Tweet
Hallo,
Ook hier het probleem daily search.
Bij het zoeken in google word ik doorgelinkt met daily search.
Bijgevoegd het "combofix" log en hijackthis log.
Alvast heel erg bedankt!
groeten,
Inge
ComboFix 08-01-20.1 - Gebruiker 2008-01-20 12:24:00.1 - NTFSx86
Gestart vanuit: D:\downloaded programma's\Programma's\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsj14B.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.
2008-01-20 12:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 11:52 . 2008-01-20 11:52 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Grisoft
2008-01-20 11:52 . 2008-01-20 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-20 11:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 20:35 . 2008-01-13 20:41 19,558 --a------ C:\WINDOWS\hpoins01.dat
2008-01-13 20:35 . 2003-04-22 23:51 16,606 --------- C:\WINDOWS\hpomdl01.dat
2008-01-13 20:17 . 2008-01-13 20:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-13 20:08 . 2008-01-13 20:08 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-01-13 20:02 . 2008-01-13 20:03 <DIR> d-------- C:\Temp\FixEngine
2008-01-13 20:02 . 2008-01-13 20:06 <DIR> d-------- C:\Program Files\Hp
2008-01-13 16:24 . 2005-08-07 23:17 84,480 --a------ C:\WINDOWS\system32\ctcoins.dll
2008-01-13 16:24 . 19,456 C:\WINDOWS\system32\drivers\ivdvymgf.dat
2008-01-13 16:23 . 2008-01-13 16:24 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-01-13 16:23 . 2008-01-13 16:25 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-13 16:23 . 2008-01-13 16:23 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-12 13:49 . 2008-01-12 13:49 1,237 --a------ C:\WINDOWS\checkip.dat
2008-01-06 18:50 . 2008-01-06 18:51 <DIR> d-------- C:\Program Files\BrowsingAdvisor
2007-12-24 14:07 . 2007-12-24 14:07 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 11:20 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-19 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\3D3
2008-01-19 18:19 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2008-01-16 14:56 --------- d-----w C:\Program Files\McAfee
2008-01-14 17:36 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\U3
2008-01-14 13:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 15:21 --------- d-----w C:\Program Files\UltimateZip 2.7
2008-01-11 09:18 --------- d-----w C:\Program Files\OhmegaS
2008-01-10 16:58 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
2007-12-19 15:29 --------- d-----w C:\Program Files\Java
2007-12-18 06:09 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-17 16:14 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\SiteAdvisor
2007-12-15 07:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Skype
2007-12-10 13:40 --------- d-----w C:\Program Files\ShopFactory V7nieuw
2007-12-09 11:51 --------- d-----w C:\Program Files\ShopFactory V7
2007-11-29 05:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-24 13:45 --------- d-----w C:\Program Files\Phototools
2007-11-24 13:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Phototools
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-09-29 20:54 8 ----a-w C:\Documents and Settings\Gebruiker\Application Data\usb.dat.bin
2006-01-27 22:18 24,192 ----a-w C:\Documents and Settings\Gebruiker\usbsermptxp.sys
2006-01-27 22:18 22,768 ----a-w C:\Documents and Settings\Gebruiker\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19AEF6E8-1FC7-4D06-8047-9FEEB776428B}]
2005-08-07 23:17 84480 --a------ C:\WINDOWS\system32\ctcoins.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
C:\WINDOWS\system32\nsj14B.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"WebCamRT.exe"=""
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 18:25 1961984]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-20 22:36 1207080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"SystemTray"="SysTray.Exe" [2005-07-25 21:46 3072 C:\WINDOWS\system32\systray.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 05:30 188416]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 05:33 127037]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"CTHelper"="CTHELPER.EXE" [2005-08-07 23:10 16384 C:\WINDOWS\CTHELPER.EXE]
"mRouterConfig for Siemens Data Suite SX1"="C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe" [ ]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 23:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [ ]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
"Support audio cool poll"="C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Ace ping.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-07-25 21:45 15360]
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2005-12-24 17:07:51 110592]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-24 15:14:51 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Works Agenda-herinneringen.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 08:53:00 53317]
NewShortcut35.lnk - C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe [2004-01-22 17:10:32 172032]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-19 07:55:42 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
R0 bcifvlli;bcifvlli;C:\WINDOWS\system32\drivers\ivdvymgf.dat
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 22:54]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys
S3 tbHD;WDM-stuurprogramma Philips PSC705;C:\WINDOWS\system32\drivers\TBirdHD.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ae9737-c2c8-11dc-8a55-00123f8d1acc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start_Hier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8be8be4-b21f-11dc-8a32-00123f8d1acc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start_Hier.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-15 12:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-13 19:43:19 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200253295.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-03-02 08:38:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:52 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2006-01-13 13:03:39 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 12:32:36
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-01-20 12:33:47
ComboFix-quarantined-files.txt 2008-01-20 11:33:43
------------------> Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:35:28, on 20-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\SIEMEN~2\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ULTIMA~1.7\uzip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\downloaded programma's\Programma's\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {19AEF6E8-1FC7-4D06-8047-9FEEB776428B} - C:\WINDOWS\system32\ctcoins.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Ace ping.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Ook hier het probleem daily search.
