Mededeling

Collapse
No announcement yet.

explorer weigerd niet meer kopieren, grote problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • explorer weigerd niet meer kopieren, grote problemen

    mijn vader heeft last van grote problemen, net zoals hier http://nucia.eu/forum/showthread.php?t=35210

    Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:17:07, on 11-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    F:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nos.nl/nos/voorpagina/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-21-1454471165-1336601894-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1454471165-1336601894-1801674531-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1454471165-1336601894-1801674531-1004 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206968706_58a56ee98441b1e1182130df994c5e9f&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Services voor cryptografie (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: COM+-gebeurtenissysteem (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Compatibiliteit voor Snelle gebruikerswisseling (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Help en ondersteuning (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: hpqcxs08 - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: HP CUE DeviceDiscovery-service (hpqddsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Verwisselbare opslag (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Verbindingsbeheer voor RAS (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Restore-service (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: SSDP Discovery-service (SSDPSRV) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Thema's (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Universele Plug en Play-apparaathost (upnphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: WebClient - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Serienummerservice voor draagbare media (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Wireless Zero Configuration-service (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

    --
    End of file - 13209 bytes








    Combofix

    ComboFix 08-04-11.3 - Extrapolar 2008-04-11 21:52:31.1 - NTFSx86
    Gestart vanuit: F:\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Drivers\Iuu42.sys
    .
    ---- Previous Run -------
    .
    C:\Program Files\Helper
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\tmp38.tmp
    C:\WINDOWS\system32\WLCtrl32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IUU42
    -------\Service_Iuu42
    -------\Legacy_IUU42
    -------\Service_Iuu42


    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))
    .

