Archief - Foutmelding 80040154 bij WLM

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
J

Juisterr

Legacy Member
Als dat niet lukt doe dan dit.

explorer

Downloaden en dubbelklikken.
Het killed het proces explorer.exe
Het verwijderd de oude explorer.exe
Het kopieert de nieuwe.
Het start explorer opnieuw.
o

osmplayer

Legacy Member
Hee Ik weet niet hoe ik nu kan zien of dat heeft gewertk maar ikkan mijn windows XP cd niet vinden.
enMessenger live doet het nog steeds net ik krijg nog steeds die foutmelding
J

Juisterr

Legacy Member
Verwijder handmatig combofix en download het daarna opnieuw.
Doe een nieuwe scan ermee en plaats de uitslag aub.
o

osmplayer

Legacy Member
ComboFix 10-11-28.01 - van veen 28-11-2010 22:07:08.7.1 - x86
Gestart vanuit: c:\documents and settings\van veen\Bureaublad\ComboFix1.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-28 to 2010-11-28 ))))))))))))))))))))))))))))))
.

2010-12-02 12:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-30 09:52 . 2010-11-30 09:52 -------- d-----w- c:\documents and settings\Gast\Application Data\AVG9
2010-11-28 19:08 . 2008-04-15 13:00 1037312 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2010-11-28 19:08 . 2008-04-15 13:00 1037312 ----a-w- c:\windows\explorer.exe
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Application Data\BabylonToolbar
2010-11-24 21:10 . 2010-11-24 21:10 -------- d-----w- c:\program files\FoxTabVideo2Mp3Converter
2010-11-24 19:57 . 2010-11-24 21:10 -------- d-----w- c:\program files\Babylon
2010-11-20 12:49 . 2010-11-20 13:06 -------- d-----w- c:\documents and settings\van veen\Application Data\Mp3Tube Toolbar
2010-11-15 20:22 . 2010-11-15 20:22 -------- d-----w- c:\documents and settings\van veen\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 20:21 . 2010-11-15 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-15 20:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 20:21 . 2010-11-24 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 23:39 . 2010-11-28 19:03 -------- d--h--r- c:\documents and settings\van veen\Onlangs geopend
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\program files\CCleaner
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Softonic-Eng7
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-12 23:38 . 2010-11-12 23:38 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\WMTools Downloaded Files
2010-11-12 22:56 . 2010-11-12 22:56 388096 ----a-r- c:\documents and settings\van veen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 22:33 . 2010-11-12 22:33 -------- d-----w- c:\program files\Trend Micro
2010-11-12 21:16 . 2010-11-12 23:38 -------- d-----w- c:\program files\Windows Live
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\DriverCure
2010-11-12 19:50 . 2010-11-12 19:50 -------- d-----w- c:\documents and settings\van veen\Application Data\ParetoLogic
2010-11-12 18:24 . 2010-11-12 21:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:20 . 2010-11-24 21:10 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\Conduit
2010-11-12 16:20 . 2010-11-12 16:20 -------- d-----w- c:\documents and settings\van veen\Application Data\GlarySoft
2010-11-12 00:21 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-12 00:21 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 00:21 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-12 00:20 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-12 00:20 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-12 00:20 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-12 00:20 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-12 00:20 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 00:20 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\program files\Alwil Software
2010-11-12 00:20 . 2010-11-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 00:02 . 2010-11-12 00:02 -------- d-----w- c:\documents and settings\van veen\Local Settings\Application Data\PackageAware
2010-11-11 22:51 . 2010-11-11 22:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-11 10:10 . 2010-11-11 10:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 10:07 . 2010-11-12 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\abe1cb
2010-11-11 10:07 . 2010-11-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SMBHWHOYXRE
2010-11-11 09:27 . 2010-11-11 09:27 -------- d-----w- c:\documents and settings\van veen\Application Data\Sammsoft
2010-11-11 09:27 . 2010-11-11 10:07 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-11-10 22:25 . 2010-11-10 22:25 -------- d-----w- c:\program files\Microsoft
2010-11-10 19:40 . 2010-11-10 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 17:12 . 2010-11-10 22:25 -------- d-----w- c:\documents and settings\van veen\Application Data\GetRightToGo
2010-11-09 16:21 . 2010-11-10 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-11-09 11:37 . 2010-11-09 11:39 -------- d-----w- c:\documents and settings\van veen\Application Data\Fighters
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-08 23:51 . 2010-11-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-08 20:16 . 2010-11-11 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 21:27 . 2008-04-14 20:33 510464 ----a-w- c:\windows\system32\winlogon(2).exe
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 20:32 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 20:32 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-09-07 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-13 10:44 . 2010-09-13 10:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 10:44 . 2010-09-13 10:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-09 13:35 . 2008-05-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:35 . 2008-05-05 20:32 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:35 . 2008-05-05 20:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:35 . 2008-05-05 20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:58 . 2008-05-05 20:32 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2008-04-14 20:30 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 20:05 1852928 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2009-07-11 . A61F29AE9E7F1FD2EFB9F91F5461A7EB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-24_21.33.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-28 06:56 . 2010-11-28 06:56 16384 c:\windows\temp\Perflib_Perfdata_2c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-11-2010 1:21 165584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/17 18:29];c:\program files\CyberLink\PowerDVD9\000.fcl [7-5-2009 21:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-11-2010 1:21 17744]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\Drivers\AVGIDSxx.sys --> c:\windows\system32\Drivers\AVGIDSxx.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17-4-2010 16:55 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16-1-2010 20:37 30104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:54]

