Hi peku006,
First of all thank you very much for yur support so far. This is very much appreciated.
As requested below please find the HJT log file and the ComboFix log file.
The original problem seems to be fixed as IE is no longer started but I have a new issue. When (re)booting my system windows tries to install Windows Messenger Live. However the installation fails with: Cannot open key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Drivers32.
I'm not sure whether I should log a new ticket for this or whether this issue can be included in this one.
Anyway thans again and below please find the required log files.
All the best.
- George -
HJT:
===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:06, on 28-4-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mspaint.exe
C:\Users\Philippen\Desktop\Bankafschriften\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.geenstijl.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://82.92.190.132/activex/AxisCamControl.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game04.zylom.com/activex/zylomgamesplayer.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab57176.cabO20 - AppInit_DLLs: C:\Windows\System32\Faultrep32.dll C:\Windows\System32\dispci32.dll C:\Windows\System32\bitsigd32.dll C:\Windows\System32\COMMDLG32.dll,C:\Windows\System32\COMMDLG32.dll,C:\Windows\System32\Faultrep32.dll
O20 - Winlogon Notify: fc6c362b565 - C:\Windows\System32\Faultrep32.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
--
End of file - 11207 bytes
ComboFix:
========
ComboFix 09-04-27.02 - Philippen 27-04-2009 21:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2039.781 [GMT 2:00]
Gestart vanuit: c:\users\Philippen\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Gast\AppData\Roaming\
020000002d5c3c67565C.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67565O.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67565P.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67565S.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67573C.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67573O.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67573P.manifest
c:\users\Gast\AppData\Roaming\
020000002d5c3c67573S.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67565C.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67565O.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67565P.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67565S.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67573C.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67573O.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67573P.manifest
c:\users\Philippen\AppData\Roaming\
020000002d5c3c67573S.manifest
c:\users\Philippen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll
c:\users\Philippen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\users\Philippen\protect.dll
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67565C.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67565O.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67565P.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67565S.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67573C.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67573O.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67573P.manifest
c:\users\Prinses Maud\AppData\Roaming\
020000002d5c3c67573S.manifest
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))))
.
2009-04-12 11:16 . 2009-04-12 11:16 -------- d-----w c:\users\Gast\AppData\Local\Google
2009-04-12 11:16 . 2009-04-12 11:16 -------- d-----w c:\users\Gast\AppData\Local\Winamp Toolbar
2009-04-12 11:15 . 2009-04-12 11:15 94344 ----a-w c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 11:15 . 2009-04-12 11:15 -------- d-----r c:\users\Gast\Searches
2009-04-10 15:25 . 2009-04-10 15:25 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-10 15:25 . 2008-11-12 14:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-10 15:25 . 2008-11-12 14:44 17152 ----a-w c:\windows\system32\authuitu.dll
2009-04-10 15:24 . 2009-04-10 15:24 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-10 15:24 . 2009-04-10 15:24 -------- d-----w c:\users\Philippen\AppData\Roaming\TuneUp Software
2009-04-10 15:24 . 2009-04-10 15:24 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-10 15:24 . 2009-04-10 15:24 -------- d-----w c:\programdata\TuneUp Software
2009-04-10 15:24 . 2009-04-10 15:24 -------- d-----w c:\users\All Users\TuneUp Software
2009-04-10 15:23 . 2009-04-10 15:23 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-10 15:23 . 2009-04-10 15:23 -------- d-sh--w c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-08 18:19 . 2009-04-08 18:19 139264 ----a-w c:\windows\system32\COMMDLG32.dll
2009-04-08 18:19 . 2009-04-08 18:19 615 ----a-w c:\windows\system32\byuaMlTo8qXWD.vbs
2009-04-07 20:05 . 2009-04-07 20:05 139264 ----a-w c:\windows\system32\bitsigd32.dll
2009-04-04 16:21 . 2009-04-04 16:23 -------- d-----w C:\effe
2009-04-04 16:20 . 2009-04-04 16:20 139264 ----a-w c:\windows\system32\dispci32.dll
2009-04-03 21:54 . 2009-04-03 21:54 139264 ----a-w c:\windows\system32\Faultrep32.dll
2009-04-03 17:35 . 2009-04-03 17:35 -------- d-----w c:\program files\NetSpy Protector
2009-04-03 17:00 . 2009-04-05 17:50 -------- d-----w c:\users\Philippen\AppData\Roaming\LimeWire