    2008-04-11 21:01 . 2008-03-31 12:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
    2008-04-11 21:01 . 2008-03-31 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
    2008-04-11 11:44 . 2008-04-11 20:41 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\Lavasoft
    2008-04-11 11:42 . 2008-04-11 11:42 10,752 --a------ C:\WINDOWS\system32\WLCtrl32.Vdll__DELETE_ON_REBOOT
    2008-04-11 11:42 . 2008-04-11 11:42 10,752 --a------ C:\WINDOWS\system32\WLCtrl32.Vdl_
    2008-04-11 11:24 . 2008-04-11 20:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-11 11:24 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2008-04-11 11:23 . 2008-04-11 11:23 164 --a------ C:\install.dat
    2008-04-11 11:22 . 2008-04-11 20:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-11 11:22 . 2008-04-11 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-11 11:20 . 2008-04-11 20:44 <DIR> d-------- C:\Program Files\ESET
    2008-04-11 11:19 . 2008-04-11 11:20 <DIR> d-------- C:\Temp
    2008-04-11 11:19 . 2008-04-11 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2008-04-11 11:12 . 2008-04-11 11:12 <DIR> d-------- C:\Program Files\SurfRight
    2008-04-11 11:12 . 2008-04-11 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
    2008-04-11 10:55 . 2008-04-11 10:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-04-11 10:55 . 2008-04-11 20:42 <DIR> d-------- C:\Program Files\Hitman Pro
    2008-04-11 10:44 . 2008-04-11 10:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
    2008-04-10 23:46 . 2008-04-11 10:32 2 --a------ C:\-325894869
    2008-04-07 00:53 . 2008-04-07 00:53 2,359,350 --a------ C:\WINDOWS\buddha.bmp
    2008-04-07 00:49 . 2008-04-07 00:49 787,510 --a------ C:\WINDOWS\rygame1024.bmp
    2008-04-07 00:44 . 2008-04-07 00:44 6,912,054 --a------ C:\WINDOWS\Apple_Logo1920x1200.bmp
    2008-04-07 00:35 . 2008-04-07 00:35 2,049,078 --a------ C:\WINDOWS\greatwallofchina-.bmp
    2008-04-06 23:10 . 2008-04-06 23:12 3,993,741,964 --a------ C:\donkercurtiusware.avi
    2008-04-05 22:35 . 2008-04-05 23:05 19,596,680,332 --a------ C:\1996en1999.avi
    2008-04-04 20:40 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
    2008-04-04 20:40 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
    2008-04-04 16:26 . 2008-04-11 10:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-04 16:26 . 2008-04-04 16:26 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-01 23:58 . 2008-04-01 23:58 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\Steinberg
    2008-04-01 23:55 . 2008-04-01 23:56 <DIR> d-------- C:\Program Files\Steinberg
    2008-04-01 23:55 . 2008-04-01 23:57 1,725 --a------ C:\WINDOWS\LE
    2008-03-31 22:35 . 2008-04-11 21:17 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\MSN6
    2008-03-31 22:35 . 2008-03-31 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
    2008-03-31 22:13 . 2008-03-31 22:13 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\Jasc Software Inc
    2008-03-31 22:13 . 2008-04-07 00:21 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\Apple Computer
    2008-03-31 22:12 . 2008-03-31 22:13 <DIR> d-------- C:\Program Files\Jasc Software Inc
    2008-03-31 22:12 . 2008-03-31 22:12 <DIR> d-------- C:\Program Files\iPod
    2008-03-31 22:11 . 2008-03-31 22:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-31 22:11 . 2008-03-31 22:12 <DIR> d-------- C:\Program Files\iTunes
    2008-03-31 22:11 . 2008-03-31 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-31 22:04 . 2008-03-31 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-31 21:59 . 2008-03-31 22:12 <DIR> d-------- C:\Program Files\QuickTime
    2008-03-31 21:58 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-31 21:58 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-31 21:52 . 2008-03-31 21:52 <DIR> d-------- C:\Program Files\Bonjour
    2008-03-31 21:48 . 2008-03-31 21:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-03-31 21:38 . 2008-04-08 22:18 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-31 17:04 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-31 17:04 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-31 17:04 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-31 17:03 . 2008-03-31 17:03 <DIR> d-------- C:\Program Files\Alwil Software
    2008-03-31 17:03 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-03-31 17:03 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-03-31 17:03 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-31 17:03 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-03-31 17:03 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-31 17:03 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-03-31 17:03 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-03-31 17:03 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 17:00 . 2008-03-31 17:00 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\AVG7
    2008-03-31 17:00 . 2008-03-31 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
    2008-03-31 17:00 . 2008-03-31 17:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-03-31 16:36 . 2008-03-31 16:36 <DIR> d-------- C:\Program Files\VideoLAN
    2008-03-31 16:36 . 2008-03-31 16:36 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\vlc
    2008-03-31 16:28 . 2008-03-31 16:28 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\CyberLink
    2008-03-31 16:19 . 2008-03-31 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-03-31 16:18 . 2008-03-31 16:18 <DIR> d-------- C:\Program Files\CyberLink
    2008-03-31 16:16 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
    2008-03-31 16:16 . 2005-09-16 14:10 49,857 --------- C:\WINDOWS\UNNMP.cfg
    2008-03-31 16:15 . 2008-03-31 16:15 <DIR> d-------- C:\Program Files\Common Files\Nero
    2008-03-31 16:15 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-03-31 16:10 . 2005-09-16 14:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-03-31 16:09 . 2008-03-31 16:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2008-03-31 16:09 . 2008-03-31 16:16 <DIR> d-------- C:\Program Files\Ahead
    2008-03-31 16:09 . 2008-03-31 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-31 16:09 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
    2008-03-31 16:09 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-03-31 16:09 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-03-31 16:09 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-03-31 16:09 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-03-31 16:09 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-03-31 16:09 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-03-31 16:09 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-03-31 16:09 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-03-31 15:29 . 2008-03-31 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-03-31 15:14 . 2008-03-31 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
    2008-03-31 15:14 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-03-31 15:10 . 2008-03-31 15:10 <DIR> d-------- C:\Program Files\Stardock
    2008-03-31 15:10 . 2008-03-31 15:10 <DIR> d-------- C:\Program Files\Common Files\Stardock
    2008-03-31 15:08 . 2008-03-31 15:08 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2008-03-31 15:05 . 2008-03-31 15:05 <DIR> d-------- C:\Documents and Settings\Extrapolar\download
    2008-03-31 15:04 . 2008-03-31 15:04 <DIR> d-------- C:\WINDOWS\Sun
    2008-03-31 15:04 . 2008-04-04 22:47 <DIR> d-------- C:\Documents and Settings\Extrapolar\Application Data\LimeWire
    2008-03-31 15:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-31 14:08 --------- d-----w C:\Documents and Settings\Extrapolar\Application Data\Creative
    2008-03-31 13:02 --------- d-----w C:\Program Files\HP
    2008-03-31 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2008-03-31 12:47 --------- d-----w C:\Program Files\Macromedia
    2008-03-31 12:36 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2008-03-31 12:32 20,016 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-03-31 12:31 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-31 12:29 --------- d-----w C:\Program Files\Creative
    2008-03-31 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-03-31 12:25 --------- d-----w C:\Documents and Settings\Extrapolar\Application Data\Logitech
    2008-03-31 12:24 --------- d--h--w C:\Program Files\Creative Installation Information
    2008-03-31 12:24 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-03-31 12:24 --------- d-----w C:\Program Files\Common Files\Creative
    2008-03-31 12:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-03-31 12:23 --------- d-----w C:\Program Files\Logitech
    2008-03-31 12:23 --------- d-----w C:\Documents and Settings\Extrapolar\Application Data\InstallShield
    2008-03-31 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
    2008-03-31 12:07 --------- d-----w C:\Program Files\Ulead Systems
    2008-03-31 12:05 --------- d-----w C:\Documents and Settings\Extrapolar\Application Data\Ulead Systems
    2008-03-31 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-03-31 12:01 --------- d-----w C:\Program Files\Common Files\SONY Digital Images
    2008-03-31 12:00 --------- d-----w C:\Program Files\Common Files\Ulead Systems
    2008-03-31 10:25 --------- d-----w C:\Program Files\microsoft frontpage
    .

    ------- Sigcheck -------

    Cryptography Services Error !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
    "P17Helper"="SPIRun.dll" [2006-07-03 06:43 10752 C:\WINDOWS\system32\SPIRun.dll]
    "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-03-18 12:58 542456]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Extrapolar^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Extrapolar\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
    --------- 2006-03-08 08:56 278528 C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-31 22:12 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2008-02-13 14:31 16857600 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
    c:\qebh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Steinberg\\Cubase LE\\Cubasele.exe"=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe

    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 21:56:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-04-11 21:58:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-11 19:58:00
    Pre-Run: 121,862,209,536 bytes beschikbaar
    Post-Run: 121,781,039,104 bytes beschikbaar
Sorry, you are not authorized to view this page
Working...
X