2010-11-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://dutch.ircfast2.com/nl/index.php?rvs=hompag/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-28 22:16
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Voltooingstijd: 2010-11-28 22:19:16
ComboFix-quarantined-files.txt 2010-11-28 21:19
ComboFix2.txt 2010-11-27 09:16
ComboFix3.txt 2010-11-26 14:56
ComboFix4.txt 2010-11-25 11:39
ComboFix5.txt 2010-11-28 21:04

Pre-Run: 16.433.897.472 bytes beschikbaar
Post-Run: 16.460.099.584 bytes beschikbaar

- - End Of File - - 0E9918F87A6F16BA1E26A3D76E55A6DC
J

Juisterr

Legacy Member
Kijk nu wel gelukt zie ik.

Wil je nu dit eens doen aub.


Download Trojan Remover van SimplySup
Download Trojan Remover
Platform:Windows 2000 – XP – Vista 32Bit - Windows 7

Accepteer de licentie overeenkomst en installeer T&R
Update T&R
Als er een melding komt dat er geen Internet vebinding is,kies in het venter een andere Server(Server2)
  • Start T&R en klik “Contenue”
  • Klik>>File en kies voor “Scan for Active Malware”
  • De-activeer je Virusscanner
Aan het eind van de scan klik “View Log File” en post de inhoud in het Forum als daarom gevraagd word

T&R mag je 30 dagen gebruiken!
o

osmplayer

Legacy Member
Heee
Wat is er gelukt?
Er is nu wel een anderprobleem opgelost door da linkje EXPLORER van je vorige berichten.
Eerst stond mijn bureablad en taakbalk er nooit als ik de computer opstarten maar nu voortaan wel.
mar ik zal morge vroeg even dat programma downloaden en dan laat ik het wete.
Groetjes
J

Juisterr

Legacy Member
deze foutmelding is nu weg.

c:\windows\explorer.exe ... is niet aanwezig !!
Die is nu weer terug dus.
o

osmplayer

Legacy Member
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2597. For information, email [email protected]
[Unregistered version]
Scan started at: 15:39:55 01 dec 2010
Using Database v7616
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\van veen\Mijn documenten\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:39:55: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:39:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 28-11-2010 20:08
Modified: 15-4-2008 14:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
-R- 577536 bytes
Created: 16-1-2010 19:55
Modified: 17-11-2006 4:42
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 17-1-2010 14:04
Modified: 12-1-2006 15:40
Company: Nero AG
--------------------
Value Name: RemoteControl9
Value Data: "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
87336 bytes
Created: 27-4-2009 20:41
Modified: 27-4-2009 20:41
Company: CyberLink Corp.
--------------------
Value Name: PDVD9LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
50472 bytes
Created: 27-4-2009 17:50
Modified: 27-4-2009 17:50
Company: CyberLink Corp.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 17-1-2010 18:29
Modified: 7-5-2009 20:05
Company: cyberlink
--------------------
Value Name: CanonMyPrinter
Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
1983816 bytes
Created: 20-1-2010 19:18
Modified: 19-10-2009 2:12
Company: CANON INC.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
248552 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35760 bytes
Created: 22-12-2009 0:57
Modified: 22-12-2009 0:57
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 11-12-2009 14:57
Modified: 21-9-2010 19:37
Company: Adobe Systems Incorporated
--------------------
Value Name: avast5
Value Data: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
C:\Program Files\Alwil Software\Avast5\avastUI.exe
2838912 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:12
Company: AVAST Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 1-12-2010 15:38
Modified: 24-11-2010 15:26
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13-9-2010 11:47
Modified: 13-9-2010 11:47
Company: Google Inc.
--------------------
Value Name: msnmsgr
Value Data: "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
3872080 bytes
Created: 16-4-2010 22:12
Modified: 16-4-2010 22:12
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:39:59: Scanning -----SHELLEXECUTEHOOKS-----