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 10:13 . 2007-10-31 00:09 59362 ----a-w c:\windows\system32\perfc013.dat
2009-04-27 10:13 . 2007-10-31 00:09 210056 ----a-w c:\windows\system32\perfh013.dat
2009-04-19 16:04 . 2008-04-06 09:37 -------- d-----w c:\program files\Norton Security Scan
2009-04-17 17:15 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-03 17:34 . 2008-02-05 18:47 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-01 18:28 . 2009-03-24 06:33 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-25 18:06 . 2007-10-30 16:21 -------- d-----w c:\program files\Java
2009-03-20 20:00 . 2009-03-20 20:00 -------- d-----w c:\program files\iTunes
2009-03-20 20:00 . 2009-03-20 20:00 -------- d-----w c:\program files\iPod
2009-03-20 20:00 . 2008-09-13 10:24 -------- d-----w c:\program files\Common Files\Apple
2009-03-20 19:57 . 2008-02-16 13:43 -------- d-----w c:\program files\QuickTime
2009-03-20 19:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-20 19:54 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-03-20 19:54 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-03-17 03:38 . 2009-04-17 06:30 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-17 06:30 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 06:30 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 20:10 . 2009-03-15 20:09 -------- d-----w c:\program files\Winamp
2009-03-15 20:10 . 2009-03-15 20:10 -------- d-----w c:\program files\Winamp Toolbar
2009-03-15 20:09 . 2007-10-30 16:11 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-13 12:55 . 2009-03-13 12:55 -------- d-----w c:\program files\Zylom Games
2009-03-12 19:31 . 2009-03-12 19:31 -------- d-----w c:\program files\AskBarDis
2009-03-12 19:31 . 2009-03-12 19:30 -------- d-----w c:\program files\Vuze
2009-03-09 19:29 . 2009-03-09 19:29 -------- d-----w c:\program files\Common Files\Ambrasoft
2009-03-09 19:29 . 2009-03-09 19:29 -------- d-----w c:\program files\AmbraSoft
2009-03-09 04:19 . 2008-12-04 19:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 15:56 . 2008-05-19 16:56 -------- d-----w c:\program files\Safari
2009-03-03 04:46 . 2009-04-17 06:30 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 06:30 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-17 06:30 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-17 06:30 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 06:30 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 06:30 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 06:30 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-17 06:30 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 06:30 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 06:30 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 06:30 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 06:30 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-17 06:30 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-28 22:36 . 2008-12-04 19:26 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-27 15:27 . 2008-10-17 14:16 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:49 . 2009-04-17 06:30 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-17 06:30 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:05 2033152 ----a-w c:\windows\system32\win32k.sys
2008-12-12 22:31 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-29 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-29 138008]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fc6c362b565]
2009-04-03 21:54 139264 ----a-w c:\windows\System32\Faultrep32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\Faultrep32.dll c:\windows\System32\dispci32.dll c:\windows\System32\bitsigd32.dll c:\windows\System32\COMMDLG32.dll,c:\windows\System32\COMMDLG32.dll,c:\windows\System32\Faultrep32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 212280]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-10 603904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-05-22 106808]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2009-04-27 c:\windows\Tasks\1-klik Onderhoud.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-03 15:48]
2008-04-01 c:\windows\Tasks\HPCeeScheduleForPrinses Maud.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-10-30 15:55]
2009-04-20 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan - Philippen.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 18:09]
2009-04-24 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 02:08]
.
.
------- Bijkomende Scan -------
.
uStart Page =
hxxp://www.geenstijl.nl/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -
hxxp://game04.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\users\Philippen\AppData\Roaming\Mozilla\Firefox\Profiles\tq5cxaec.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.geenstijl.nl/FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Philippen\AppData\Roaming\Mozilla\Firefox\Profiles\tq5cxaec.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-27 21:22
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_2.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Voltooingstijd: 2009-04-27 21:24 - machine werd herstart
ComboFix-quarantined-files.txt 2009-04-27 19:24
Pre-Run: 184.422.596.608 bytes beschikbaar
Post-Run: 184.411.303.936 bytes beschikbaar
269 --- E O F --- 2009-04-24 07:54