Mededeling

Collapse
No announcement yet.

foutmelding + spontane reboots

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • foutmelding + spontane reboots

    Sinds enkele weken heb ik een probleem met alle symptonen van een Haxdoor-virus zoals de melding 'windows is hersteld van een ernstige fout' en spontane reboots. Ik zie dit soort meldingen meer in forums staan maar nergens een adequate oplossing.

    Reeds meerdere anti-spyware programma's laten lopen zoals haxfix, vcleaner, AVG antirootkit en AVG anti-spyware (beide laatste nu defintief op mijn systeem laten staan) echter geen enkel Haxdoor-virus wordt gevonden.

    Na het uitschakelen van de autoboot functie en na een spontane reboot komt het blauwe scherm met de volgende foutmelding: DRIVER_IRQL_NOT_LESS_OR_EQUAL en STOP:0x000000D1 (0X656C6469, 0X000000FF, 0x00000000, 0x656C6469) Na meerdere pogingen kreeg ik hem pas weer opgestart met de windows CD. Bij opstart komt dan een eerder geziene melding als ''CPU FAN Error" maar de fan functioneert gewoon. Ik heb dan ook geen enkel idee meer waar ik het zoeken moet en hoop dat jullie iets kunnen vinden in onderstaande HJT-log. Bij voorbaat dank !


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:19:21, on 20-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Browser mouse\1.3\mouse32a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.138/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program

    Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

    Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe"

    /silent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Program Files\Browser mouse\1.3\mouse32a.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

    Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

    http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125424669921
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

    https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) -

    https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) -

    http://www.euras.com/euras/activex2/euras.CAB
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program

    Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

    Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10067 bytes

  • #2
    Ga naar Start - Uitvoeren en tik in: notepad.exe
    Klik op OK.
    Ga in Kladblok naar Opmaak, en haal het vinkje weg voor "Automatische terugloop".
    Sluit Kladblok terug af.



    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      halo Juisterr,
      ik heb jouw raad opgevolgd en alles verliep normaal (blauwe schermpje komt en er worden een aantal 'stages' doorlopen, er komt een melding dat txt file wordt opgeslagen) en dan verdwijnt het schermpje en blijft alleen de desktop-achtergrond zichtbaar en dit duur nu al een uur. Hij hangt dus ! Je bent helaas niet online dus probeer hem wel weer op te starten en zie wel wat er gebeurt.
      Ik zit nu op een andere PC en meld me wel weer .

      Comment


      • #4
        Mocht hij nog opstarten, plaats dan een nieuw logje, doe wel eerst die automatische terugloop.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          volgens mij heb ik juist gehandeld door de stroom uit- en in te schakelen waarna hij alsnog opnieuw ut zich zelf is opgestart (ik kneep hem wel want volgens mij is Combifix best een heftig tooltje...!) De afgelopen 2 dagen heb ik overgiens geen reboot-problemen meer gehad en behalve nog een "INCD error" met de melding 'cannot connect to file system. INCD service not running', maar ik wil toch weten wat er gebeurt is en of er wellicht nog iets uit de log-fies naar voren komt, vandaar dat ik toch combifix heb laten lopen.

          Als extra info kan ik nog meegeven dat ik de pc ca. 2 jaar geleden 2e-hands heb gekocht, niet opnieuw heb geformatteerd en op de bestaande configuratie heb doorgeborduurd (dom ..?) De Norton Antivirus die erop stond werkte prima tot net voor kerst denk ik en hij niet meer wilde updaten. Heb vervolgens alles gedeïnstalleerd en AVG geïnstalleerd. Toen zijn ook zo'n beetje de problemen begonnen al kan ik die link niet voor 100% leggen. Mij valt wel op dat er nog steeds een aantal verwijzingen (zie HiJackThis.log) naar Symentec (antivirus) programma's op mijn PC staan ondank de deïnstallatie. Klopt dat ? Alleen Ghost 9.0 staat er nog op.

          wederom bedankt voor de support tot zover !

          Onderstaand de beide log-files:

          ComboFix 08-01-23.2 - Tine 2008-01-24 19:11:55.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT 1:00]
          Running from: C:\Documents and Settings\Tine\Desktop\ComboFix.exe
          * Created a new restore point

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\Fonts\acrsecB.fon
          C:\WINDOWS\Fonts\acrsecI.fon
          C:\WINDOWS\system32\lsprst7.dll
          C:\WINDOWS\system32\msvcsv60.dll
          C:\WINDOWS\system32\ssprs.dll

          .
          ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
          .