************************************************************
15:40:00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:40:00: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\VAILLA~1.SCR
C:\WINDOWS\VAILLA~1.SCR
186368 bytes
Created: 17-1-2010 14:28
Modified: 14-11-2005 10:22
Company: [no info]
--------------------

************************************************************
15:40:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:40:00: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 16-1-2010 19:25
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------

************************************************************
15:40:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 13-4-2008 23:10
Modified: 14-4-2008 1:10
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSErHrxpx
ImagePath: System32\Drivers\AVGIDSxx.sys
C:\WINDOWS\System32\Drivers\AVGIDSxx.sys - [file not found to scan]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\VANVEE~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr_tdi.sys
C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
Key: McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe - [file not found to scan]
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
126686 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
1309184 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: NtMtlFax
ImagePath: system32\DRIVERS\NtMtlFax.sys
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
180360 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: RecAgent
ImagePath: system32\DRIVERS\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\RecAgent.sys
13776 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 10-11-2010 16:39
Modified: 14-1-2009 17:53
Company: Microsoft Corp.
----------
Key: Slntamr
ImagePath: system32\DRIVERS\slntamr.sys
C:\WINDOWS\system32\DRIVERS\slntamr.sys
404990 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\Slnthal.sys
95424 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
73796 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 23:33
Company: Smart Link
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
13240 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{86850CE9-3854-4266-B6CD-B5B0868D0030}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 5-5-2008 21:31
Modified: 5-5-2008 21:31
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 7-5-2009 21:05
Modified: 7-5-2009 21:05
Company: CyberLink Corp.
----------

************************************************************
15:40:05: Scanning -----VXD ENTRIES-----

************************************************************
15:40:05: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:40:05: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast5\ashShell.dll
C:\Program Files\Alwil Software\Avast5\ashShell.dll
81072 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:13
Company: AVAST Software
----------
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
15:40:05: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
373248 bytes
Created: 2-7-2009 15:06
Modified: 2-7-2009 15:06
Company: Sun Microsystems, Inc.
----------

************************************************************
15:40:05: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 14-1-2009 16:49
Modified: 14-1-2009 16:49
Company: Microsoft Corp.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
297648 bytes
Created: 13-9-2010 11:47
Modified: 25-10-2010 14:32
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
843832 bytes
Created: 25-10-2010 14:35
Modified: 25-10-2010 14:35
Company: Google Inc.
----------

************************************************************
15:40:05: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------

************************************************************
15:40:06: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:40:06: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:40:06: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
15:40:06: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:40:06: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
-HS- 84 bytes
Created: 16-1-2010 20:19
Modified: 16-1-2010 19:28
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:40:06: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 2-12-2010 0:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: elke 1 uur, vanaf 0:26 uur, gedurende 24 uur elke dag, te beginnen op 14-10-2010
Next Run Time: 1-12-2010 16:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: Scheduled Update for Ask Toolbar
File: C:\Program Files\Ask.com\UpdateTask.exe
C:\Program Files\Ask.com\UpdateTask.exe
96136 bytes
Created: 28-9-2010 22:44
Modified: 28-9-2010 22:44
Company: [no info]
Schedule: elke 1 uur, vanaf 1:01 uur, gedurende 24 uur elke dag, te beginnen op 1-1-2008
Next Run Time: 1-12-2010 16:01:00
Status: Ready
Creator: van veen
Comments:
----------

************************************************************
15:40:07: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:40:07: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created: 17-1-2010 14:13
Modified: 25-1-2004 17:18
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 17-1-2010 14:13
Modified: 21-9-2007 1:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
839680 bytes
Created: 17-1-2010 14:13
Modified: 24-9-2008 19:41
Company: www
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
85504 bytes
Created: 17-1-2010 14:13
Modified: 13-10-2009 19:00
Company: [no info]
----------

