regelmatige pop-up van Windows beveiligingscentrum. Deze vermeldt dat die is uitgeschakelt. Zodra ik de knop "Nu inschakelen" indruk dan krijg ik een
andere pop-up: "X De Security Center-service is niet gestart"
Vr. gr.
HHHH
hhhh is offline  
Old 29-10-2007, 20:29   #9
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Ga naar Start - Uitvoeren en tik in: services.msc
Druk op Enter.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
In het scherm dat nu opent zoek je deze service: Security Center.
Dubbelklik er op, start de service en zet dan het opstarttype op automatisch (vertraagd starten).
Klik op Toepassen en klik op OK.
Sluit het venster.

Herstart de computer en controleer of de instellingen behouden blijven.
(de melding zou niet meer mogen verschijnen)
Handtekening van Marckie:
Marckie is offline  
Old 29-10-2007, 20:45   #10
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Ik krijg na het openen van de service eerst een pop-up
Services

Configuratiebeheer: De opgegeven ingang voor een apparaatinstantie verwijst niet naar een huidig apparaat
Vervolgens OK
Dan het Venster Eigenschappen van security-center (lokale computer)
Tabblad Algemeen
Status van de service Gestopt
Vervolgen Starten ingedrukt gevolg:
Pop-up Services met melding:
Kan de Security Center service op lokale computer niet starten
Fout 1083: het programma waarmee deze service wordt uitgevoerd brengt de service niet tot uitvoer

Ik hoop dat je er nog iets van snapt
Gr. HHHH
hhhh is offline  
Old 29-10-2007, 20:49   #11
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Log eens in als Administrator en probeer opnieuw.
Handtekening van Marckie:
Marckie is offline  
Old 29-10-2007, 21:09   #12
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Ik heb maar 1 account dus volgens mij ben ik als administrator ingelogd. Ik heb de computer opnieuw opgestart (slechts 1 mogelijkheid om in te loggen). Ik krijg meteen rechtsonderin een melding van het beveiligingscentrum. Ik krijg de service niet gestart. Alles meldingen blijven zoals hiervoor is beschreven. ???
Gr.
HHHH
hhhh is offline  
Old 29-10-2007, 22:20   #13
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Wanneer is dit probleem ontstaan?
Handtekening van Marckie:
Marckie is offline  
Old 29-10-2007, 22:51   #14
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Sinds de problemen die we hebben opgelost. Ik heb ontdekt dat bij eigenschappen van Security center het volgende pad naar uitvoerbaar bestand wordt aangegeven:
C:\Windows\System32\svchost.exe -k netsvcs. Misschien heeft dat er iets mee te maken?
HHHH
hhhh is offline  
Old 29-10-2007, 23:04   #15
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Hoe staat het opstarttype van deze service?

Lijkt me niet correct wat je daar post hoor.
Handtekening van Marckie:
Last edited by Marckie; 29-10-2007 at 23:07.
Marckie is offline  
Old 29-10-2007, 23:08   #16
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Op Automatisch (vertraagd starten)
Als Servicenaam staat vermeld: wscsvc
HHHH
hhhh is offline  
Old 29-10-2007, 23:14   #17
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
De service zou moeten starten onder een andere groep, daarom dat ie waarschijnlijk faalt.

Doe dit:

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: look.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Code:
regedit /e look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc" 
start notepad look.txt
Rechtsklik op look.bat en kies voor uitvoeren als Administrator.
Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
Post de inhoud van de logfile die opent.
Handtekening van Marckie:
Marckie is offline  
Old 31-10-2007, 07:51   #18
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DisplayName"="Security Center"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"FailureCommand"="\"\" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
hhhh is offline  
Old 31-10-2007, 18:56   #19
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.reg
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
  76,69,63,65,4e,65,74,77,6f,72,6b,52,65,73,74,72,69,63,74,65,64,00
"ObjectName"="NT AUTHORITY\\LocalService"
Rechtsklik op fix.reg en kies uitvoeren als Administrator.
Bevestig de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken en laat de wijzigingen aan het register toevoegen.

Herstart de computer.
Meldt of het probleem verholpen is.
Handtekening van Marckie:
Marckie is offline  
Old 31-10-2007, 21:42   #20
hhhh
 
Wished level of difficulty at answer: 1. Starter
Operating System:
Windows Vista Home Premium
Posts: 11
hhhh is op de goede weg
Ik krijg de melding nu niet meer direct na het opstarten dus ik ga er van uit dat dit is opgelost. Ik moet zeggen petje af hoor. harstikke bedankt
hhhh is offline  
Old 31-10-2007, 22:41   #21
Marckie
 
Marckie's Avatar
 
Wished level of difficulty at answer: 5. Expert
Operating System:
Windows 7 Home Premium
Antivirus: ESET / KIS
Firewall: ESET / KIS
Posts: 33,865
Marckie zal snel genoeg beroemd worden
Graag gedaan.
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Best dat je nog even de bestaande systeemherstelpunten wist.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.
Handtekening van Marckie:
Marckie is offline  
 
Ook dit probleem?
Indien jij ook last denkt te hebben van bovenstaand probleem vragen we je de volgende stappen te doorlopen:
1. Gratis registeren.
2. Dit bericht doorlezen.
3. Het gemaakte log in deze sectie plaatsen.
(Gesponsorde links- (Wat is dit?))
(Gesponsorde links - (Wat is dit?))

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Logfile of Trend Micro HijackThis v2.0.2 sorosh Opgeloste / inactieve HJT-logs 8 23-09-2007 18:06
Veiligheidsproblemen met Trend Micro producten Geeske Nieuws 1 24-08-2007 10:48
Trend Micro online scanner shivan Privacy 1 24-06-2007 23:28
Trend Micro Sysclean Huini041 Geďnfecteerd? 1 05-04-2005 18:32


All times are GMT +2. The time now is 14:40.

Nucia.eu RSS Feeds - Contact Us - Nucia.eu - Archive - Top

Copyright ©2004 - 2010, Nucia Security / Stichting Nucia
Powered by XLS Hosting - Virtual Server Cloud