Bij het zoeken in google word ik doorgelinkt met daily search.
Bijgevoegd het "combofix" log en hijackthis log.
Alvast heel erg bedankt!
groeten,
Inge
ComboFix 08-01-20.1 - Gebruiker 2008-01-20 12:24:00.1 - NTFSx86
Gestart vanuit: D:\downloaded programma's\Programma's\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsj14B.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.
2008-01-20 12:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 11:52 . 2008-01-20 11:52 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Grisoft
2008-01-20 11:52 . 2008-01-20 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-20 11:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 20:35 . 2008-01-13 20:41 19,558 --a------ C:\WINDOWS\hpoins01.dat
2008-01-13 20:35 . 2003-04-22 23:51 16,606 --------- C:\WINDOWS\hpomdl01.dat
2008-01-13 20:17 . 2008-01-13 20:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-13 20:08 . 2008-01-13 20:08 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-01-13 20:02 . 2008-01-13 20:03 <DIR> d-------- C:\Temp\FixEngine
2008-01-13 20:02 . 2008-01-13 20:06 <DIR> d-------- C:\Program Files\Hp
2008-01-13 16:24 . 2005-08-07 23:17 84,480 --a------ C:\WINDOWS\system32\ctcoins.dll
2008-01-13 16:24 . 19,456 C:\WINDOWS\system32\drivers\ivdvymgf.dat
2008-01-13 16:23 . 2008-01-13 16:24 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-01-13 16:23 . 2008-01-13 16:25 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-13 16:23 . 2008-01-13 16:23 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-12 13:49 . 2008-01-12 13:49 1,237 --a------ C:\WINDOWS\checkip.dat
2008-01-06 18:50 . 2008-01-06 18:51 <DIR> d-------- C:\Program Files\BrowsingAdvisor
2007-12-24 14:07 . 2007-12-24 14:07 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 11:20 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-19 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\3D3
2008-01-19 18:19 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2008-01-16 14:56 --------- d-----w C:\Program Files\McAfee
2008-01-14 17:36 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\U3
2008-01-14 13:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 15:21 --------- d-----w C:\Program Files\UltimateZip 2.7
2008-01-11 09:18 --------- d-----w C:\Program Files\OhmegaS
2008-01-10 16:58 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
2007-12-19 15:29 --------- d-----w C:\Program Files\Java
2007-12-18 06:09 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-17 16:14 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\SiteAdvisor
2007-12-15 07:29 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Skype
2007-12-10 13:40 --------- d-----w C:\Program Files\ShopFactory V7nieuw
2007-12-09 11:51 --------- d-----w C:\Program Files\ShopFactory V7
2007-11-29 05:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-24 13:45 --------- d-----w C:\Program Files\Phototools
2007-11-24 13:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Phototools
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-09-29 20:54 8 ----a-w C:\Documents and Settings\Gebruiker\Application Data\usb.dat.bin
2006-01-27 22:18 24,192 ----a-w C:\Documents and Settings\Gebruiker\usbsermptxp.sys
2006-01-27 22:18 22,768 ----a-w C:\Documents and Settings\Gebruiker\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19AEF6E8-1FC7-4D06-8047-9FEEB776428B}]
2005-08-07 23:17 84480 --a------ C:\WINDOWS\system32\ctcoins.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
C:\WINDOWS\system32\nsj14B.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"WebCamRT.exe"=""
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 18:25 1961984]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-20 22:36 1207080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"SystemTray"="SysTray.Exe" [2005-07-25 21:46 3072 C:\WINDOWS\system32\systray.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 05:30 188416]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 05:33 127037]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"CTHelper"="CTHELPER.EXE" [2005-08-07 23:10 16384 C:\WINDOWS\CTHELPER.EXE]
"mRouterConfig for Siemens Data Suite SX1"="C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe" [ ]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 23:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [ ]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
"Support audio cool poll"="C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Ace ping.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-07-25 21:45 15360]
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2005-12-24 17:07:51 110592]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-24 15:14:51 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Works Agenda-herinneringen.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 08:53:00 53317]
NewShortcut35.lnk - C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe [2004-01-22 17:10:32 172032]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-05-19 07:55:42 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
R0 bcifvlli;bcifvlli;C:\WINDOWS\system32\drivers\ivdvymgf.dat
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 22:54]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys
S3 tbHD;WDM-stuurprogramma Philips PSC705;C:\WINDOWS\system32\drivers\TBirdHD.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ae9737-c2c8-11dc-8a55-00123f8d1acc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start_Hier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8be8be4-b21f-11dc-8a32-00123f8d1acc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start_Hier.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-15 12:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-13 19:43:19 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200253295.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-03-02 08:38:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 00:00:52 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2006-01-13 13:03:39 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 12:32:36
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-01-20 12:33:47
ComboFix-quarantined-files.txt 2008-01-20 11:33:43
------------------> Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:35:28, on 20-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\SIEMEN~2\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ULTIMA~1.7\uzip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\downloaded programma's\Programma's\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {19AEF6E8-1FC7-4D06-8047-9FEEB776428B} - C:\WINDOWS\system32\ctcoins.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Ace ping.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Comment