|
|
#1
25 maart 2008, 08:58
| |||
| |||
 Trojaans paard Hallo, Ik heb een probleem met een Trojaans Paard. Waarschuwing bericht "C: \ windows \ system32 \ crypt32n.dll Trojaans paard BHO.CVX Ik heb AVG en dit geeft het bestand beweegt zij tom de kluis, maar op opnieuw op te starten is het er weer. Ik heb geprobeerd het verwijderen van het bestand in Windows dat is mislukt. Ik probeerde het hernoemen in Windows (met het oog op het te verwijderen), dat is mislukt. Ik heb geprobeerd om terug te gaan en het opnieuw instellen van mijn computer maar ik kan niet verder terug dan het begin van de maand en ik heb daar voor Kerstmis. Mijn pc lijkt te zijn ok, maar ik ben nog steeds bang dat ik heb een virus! Is er iets wat ik kan doen? Hulp zeer gewaardeerd groeten Ian A |
|
#2
25 maart 2008, 10:47
| |||
| |||
Trojaans paard Welkom bij CJ.
__________________  |
|
#3
25 maart 2008, 14:33
| |||
| |||
| Trojaans paard Hoi Evil Fantansy Ik heb geprobeerd dit aan het begin van de maand is hier het logboek. Hopelijk betekent dit iets voor u Mijn vingers zijn gekruist Ta Ian A StartupList verslag, 05.03.2008, 14:49:42 StartupList versie: 1.52.2 Gestart vanuit: C: \ Documents and Settings \ iana \ Desktop \ HijackThis.EXE Ontdekt: Windows XP SP2 (WinNT 5.01.2600) Gedetecteerd: Internet Explorer v7.00 (7.00.6000.16608) * Met behulp van standaard opties * Inclusief leeg en oninteressant secties * Resultaat zelden belangrijke punten ==========================================\u0 Draaiende processen: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ TOSHIBA \ TOSHIBA inzoomen Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch en Start \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Documents and Settings \ iana \ Desktop \ HijackThis.exe -------------------------------------------------- Notering van opstartmappen: Shell mappen Opstarten: [C: \ Documents and Settings \ iana \ Start Menu \ Programs \ Startup] * Geen bestanden * Shell mappen AltStartup: * Folder not found * User Shell Folders Startup: * Folder not found * User Shell Folders AltStartup: * Folder not found * Shell folders Common Startup: [C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup] Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE Shell mappen gemeenschappelijk AltStartup: * Folder not found * User Shell Folders gemeenschappelijk Startup: * Folder not found * User Shell Folders Plaatsvervangend algemeen Startup: * Folder not found * -------------------------------------------------- Controle van Windows NT UserInit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] UserInit = C: \ WINDOWS \ system32 \ Userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win aanmelden] * Registry key not found * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] * Registry value not found * [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win aanmelden] * Registry key not found * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe Toshiba Sneltoets Utility = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en TPSMain = TPSMain.exe NDSTray.exe = NDSTray.exe SmoothView = C: \ Program Files \ TOSHIBA \ TOSHIBA inzoomen Utility \ SmoothView.exe PadTouch = C: \ Program Files \ TOSHIBA \ Touch en Start \ PadExe.exe DLA = C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN ACU = "C: \ Program Files \ Atheros \ ACU.exe"-nogui TkBellExe = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd AVG7_CC = C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; advertentie = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" OPSE herinnering = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Eens * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Diensten * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe Ctfmon.exe = C: \ WINDOWS \ system32 \ Ctfmon.exe PnPUI registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s Msmsgs = "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Eens * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Diensten * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry key not found * -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry key not found * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Eens [Setup] * Geen waarden gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Diensten * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Eens [Setup] * Geen waarden gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Diensten * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Geen subsleutels gevonden * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry key not found * -------------------------------------------------- Autorun vermeldingen in registersubsleutels van: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry key not found * -------------------------------------------------- Bestand vereniging vermelding voor. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Standaard) = "% 1"% * -------------------------------------------------- Bestand vereniging vermelding voor. COM: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Standaard) = "% 1"% * -------------------------------------------------- Bestand vereniging vermelding voor. BBT: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Standaard) = "% 1"% * -------------------------------------------------- Bestand vereniging vermelding voor. PIF: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Standaard) = "% 1"% * -------------------------------------------------- Bestand vereniging vermelding voor. SCR: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Standaard) = "% 1" / S -------------------------------------------------- Bestand vereniging vermelding voor. HTA: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = C: \ WINDOWS \ system32 \ Mshta.exe "% 1"% * -------------------------------------------------- Bestand vereniging vermelding voor. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ Shell \ Open \ komma nd (Default) = C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.exe / DDE -------------------------------------------------- Inventariseren van Active Setup stub paths: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Uitgeschakeld door HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * StubPath = C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] StubPath = C: \ WINDOWS \ inf \ Unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * StubPath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * StubPath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / CALLER: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / CALLER: WINNT / user / install [(89820200-ECBD-11cf-8B85-00AA005B4340)] * StubPath = regsvr32.exe / s / n / i: U shell32.dll [(89820200-ECBD-11cf-8B85-00AA005B4383)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Opsomt ICQ Agent Autostart apps: HKCU \ Software \ mirabilis \ ICQ \ Agent \ Apps * Registry key not found * -------------------------------------------------- Load / Run-sleutels van C: \ WINDOWS \ WIN.INI: load =* INI afdeling niet gevonden * run =* INI afdeling niet gevonden * Load / Run-sleutels van de griffie: HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry value not found * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry key not found * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry key not found * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry value not found * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry key not found * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry key not found * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & screensaver sleutel van C: \ WINDOWS \ SYSTEM.INI: Shell =* INI afdeling niet gevonden * SCRNSAVE.EXE =* INI afdeling niet gevonden * drivers =* INI afdeling niet gevonden * Shell & screensaver key uit register: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr drivers =* Registry value not found * Policies Shell key: HKCU \ .. \ Policies: Shell =* Registry value not found * HKLM \ .. \ Policies: Shell =* Registry value not found * -------------------------------------------------- Controleren op EXPLORER.EXE gevallen: C: \ WINDOWS \ Explorer.exe: PRESENT! C: \ explorer.exe: niet aanwezig C: \ WINDOWS \ Explorer \ Explorer.exe: niet aanwezig C: \ WINDOWS \ System \ Explorer.exe: niet aanwezig C: \ WINDOWS \ System32 \ Explorer.exe: niet aanwezig C: \ WINDOWS \ Command \ Explorer.exe: niet aanwezig C: \ WINDOWS \ Fonts \ Explorer.exe: niet aanwezig -------------------------------------------------- Controleren op superhidden extensies: . lnk: HIDDEN! (arrow overlay: yes) . pif: HIDDEN! (arrow overlay: yes) . exe: niet verborgen . com: niet verborgen . vleermuis: niet verborgen . hta: niet verborgen . scr: niet verborgen . shs: HIDDEN! . SHB: HIDDEN! . vbs: niet verborgen . vbe: niet verborgen . wsh: niet verborgen . scf: HIDDEN! (arrow overlay: NO!) . url: HIDDEN! (arrow overlay: yes) . js: niet verborgen . jse: niet verborgen -------------------------------------------------- Verifiëren REGEDIT.EXE integriteit: - Regedit.exe found in C: \ WINDOWS -. Reg open command is normal (regedit.exe% 1) - Firmanaam OK: 'Microsoft Corporation " - Original filename OK: 'REGEDIT.EXE' - File description: 'Register Editor' Registry controleren doorgegeven -------------------------------------------------- Opsomt Browser Helper Objects: (geen naam) - c: \ windows \ system32 \ athcfg11c.dll (bestand ontbreekt) - (51610169-C280-4F36-84AB-82D92ED1F68B) (geen naam) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (geen naam) - c: \ Program Files \ Google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (geen naam) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Opsomt Task Scheduler jobs: AppleSoftwareUpdate.job At1.job Norton Security Scan.job RegCure Program Check.job RegCure.job -------------------------------------------------- Opsomt Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file: / / / C: / Windows / Java / classes / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser voor Java.osd [iPIX ActiveX Control] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Director \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Class] InProcServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-kwadraat Scanner] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Opsomt Winsock LSP files: NameSpace # 1: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 2: C: \ WINDOWS \ System32 \ winrnr.dll NameSpace # 3: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll Protocol # 1: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 2: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 3: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocol # 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocol # 6: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 7: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 8: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 9: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 10: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 11: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 12: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 13: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 14: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 15: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 16: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 18: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 19: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 20: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 21: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 22: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 23: C: \ WINDOWS \ system32 \ mswsock.dll Protocol # 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Inventariseren van Windows NT/2000/XP diensten Microsoft ACPI-stuurprogramma: system32 \ drivers \ ACPI.sys (systeem) Microsoft Embedded Controller-stuurprogramma: system32 \ drivers \ ACPIEC.sys (systeem) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (autostart) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (handmatige start) AFD: \ SystemRoot \ System32 \ drivers \ afd.sys (systeem) Alerter:% SystemRoot% \ system32 \ svchost.exe-k LocalService (gehandicapten) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manual start) Application Management:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Atheros Wireless Network Adapter Service: system32 \ drivers \ ar5211.sys (handmatige start) ASP.NET State Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (handmatige start) RAS Asynchronous Media Driver: system32 \ drivers \ asyncmac.sys (handmatige start) Standaard IDE / ESDI Hard Disk Controller: system32 \ drivers \ Atapi.sys (systeem) Ati HotKey Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (autostart) ati2mtag: system32 \ drivers \ ati2mtag.sys (handmatige start) ATM ARP-client-protocol: system32 \ drivers \ atmarpc.sys (handmatige start) Windows Audio:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Audio Stub Driver: system32 \ drivers \ audstub.sys (handmatige start) AVG Anti-Spyware Driver: \? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.sys (systeem) AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe (autostart) AVG7 Alert Manager Server: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (autostart) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (systeem) AVG7 Wrap Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (systeem) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (systeem) AVG7 Update Service: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (autostart) AVG Anti-Spyware Clean Driver: System32 \ Drivers \ AvgAsCln.sys (systeem) AVG7 Clean Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (systeem) Background Intelligent Transfer Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Access 32bits INT15 routine: system32 \ drivers \ BoiHwSetup.sys (handmatige start) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (autostart) Computer Browser:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Conexant AMC 3D Environmental Audio: system32 \ drivers \ camc6aud.sys (handmatige start) CAMCHALA: system32 \ drivers \ camc6hal.sys (handmatige start) CD-ROM Driver: system32 \ drivers \ Cdrom.sys (systeem) ConfigFree Service: C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (autostart) Indexing-service:% SystemRoot% \ system32 \ cisvc.exe (manual start) Plakboek:% SystemRoot% \ system32 \ clipsrv.exe (gehandicapten) Microsoft ACPI Control Method Battery Driver: system32 \ drivers \ CmBatt.sys (handmatige start) Microsoft Composite Battery Driver: system32 \ drivers \ compbatt.sys (systeem) COM + System Application: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (manual start) Services voor cryptografie:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) DCOM Server Process Launcher:% SystemRoot% \ system32 \ svchost-k DcomLaunch (autostart) DHCP-client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Disk Driver: system32 \ drivers \ Disk.sys (systeem) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (autostart) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (systeem) DLADResN: System32 \ DLA \ DLADResN.SYS (autostart) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (autostart) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (autostart) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (autostart) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (systeem) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (autostart) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (autostart) Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ dmadmin.exe / com (manual start) dmboot: System32 \ drivers \ dmboot.sys (gehandicapten) Logical Disk Manager Driver: System32 \ drivers \ dmio.sys (systeem) dmload: System32 \ drivers \ dmload.sys (systeem) Logical Disk Manager:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ Dmusic.sys (handmatige start) DNINDIS5 NDIS Protocol Driver: \? \ C: \ PROGRA ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SYS (handmatige start) DNS Client:% SystemRoot% \ system32 \ svchost.exe-k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32 \ drivers \ drmkaud.sys (handmatige start) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (systeem) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (autostart) Error Reporting Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Event Log:% SystemRoot% \ system32 \ Services.exe (autostart) COM + Event System: C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs (manual start) Fast User Switching Compatibiliteit:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) FltMgr: system32 \ drivers \ fltMgr.sys (systeem) Volume Manager Driver: system32 \ drivers \ ftdisk.sys (systeem) Generic Packet Classifier: system32 \ drivers \ msgpc.sys (handmatige start) GTNDIS5 NDIS Protocol Driver: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (handmatige start) Google Updater Service: "C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (manual start) Help en ondersteuning:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Human Interface Device Access:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (gehandicapten) Microsoft HID Class-stuurprogramma: system32 \ drivers \ hidusb.sys (handmatige start) hlkvythd: system32 \ drivers \ vzrpdamf.dat (systeem) HSFHWATI: system32 \ drivers \ HSFHWATI.sys (handmatige start) HSF_DPV: system32 \ drivers \ HSF_DPV.sys (handmatige start) HTTP: System32 \ Drivers \ HTTP.sys (handmatige start) HTTP SSL:% SystemRoot% \ System32 \ svchost.exe-k HTTPFilter (manual start) i8042-toetsenbord en PS / 2 Mouse Port Driver: system32 \ drivers \ i8042prt.sys (systeem) InstallDriver Table Manager: "C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (manual start) CD-Burning Filter Driver: system32 \ drivers \ imapi.sys (systeem) IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ imapi.exe (handmatige start) Intel Processor Driver: system32 \ drivers \ intelppm.sys (systeem) IPv6 Windows Firewall Driver: system32 \ drivers \ Ip6Fw.sys (handmatige start) IP Traffic Filter Driver: system32 \ drivers \ ipfltdrv.sys (handmatige start) IP in IP Tunnel Driver: system32 \ drivers \ ipinip.sys (handmatige start) IP Network Address Translator: system32 \ drivers \ ipnat.sys (handmatige start) IPSEC-stuurprogramma: system32 \ drivers \ Ipsec.sys (systeem) IR volksteller Service: system32 \ drivers \ irenum.sys (handmatige start) PnP ISA / EISA Bus Driver: system32 \ drivers \ isapnp.sys (systeem) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (handmatige start) Keyboard Class Driver: system32 \ drivers \ kbdclass.sys (systeem) Microsoft Kernel Wave Audio Mixer: system32 \ drivers \ kmixer.sys (handmatige start) Server:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Workstation:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) mdmxsdk: system32 \ drivers \ mdmxsdk.sys (autostart) Messenger:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (gehandicapten) NetMeeting Remote Desktop Sharing: C: \ WINDOWS \ system32 \ mnmsrvc.exe (handmatige start) Mouse Class Driver: system32 \ drivers \ mouclass.sys (systeem) Muis HID Driver: system32 \ drivers \ mouhid.sys (handmatige start) WebDav client-redirector: system32 \ drivers \ mrxdav.sys (handmatige start) MrxSmb: system32 \ drivers \ Mrxsmb.sys (systeem) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manual start) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (manual start) Microsoft Streaming Service-proxy: system32 \ drivers \ MSKSSRV.sys (handmatige start) Microsoft Streaming Clock-proxy: system32 \ drivers \ MSPCLOCK.sys (handmatige start) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (handmatige start) Microsoft System Management BIOS Driver: system32 \ drivers \ mssmbios.sys (handmatige start) Remote Access NDIS TAPI Driver: system32 \ drivers \ ndistapi.sys (handmatige start) NDIS UserMode I / O-protocol: system32 \ drivers \ ndisuio.sys (handmatige start) Remote Access NDIS WAN Driver: system32 \ drivers \ ndiswan.sys (handmatige start) NetBIOS-interface: system32 \ drivers \ netbios.sys (systeem) NetBIOS over Tcpip: System32 \ Drivers \ Netbt.sys (systeem) Network DDE:% SystemRoot% \ system32 \ netdde.exe (gehandicapten) Network DDE DSDM:% SystemRoot% \ system32 \ netdde.exe (gehandicapten) TOSHIBA Network Device UserMode I / O-protocol: system32 \ drivers \ netdevio.sys (autostart) Net Logon:% SystemRoot% \ system32 \ lsass.exe (autostart) Network Connections:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Network Location Awareness (NLA):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (manual start) Removable Storage:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Client Service voor NetWare:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) IPX Traffic Filter Driver: system32 \ drivers \ nwlnkflt.sys (handmatige start) IPX Traffic Forwarder Driver: system32 \ drivers \ nwlnkfwd.sys (handmatige start) NWLink IPX / SPX / NetBIOS Compatible Transport Protocol: system32 \ drivers \ nwlnkipx.sys (autostart) NWLink NetBIOS: system32 \ drivers \ nwlnknb.sys (autostart) NWLink SPX / SPXII protocol: system32 \ drivers \ nwlnkspx.sys (autostart) NetWare Rdr: system32 \ drivers \ nwrdr.sys (handmatige start) Office Source Engine: "C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE" (manual start) PCI Bus Driver: system32 \ drivers \ pci.sys (systeem) PCIIde: system32 \ drivers \ pciide.sys (systeem) Pcmcia: system32 \ drivers \ Pcmcia.sys (systeem) Padus ASPI Shell: system32 \ drivers \ pfc.sys (handmatige start) Plug and Play:% SystemRoot% \ system32 \ Services.exe (autostart) IPSEC Services:% SystemRoot% \ system32 \ lsass.exe (autostart) WAN-minipoort (PPTP): system32 \ drivers \ raspptp.sys (handmatige start) Protected Storage:% SystemRoot% \ system32 \ lsass.exe (autostart) QoS-pakketplanner: system32 \ drivers \ psched.sys (handmatige start) Direct Parallel Link Driver: system32 \ drivers \ ptilink.sys (handmatige start) PxHelp20: System32 \ Drivers \ PxHelp20.sys (systeem) Quanta HotKey Keyboard Filter Driver: system32 \ drivers \ qkbfiltr.sys (handmatige start) Quanta HotKey Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (handmatige start) Remote Access Auto Connection Driver: system32 \ drivers \ rasacd.sys (systeem) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) WAN-minipoort (L2TP): system32 \ drivers \ rasl2tp.sys (handmatige start) Remote Access Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Remote Access PPPOE Driver: system32 \ drivers \ raspppoe.sys (handmatige start) Direct Parallel: system32 \ drivers \ raspti.sys (handmatige start) Rdbss: system32 \ drivers \ Rdbss.sys (systeem) RDPCDD: System32 \ Drivers \ RDPCDD.sys (systeem) Terminal Server Device Redirector Driver: system32 \ drivers \ rdpdr.sys (handmatige start) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: system32 \ drivers \ redbook.sys (systeem) Routing and Remote Access:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (gehandicapten) Remote Registry:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) Remote Procedure Call (RPC) Locator:% SystemRoot% \ system32 \ Locator.exe (handmatige start) Remote Procedure Call (RPC):% SystemRoot% \ system32 \ svchost-k RPCSS (autostart) QoS RSVP:% SystemRoot% \ system32 \ rsvp.exe (handmatige start) Belkin RT2500 Wireless Driver: system32 \ drivers \ RT61.sys (handmatige start) Realtek 10/100/1000 NIC Family alles in een NDIS XP Driver: system32 \ drivers \ Rtlnicxp.sys (handmatige start) Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver: system32 \ drivers \ RTL8139.SYS (handmatige start) Security Accounts Manager:% SystemRoot% \ system32 \ lsass.exe (autostart) Smart Card:% SystemRoot% \ System32 \ SCardSvr.exe (handmatige start) Task Scheduler:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Secdrv: system32 \ drivers \ secdrv.sys (handmatige start) Secondary Logon:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) System Event Notification:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Sitecom seriële poort-stuurprogramma: system32 \ drivers \ ser2pl.sys (handmatige start) Serenum Filter Driver: system32 \ drivers \ serenum.sys (handmatige start) High-Capacity Floppy Disk Drive: system32 \ drivers \ sfloppy.sys (handmatige start) Windows Firewall / Internet Connection Sharing (ICS):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Shell Hardware Detection:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32 \ drivers \ Splitter.sys (handmatige start) Print Spooler:% SystemRoot% \ system32 \ Spoolsv.exe (autostart) System Restore Filter Driver: system32 \ drivers \ sr.sys (systeem) System Restore Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Srv: System32 \ Drivers \ Srv.sys (handmatige start) SSDP Discovery Service:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Nog Serial Digital Camera Driver: system32 \ drivers \ serscan.sys (handmatige start) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ svchost.exe-k imgsvc (autostart) Software Bus Driver: system32 \ drivers \ swenum.sys (handmatige start) Microsoft Kernel GS Wavetable-synthesizer: system32 \ drivers \ swmidi.sys (handmatige start) MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (manual start) Synaptics TouchPad Driver: system32 \ drivers \ SynTP.sys (handmatige start) Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (handmatige start) Prestatielogboeken en Alerts:% SystemRoot% \ system32 \ smlogsvc.exe (handmatige start) Telefonie:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) TCP / IP Protocol Driver: system32 \ drivers \ tcpip.sys (systeem) Terminal Device Driver: system32 \ drivers \ termdd.sys (systeem) Terminal Services:% SystemRoot% \ System32 \ svchost-k DComLaunch (handmatige start) Thema's:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (gehandicapten) tmcomm: \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (autostart) Distributed Link Tracking Client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Microcode Update Driver: system32 \ drivers \ update.sys (handmatige start) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Uninterruptible Power Supply:% SystemRoot% \ System32 \ Ups.exe (handmatige start) Microsoft USB Generic Parent Driver: system32 \ drivers \ usbccgp.sys (handmatige start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \ drivers \ Usbehci.sys (handmatige start) USB2 Enabled Hub: system32 \ drivers \ usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32 \ drivers \ usbohci.sys (handmatige start) Microsoft USB PRINTER Class: system32 \ drivers \ Usbprint.sys (handmatige start) USB-Scanner Driver: system32 \ drivers \ usbscan.sys (handmatige start) USB Mass Storage Driver: system32 \ drivers \ USBSTOR.SYS (handmatige start) Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2: system32 \ drivers \ usb8023.sys (handmatige start) VgaSave: \ SystemRoot \ System32 \ drivers \ vga.sys (systeem) Volume Shadow Copy:% SystemRoot% \ System32 \ vssvc.exe (manual start) Windows Time:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Remote Access IP ARP Driver: system32 \ drivers \ wanarp.sys (handmatige start) Windows CE USB Serial Host Driver: system32 \ drivers \ wceusbsh.sys (handmatige start) Microsoft WINMM WDM Audio Compatibility Driver: system32 \ drivers \ wdmaud.sys (handmatige start) WebClient:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) winachsf: system32 \ drivers \ HSF_CNXT.sys (handmatige start) Windows Management Instrumentation:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Portable Media Serial Number Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manual start) Windows Media Player Network Sharing Service: "C: \ Program Files \ Windows Media Player \ WMPNetwk.exe" (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Milieu: \ SystemRoot \ System32 \ drivers \ ws2ifsl.sys (gehandicapten) Security Center:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Automatische updates:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32 \ drivers \ WudfPf.sys (handmatige start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32 \ drivers \ wudfrd.sys (handmatige start) Windows Driver Foundation - User-mode Driver Framework:% SystemRoot% \ system32 \ svchost.exe-k WudfServiceGroup (handmatige start) Wireless Zero Configuration:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Network Provisioning Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) -------------------------------------------------- Inventariseren van Windows NT logon / Logoff scripts: * No scripts set te lopen * Windows NT checkdisk command: BootExecute = autocheck Autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: * Registry value not found * -------------------------------------------------- Opsomt ShellServiceObjectDelayLoad items: PostBootReminder: C: \ WINDOWS \ system32 \ shell32.dll CDBurn: C: \ WINDOWS \ system32 \ shell32.dll WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll Systray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Autorun inzendingen uit griffie: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ Explorer \ Run * Geen waarden gevonden * -------------------------------------------------- Autorun inzendingen uit griffie: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ Explorer \ Run * Geen waarden gevonden * -------------------------------------------------- Einde van het rapport, 38242 bytes Rapport gegenereerd in 0.266 seconde Opdrachtregel opties: / verbose - de toevoeging van extra informatie over elke sectie / compleet - inclusief lege afdelingen en niet wantrouwend gegevens / full - om meerdere zelden belangrijke punten / force9x - inclusief Win9x-only startups, zelfs als die draait op WinNT / forcent - inclusief WinNT alleen-startups ook al draait op Win9x / forceall - inclusief alle Win9x en WinNT startups, onafhankelijk van het platform / Geschiedenis - de lijst versie geschiedenis alleen |
|
#4
25 maart 2008, 14:47
| |||
| |||
| Trojaans paard Thats a startup lijst van HJT dat is nuttig, maar ik moet de belangrijkste scan. Open HJT en selecteer de Doe een systeem scannen en opslaan van een log-bestand knop. Post dat log aub.
__________________ |
|
#5
27 maart 2008, 12:47
| |||
| |||