************************************************************
15:40:07: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:40:10: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 14-4-2008 21:33
Modified: 9-2-2009 12:27
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe - file already scanned
--------------------
C:\Program Files\Cyberlink\Shared Files\brs.exe - file already scanned
--------------------
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\avastUI.exe - file already scanned
--------------------
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
o

osmplayer

Legacy Member
Created: 14-4-2008 21:33
Modified: 17-8-2010 14:17
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 13-9-2010 11:44
Modified: 13-9-2010 11:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\WINDOWS\system32\slserv.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
501480 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\internet explorer\iexplore.exe
634648 bytes
Created: 16-1-2010 19:25
Modified: 25-8-2010 12:30
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\tmj91.exe
FileSize: 3761072
[This is a Trojan Remover component]
--------------------

************************************************************
15:40:14: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Windows programs
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Startpagina.nl - alles op een rijtje! (ook op mobiel)
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:40:15 01 dec 2010
Total Scan time: 00:00:19
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2597. For information, email [email protected]
[Unregistered version]
Scan started at: 15:38:46 01 dec 2010
Using Database v7616
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\van veen\Mijn documenten\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:38:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:38:46: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 28-11-2010 20:08
Modified: 15-4-2008 14:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
-R- 577536 bytes
Created: 16-1-2010 19:55
Modified: 17-11-2006 4:42
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 17-1-2010 14:04
Modified: 12-1-2006 15:40
Company: Nero AG
--------------------
Value Name: RemoteControl9
Value Data: "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
87336 bytes
Created: 27-4-2009 20:41
Modified: 27-4-2009 20:41
Company: CyberLink Corp.
--------------------
Value Name: PDVD9LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
50472 bytes
Created: 27-4-2009 17:50
Modified: 27-4-2009 17:50
Company: CyberLink Corp.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 17-1-2010 18:29
Modified: 7-5-2009 20:05
Company: cyberlink
--------------------
Value Name: CanonMyPrinter
Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
1983816 bytes
Created: 20-1-2010 19:18
Modified: 19-10-2009 2:12
Company: CANON INC.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
248552 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35760 bytes
Created: 22-12-2009 0:57
Modified: 22-12-2009 0:57
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 11-12-2009 14:57
Modified: 21-9-2010 19:37
Company: Adobe Systems Incorporated
--------------------
Value Name: avast5
Value Data: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
C:\Program Files\Alwil Software\Avast5\avastUI.exe
2838912 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:12
Company: AVAST Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 1-12-2010 15:38
Modified: 24-11-2010 15:26
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13-9-2010 11:47
Modified: 13-9-2010 11:47
Company: Google Inc.
--------------------
Value Name: msnmsgr
Value Data: "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
3872080 bytes
Created: 16-4-2010 22:12
Modified: 16-4-2010 22:12
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:38:51: Scanning -----SHELLEXECUTEHOOKS-----

************************************************************
15:38:51: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:38:51: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\VAILLA~1.SCR
C:\WINDOWS\VAILLA~1.SCR
186368 bytes
Created: 17-1-2010 14:28
Modified: 14-11-2005 10:22
Company: [no info]
--------------------

************************************************************
15:38:51: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:38:52: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 16-1-2010 19:25
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------

************************************************************
15:38:54: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 13-4-2008 23:10
Modified: 14-4-2008 1:10
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSErHrxpx
ImagePath: System32\Drivers\AVGIDSxx.sys
C:\WINDOWS\System32\Drivers\AVGIDSxx.sys - [file not found to scan]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\VANVEE~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr_tdi.sys
C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
Key: McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe - [file not found to scan]
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
126686 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
1309184 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: NtMtlFax
ImagePath: system32\DRIVERS\NtMtlFax.sys
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
180360 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: RecAgent
ImagePath: system32\DRIVERS\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\RecAgent.sys
13776 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 10-11-2010 16:39
Modified: 14-1-2009 17:53
Company: Microsoft Corp.
----------
Key: Slntamr
ImagePath: system32\DRIVERS\slntamr.sys
C:\WINDOWS\system32\DRIVERS\slntamr.sys
404990 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\Slnthal.sys
95424 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
73796 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 23:33
Company: Smart Link
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
13240 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{86850CE9-3854-4266-B6CD-B5B0868D0030}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 5-5-2008 21:31
Modified: 5-5-2008 21:31
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 7-5-2009 21:05
Modified: 7-5-2009 21:05
Company: CyberLink Corp.
----------

************************************************************
15:39:01: Scanning -----VXD ENTRIES-----

************************************************************
15:39:01: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:39:01: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast5\ashShell.dll
C:\Program Files\Alwil Software\Avast5\ashShell.dll
81072 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:13
Company: AVAST Software
----------
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
15:39:01: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
373248 bytes
Created: 2-7-2009 15:06
Modified: 2-7-2009 15:06
Company: Sun Microsystems, Inc.
----------