          2008-01-24 19:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
          2008-01-23 23:22 . 2008-01-23 23:22 <DIR> d-------- C:\Program Files\Essentials Codec Pack
          2008-01-20 00:17 . 2008-01-20 00:17 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-18 23:31 . 2008-01-18 23:51 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.bmp
          2008-01-18 23:31 . 2008-01-18 23:52 2,656 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
          2008-01-18 23:29 . 2008-01-18 23:29 <DIR> d-------- C:\Program Files\Illustrate
          2008-01-18 23:29 . 2008-01-18 23:29 647,168 --a------ C:\WINDOWS\system32\CDWriterXP.ocx
          2008-01-18 23:29 . 2008-01-18 23:52 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
          2008-01-18 23:29 . 2008-01-18 23:29 35,133 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
          2008-01-18 23:29 . 2008-01-18 23:29 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
          2008-01-18 23:29 . 2008-01-18 23:28 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP CD Writer.bmp
          2008-01-18 23:29 . 2008-01-18 23:29 13,767 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP CD Writer.dat
          2008-01-17 19:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2008-01-16 21:36 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
          2008-01-15 00:00 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2007-12-28 16:30 . 2007-12-28 16:30 <DIR> d-------- C:\Program Files\MSXML 4.0
          2007-12-27 10:47 . 2007-12-27 10:47 <DIR> d-------- C:\Program Files\PIEngineering
          2007-12-26 21:01 . 2007-12-26 21:01 <DIR> d-------- C:\Program Files\Common Files\Ankiro
          2007-12-26 21:00 . 2007-12-26 21:00 <DIR> d-------- C:\Program Files\Common Files\Application
          2007-12-26 20:59 . 2008-01-24 18:57 <DIR> d-------- C:\Program Files\SPAMfighter

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-20 00:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-01-20 00:02 --------- d-----w C:\Program Files\Symantec
          2008-01-14 23:00 --------- d-----w C:\Program Files\Java
          2007-12-27 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
          2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
          2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Matrox PowerDesk 8"="C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [2005-07-05 19:12 102400]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528]
          "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728]
          "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 16:20 1126400]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "ElbyCheckElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09 45056]
          "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
          "FLMMEDIONMOUSE"="C:\Program Files\Browser mouse\1.3\mouse32a.exe" [2006-03-23 19:39 356352]
          "FLMK08KB"="C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE" [2006-03-23 19:40 202752]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 01:40 196608]
          "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-05-20 11:22 1757184]
          "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-13 01:49 974898]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 20:29 32768]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 19:28 579072]
          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
          "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
          "Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 17:44 303104]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 19:25 219136]

          C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
          Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-26 21:23:37 110592]
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
          Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-03-22 21:56:02 282624]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XLR8 Status.lnk]
          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XLR8 Status.lnk
          backup=C:\WINDOWS\pss\XLR8 Status.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "XLR8PEER1"=3 (0x3)
          "XLR8"=2 (0x2)
          "wuauserv"=2 (0x2)
          "Themes"=2 (0x2)
          "TermService"=3 (0x3)
          "TapiSrv"=3 (0x3)
          "XFACTORAE1"=3 (0x3)

          R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-11-22 15:51]
          R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-22 16:08]
          R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2001-02-28 12:12]
          R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 09:57]
          R3 ews88mt;EWS88 WDM Audio;C:\WINDOWS\system32\drivers\ews88wdm.sys [2004-12-21 13:23]
          R3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-07-05 20:32]
          S0 IFP500;iRiver Internet Audio Player IFP-500;C:\WINDOWS\system32\drivers\ifp500.sys
          S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys
          S3 DigiPnp;DigiPnp;C:\WINDOWS\system32\Drivers\DigiPnp.sys [2004-05-28 16:12]
          S3 mvkG550rt;mvkG550rt;C:\WINDOWS\system32\DRIVERS\mvkG550rt.sys
          S3 MvkMiniVFX;mvkMiniVFX;C:\WINDOWS\system32\Drivers\MvkMiniVFX.sys
          S3 mvkRTXio;mvkRTXio;C:\WINDOWS\system32\DRIVERS\mvkRtXIo.sys
          S3 mvkVideoBus;mvkVideoBus;C:\WINDOWS\system32\DRIVERS\mvkMinicuda.sys
          S3 photonau;photonau;C:\WINDOWS\system32\Drivers\photonau.sys [2005-01-17 11:30]
          S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 10:48]
          S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]

          *Newly Created Service* - PROCEXP90
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-24 19:17:18
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:03, on 2008-01-24
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
          C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Browser mouse\1.3\mouse32a.exe
          C:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
          C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\Program Files\Support.com\bin\tgcmd.exe
          C:\Program Files\Ahead\InCD\InCD.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\System32\GEARSec.exe
          C:\Program Files\Ahead\InCD\InCDsrv.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\FinePixViewer\QuickDCF.exe
          C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
          C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\WINDOWS\system32\msiexec.exe
          c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.138/index.htm
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
          O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
          O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
          O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Program Files\Browser mouse\1.3\mouse32a.exe
          O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
          O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
          O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
          O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Exif Launcher.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
          O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
          O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
          O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
          O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
          O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
          O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125424669921
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
          O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
          O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
          O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
          O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
          O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
          O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
          O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
          O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

          --
          End of file - 11370 bytes

          Comment


          • #6
            Voer de volgende acties eerst uit:
            Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
            Need2FindBar


            start opnieuw op.