| Trojaans paard Hoi, Sorry als ik lijken traag met antwoorden, maar ik heb moeite met het opslaan van de scan! Ik ben al aan HJT run "Doe een systeem scannen en opslaan van een log-bestand, maar als het probeert te openen een logbestand het faalt. De enige manier waarop ik kan zien van het verstrekken van deze informatie is als ik een kopie van het scherm, maar om te posten dat het een groot bestand denk je dat dit een goed idee of is er iets anders kan ik proberen? Groeten Ian A |
|
#6
27 maart 2008, 12:58
| |||
| |||
| Trojaans paard Probeer deze plaats en na de logs van het. Downloaden Deckard's System Scanner (DSS) aan uw Desktop. Opmerking: U moet zijn ingelogd op een account met beheerdersrechten.
Wat DSS zal doen:
__________________ |
|
#7
28 maart 2008, 14:41
| |||
| |||
| Trojaans paard Hoi Ik moet denken! Ik heb geprobeerd naar de warme band Deckards scanner, maar ik vind geen dss.exe. Deckards vraagt me in te schrijven naar een andere website forum vergelijkbaar met degene die ik ben al op Gelieve toe te lichten Ian |
|
#8
28 maart 2008, 14:46
| |||
| |||
| Trojaans paard Gebruik deze link. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________ |
|
#9
7 apr 2008, 00:56
| |||
| |||
| Trojaans paard Hallo, Sorry als het ergens, want ik ben al terug, maar ben ik weg Ik heb nu de scan te doen, en hier zijn de resultaten System Restore ------------------------------------------------ -------------- Met succes een Deckard's System Scanner Restore Point. - Last 5 Restore Point (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - System Checkpoint 47: 2008-04-01 17:50:42 UTC - RP158 - System Checkpoint 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - System Checkpoint - First Restore Point -- 1: 2008-01-04 07:54:54 UTC - RP112 - System Checkpoint Back-up registeronderdelen. Performed disk cleanup. Percentage van het geheugen in gebruik: 76% (meer dan 75%). Total Physical Memory: 447 MiB (512 MiB aanbevolen). - HijackThis (run als iana.exe) ---------------------------------------- -------- Logbestand van Trend Micro HijackThis v2.0.2 Scan opgeslagen om 08:52:30 op 07.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Draaiende processen: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Program Files \ TOSHIBA \ TOSHIBA inzoomen Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch en Start \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Documents and Settings \ iana \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ DSS [1]. Exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ kapen ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (geen naam) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (bestand ontbreekt) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar1.dll O2 - BHO: (geen naam) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe O4 - HKLM \ .. \ Run: [Toshiba Sneltoets Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [SmoothView] C: \ Program Files \ TOSHIBA \ TOSHIBA inzoomen Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ TOSHIBA \ Touch en Start \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe"-nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / geminimaliseerd O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" O4 - HKLM \ .. \ Run: [OPSE herinnering] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI05E6 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O14 - IERESET.INF: START_PAGE_URL = http://Companyweb O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703 O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-kwadraat Scanner) -- http://ax.emsisoft.com/asquared.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: Domeinnaam = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: detcdzqc - athcfg11c.dll (bestand ontbreekt) O23 - Service: Atheros Configuration Service (ACS) - Onbekende eigenaar - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- End of file - 9862 bytes - HijackThis Fixed Entries (C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ kapen ~ 1 \ backups \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ WKS-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ E_S4I0T 1.exe / blz. 33 "\ \ WKS-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 O20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ SYSTEM32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Environment Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE backup-20071219-071455-780 O2 - BHO: (geen naam) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (geen naam) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (bestand ontbreekt) backup-20080327-194139-797 O2 - BHO: (geen naam) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (geen naam) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - Bestandsassociaties ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.exe, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.exe / DDE - Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - c: \ program files \ superantispyware \ sasdifsv.sys R1 SASKUTIL - c: \ program