ComboFix 08-06-20.4 - Administrator 2008-07-01 12:33:00.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.79 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))
.
2008-07-01 12:30 . 2008-07-01 12:30 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-30 16:59 . 2008-06-30 16:59 <DIR> d-------- C:\fsaua.data
2008-06-28 13:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 13:31 . 2008-06-28 13:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 17:54 . 2008-06-26 17:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-06-26 17:54 . 2008-06-26 17:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-06-25 03:22 . 2008-06-25 03:22 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-24 21:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-24 21:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-24 21:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-24 15:33 . 2008-06-25 13:46 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-24 15:10 . 2008-06-24 15:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-24 15:09 . 2008-06-24 15:11 <DIR> d-------- C:\Program Files\Windows Live
2008-06-24 15:08 . 2008-06-24 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 03:55 . 2008-07-01 12:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 03:55 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 00:56 . 2008-06-24 00:56 125 --a------ C:\ioSpecial.ini
2008-06-23 05:41 . 2008-06-23 05:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 22:40 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-15 22:40 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 11:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 11:32 --------- d-----w C:\Program Files\Java
2008-06-26 01:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 00:01 --------- d-----w C:\Program Files\Steam
2008-06-23 23:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-23 23:05 --------- d-----w C:\Program Files\Conduit
2008-06-23 23:03 --------- d-----w C:\Program Files\iPod
2008-06-23 23:01 --------- d-----w C:\Program Files\Winamp
2008-06-23 23:01 --------- d-----w C:\Program Files\Google
2008-06-23 22:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-23 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:55 --------- d-----w C:\Program Files\eidos
2008-06-22 22:57 --------- d-----w C:\Program Files\Hitman Pro
2008-06-08 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 06:54 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-31 14:56 --------- d-----w C:\Program Files\LimeWire
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 17:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2006-12-17 18:32 106 ----a-w C:\Program Files\piconfig.lx
2005-12-13 14:19 20,921,040 ----a-w C:\Program Files\AdbeRdr705_enu_full.exe
2005-12-13 14:18 7,050,552 ----a-w C:\Program Files\psa30se_en_us.exe
2005-12-13 14:17 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2005-10-25 09:09 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-20 22:46 34,511,160 ----a-w C:\Program Files\iTunesSetup.exe
2005-10-05 21:45 627,312 ----a-w C:\Program Files\SqirlzMorph.zip
2005-08-29 11:30 353,888 ----a-w C:\Program Files\LimeWireWin.exe
2005-08-28 20:06 1,094,021 ------w C:\Program Files\dvdshrink32setup1.zip
.
((((((((((((((((((((((((((((( snapshot_2008-06-26_ 3.44.45,39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 13:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 13:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 14:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 13:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
+ 2008-06-28 11:41:02 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-06-28 11:35:35 1,640 ----a-w C:\WINDOWS\mozver.dat
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-10 22:41:00 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-20 04:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-11-09 14:20:00 2,111,096 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 14:20:00 190,072 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-28 11:47:38 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-10-18 19:47:18 757,248 ------w C:\WINDOWS\system32\WMADMOD.dll
+ 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2007-10-25 08:28:30 222,720 ------w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-20 04:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-11-02 20:53:24 99,840 ------w C:\WINDOWS\system32\wmpshell.dll
+ 2004-08-11 19:30:16 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-10-18 19:47:22 2,450,944 ------w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-06-26 19:23 401493]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-10-11 13:54:26 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^ubisoft register.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ubisoft register.lnk
backup=C:\WINDOWS\pss\ubisoft register.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-04 03:03 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2001-06-26 19:23 401493 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-01-04 14:17 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-07 19:48 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Team17\\Worms2\\frontend.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
[HKLM\~\Services\\_common\\RWVoice.exe"=]
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45408:UDP"= 45408:UDP:azureus
"6881:TCP"= 6881:TCP:azureus 2
"6881:UDP"= 6881:UDP:azureus 3
"6999:UDP"= 6999:UDP:azureus 4
R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 15:11]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-30 14:00:00 C:\WINDOWS\Tasks\{60D94997-04A9-4E51-9DF7-D2C5321AE47F}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-05-02 14:00:12 C:\WINDOWS\Tasks\{65CB179F-35FC-4474-831E-F323E40D827D}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\{F9D79E87-FF41-4143-8B7F-CA010D76E877}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-01 12:36:15
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
**************************************************************************
.
Voltooingstijd: 2008-07-01 12:42:13
ComboFix-quarantined-files.txt 2008-07-01 10:41:08
ComboFix2.txt 2008-06-30 14:22:53
ComboFix3.txt 2008-06-26 01:46:28
ComboFix4.txt 2008-06-24 23:01:26
ComboFix5.txt 2008-06-24 11:48:47
Pre-Run: 61,347,455,488 bytes beschikbaar
Post-Run: 61,447,255,040 bytes beschikbaar
207 --- E O F --- 2008-06-27 01:01:39
Malwarebytes' Anti-Malware 1.19
Database versie: 910
Windows 5.1.2600 Service Pack 2
13:31:51 1-7-2008
mbam-log-7-1-2008 (13-31-51).txt
Scan type: Volledige Scan (C:\|)
Objecten gescand: 89348
Verstreken tijd: 22 minute(s), 27 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:31, on 2-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?linkid=677R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) -
http://gamedownload.ijjimax.com/gamedow ... n11USA.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 5957 bytes
Before I had made an new hijackthis report the virus scanner automaticly switched on, it made a scan and asked me to remove wat was found by "avast anti-virus" and I did. I don't know if that matters in the results but perhaps it does so i am telling it to you anyway
Greetz,
Rick.