            Start Hijackthis op en kies voor 'Do a system scan only'
            Selecteer alleen de items die hieronder zijn genoemd:

            O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
            O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

            Sluit alle vensters behalve Hijackthis
            Klik op 'Fix checked' om de items te verwijderen.


            Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
            Controleer onder Weergave de volgende instellingen:

            Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
            Uitzetten: Extensies voor bekende bestandstypen verbergen

            Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
            Selecteer: Verborgen bestanden en mappen weergeven

            Druk daarna op Toepassen gevolgd door Ok.

            Verwijder de volgende directories:
            C:\Program Files\Need2Find\bar\


            Download het volgend bestand:

            download, software, update, Microsoft, product, computer, PC, Windows, Office, server, MSN, Live, game, Xbox, security, driver, install, trial, preview, demo, popular


            en plaats het op je Bureaublad.

            Daarna sleep je het bestand, dat je gedownload hebt van de Microsoft website, in Combofix.exe (zoals je in onderstaande afbeelding ziet)



            Dit zal ComboFix opstarten om de Recovery Console te installeren (duurt ong. 5 minuten)

            Eénmaal voltooid zal het een log openen met de naam C:\CF-RC.txt.
            Kopiëer en plak de inhoud van dat log in je volgende post.

            Belangrijk !! : herstart je pc NOG niet vooraleer het logje werd bekeken en je antwoord hebt ontvangen!!!!
            Last edited by Juisterr; 25-01-08, 13:45.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              het programma laat zicht niet verwijderen en komt met een window RUNDLL en de volgende melding: 'Error loading c:\programfiles\ ...\....\nd2fnbar2.dll The specified module could not be found'
              Need2findbar staat wel in de softwarelijst maar staat fysiek niet meer op de harde schijf en ook de map 'need2find' bestaat niet (meer).

              Comment


              • #8
                plaats maar even een nieuw HJT logje aub.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  voila, onderstaand nieuwe HJT log.

                  de gemelde problemen zijn nog steeds weg gebleven (nu al een dag of 4) en ik kan het niet verklaren ?!


                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 20:10, on 2008-01-26
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
                  C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\Browser mouse\1.3\mouse32a.exe
                  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  C:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
                  C:\Program Files\Support.com\bin\tgcmd.exe
                  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\Program Files\SPAMfighter\SFAgent.exe
                  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\WINDOWS\System32\GEARSec.exe
                  C:\Program Files\Ahead\InCD\InCDsrv.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\FinePixViewer\QuickDCF.exe
                  C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
                  C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  C:\Program Files\SPAMfighter\sfus.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.138/index.htm
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                  O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                  O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                  O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Program Files\Browser mouse\1.3\mouse32a.exe
                  O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
                  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
                  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                  O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                  O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
                  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                  O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
                  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Exif Launcher.lnk = ?
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
                  O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
                  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
                  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
                  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
                  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125424669921
                  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
                  O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB
                  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
                  O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
                  O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
                  O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                  O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
                  O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
                  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
                  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
                  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
                  O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                  --
                  End of file - 11477 bytes

                  Comment


                  • #10
                    Start Hijackthis op en kies voor 'Do a system scan only'
                    Selecteer alleen de items die hieronder zijn genoemd:

                    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
                    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)

                    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

                    Sluit alle vensters behalve Hijackthis
                    Klik op 'Fix checked' om de items te verwijderen.


                    Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
                    Controleer onder Weergave de volgende instellingen:

                    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
                    Uitzetten: Extensies voor bekende bestandstypen verbergen

                    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
                    Selecteer: Verborgen bestanden en mappen weergeven

                    Druk daarna op Toepassen gevolgd door Ok.

                    Verwijder de volgende directories:
                    C:\Program Files\Need2Find\bar\1.bin\


                    start opnieuw op en plaats een nieuw HJT logje aub

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      ik heb de gevraagde acties uitgevoerd. opmerking: directory need2findbar was reeds gewist cq. niet aanwezig.
                      onderstaande nieuwe logfile
                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 15:42, on 2008-01-27
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
                      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      C:\Program Files\Browser mouse\1.3\mouse32a.exe
                      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                      C:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\Program Files\Support.com\bin\tgcmd.exe
                      C:\Program Files\Ahead\InCD\InCD.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\SPAMfighter\SFAgent.exe
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\WINDOWS\System32\GEARSec.exe
                      C:\Program Files\Ahead\InCD\InCDsrv.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      C:\Program Files\FinePixViewer\QuickDCF.exe
                      C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
                      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                      C:\Program Files\SPAMfighter\sfus.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      C:\WINDOWS\system32\msiexec.exe
                      c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.138/index.htm
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
                      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
                      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                      O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Program Files\Browser mouse\1.3\mouse32a.exe
                      O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
                      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                      O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
                      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                      O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
                      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe
                      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: Exif Launcher.lnk = ?
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
                      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
                      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
                      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
                      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125424669921
                      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                      O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
                      O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB
                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
                      O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
                      O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
                      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                      O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
                      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                      O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
                      O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
                      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
                      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                      O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
                      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                      --
                      End of file - 11093 bytes

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X