files \ superantispyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <Niet Verified; MicroStaff Co.,Ltd.; Aspi32 driver voor WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <Niet Verified; Conexant; Diagnostic interface> R2 Netdevio (TOSHIBA Network Device UserMode I / O-protocol) - c: \ windows \ system32 \ drivers \ netdevio.sys <Niet Verified; TOSHIBA Corporation.; TOSHIBA Network Device UserMode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Niet Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Access 32bits INT15 routine) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Niet Verified; Quanta Computer Corp; Toshiba HwSetup Driver> R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Niet Verified; Conexant Systems Inc.; Conexant Audio Driver> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <Niet Verified; Conexant Systems Inc.; Conexant AmcHal Driver> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <Niet Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <Niet Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Niet Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 pfc (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Niet Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Niet Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver> R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Niet Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver> R3 SASENUM - c: \ program files \ superantispyware \ sasenum.sys <Niet Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <Niet Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11g \ dnindis5.sys (bestand ontbreekt) S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c: \ windows \ system32 \ gtndis5.sys (bestand ontbreekt) S3 RT61 (RT2500 Belkin Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (bestand ontbreekt) S3 Ser2pl (Sitecom Serial port driver) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Niet Verified; productief Technologie Inc.; productief USB-to-Serial Bridge Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Niet Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> - Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - c: \ program files \ toshiba \ configfree \ cfsvcs.exe <Niet Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Device Manager: Disabled -------------------------------------------- -------- Nr. gehandicapten hulpmiddelen gevonden. - Geplande taken ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Program Check.job 2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job - Bestanden gemaakt tussen 2008-03-07 en 2008-04-07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ iana \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard - Find3M Rapport ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ iana \ Application Data \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ iana \ Application Data \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files 2008-03-25 10:03:27 0 d -------- C: \ Program Files \ Common Files \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java 2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ iana \ Application Data \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Program Files \ Common Files \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google 2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover FREE 2008-02-21 12:04:40 0 d -------- C: \ Program Files \ de muren van Jericho 2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creatieve Idee cd 2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Removal Man 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games 2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited 2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat - Registry Dump ---------------------------------------------- ----------------- * Note * empty entries & legit default entries worden niet weergegeven [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe" [17/12/2005 00:32] "Toshiba Sneltoets Utility" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe] "NDSTray.exe" = "NDSTray.exe" [] "SmoothView" = "C: \ Program Files \ TOSHIBA \ TOSHIBA inzoomen Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Program Files \ TOSHIBA \ Touch en Start \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [11/06/2007 10:25] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00] "OPSE herinnering" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07/07/2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "TOSCDSPD" = "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [04/08/2004 14:00] "PnPUI registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "Msmsgs" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ Policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] "Authentication Packages" = MSV1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-b600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - End of Deckard's System Scanner: afgewerkt op 2008-04-07 08:53:08 ------------ Hoop dat dit alles is zinvol voor u Groeten Iana |