************************************************************
15:39:01: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 14-1-2009 16:49
Modified: 14-1-2009 16:49
Company: Microsoft Corp.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
297648 bytes
Created: 13-9-2010 11:47
Modified: 25-10-2010 14:32
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
843832 bytes
Created: 25-10-2010 14:35
Modified: 25-10-2010 14:35
Company: Google Inc.
----------

************************************************************
15:39:02: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------

************************************************************
15:39:02: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:39:02: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:39:02: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
15:39:02: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:39:02: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
-HS- 84 bytes
Created: 16-1-2010 20:19
Modified: 16-1-2010 19:28
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:39:03: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 2-12-2010 0:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: elke 1 uur, vanaf 0:26 uur, gedurende 24 uur elke dag, te beginnen op 14-10-2010
Next Run Time: 1-12-2010 16:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: Scheduled Update for Ask Toolbar
File: C:\Program Files\Ask.com\UpdateTask.exe
C:\Program Files\Ask.com\UpdateTask.exe
96136 bytes
Created: 28-9-2010 22:44
Modified: 28-9-2010 22:44
Company: [no info]
Schedule: elke 1 uur, vanaf 1:01 uur, gedurende 24 uur elke dag, te beginnen op 1-1-2008
Next Run Time: 1-12-2010 16:01:00
Status: Ready
Creator: van veen
Comments:
----------

************************************************************
15:39:03: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:39:03: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created: 17-1-2010 14:13
Modified: 25-1-2004 17:18
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 17-1-2010 14:13
Modified: 21-9-2007 1:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
839680 bytes
Created: 17-1-2010 14:13
Modified: 24-9-2008 19:41
Company: www
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
85504 bytes
Created: 17-1-2010 14:13
Modified: 13-10-2009 19:00
Company: [no info]
----------

************************************************************
15:39:05: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:39:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 14-4-2008 21:33
Modified: 9-2-2009 12:27
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe - file already scanned
--------------------
C:\Program Files\Cyberlink\Shared Files\brs.exe - file already scanned
--------------------
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\avastUI.exe - file already scanned
--------------------
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 14-4-2008 21:33
Modified: 17-8-2010 14:17
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 13-9-2010 11:44
Modified: 13-9-2010 11:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\WINDOWS\system32\slserv.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
501480 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\internet explorer\iexplore.exe
634648 bytes
Created: 16-1-2010 19:25
Modified: 25-8-2010 12:30
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\jjd8F.exe
FileSize: 3761072
[This is a Trojan Remover component]
--------------------

************************************************************
15:39:20: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Windows programs
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Startpagina.nl - alles op een rijtje! (ook op mobiel)
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:39:20 01 dec 2010
Total Scan time: 00:00:33
************************************************************


hallo als het goed is is dit wat je bedoeld. het kon niet in 1 bericht dus staat het in 2
o

osmplayer

Legacy Member
Created: 14-4-2008 21:33
Modified: 17-8-2010 14:17
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 13-9-2010 11:44
Modified: 13-9-2010 11:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\WINDOWS\system32\slserv.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
501480 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\internet explorer\iexplore.exe
634648 bytes
Created: 16-1-2010 19:25
Modified: 25-8-2010 12:30
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\tmj91.exe
FileSize: 3761072
[This is a Trojan Remover component]
--------------------

************************************************************
15:40:14: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Windows programs
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Startpagina.nl - alles op een rijtje! (ook op mobiel)
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Sign In

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:40:15 01 dec 2010
Total Scan time: 00:00:19
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2597. For information, email [email protected]
[Unregistered version]
Scan started at: 15:38:46 01 dec 2010
Using Database v7616
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\van veen\Mijn documenten\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:38:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:38:46: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 28-11-2010 20:08
Modified: 15-4-2008 14:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
-R- 577536 bytes
Created: 16-1-2010 19:55
Modified: 17-11-2006 4:42
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 17-1-2010 14:04
Modified: 12-1-2006 15:40
Company: Nero AG
--------------------
Value Name: RemoteControl9
Value Data: "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
87336 bytes
Created: 27-4-2009 20:41
Modified: 27-4-2009 20:41
Company: CyberLink Corp.
--------------------
Value Name: PDVD9LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
50472 bytes
Created: 27-4-2009 17:50
Modified: 27-4-2009 17:50
Company: CyberLink Corp.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 17-1-2010 18:29
Modified: 7-5-2009 20:05
Company: cyberlink
--------------------
Value Name: CanonMyPrinter
Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
1983816 bytes
Created: 20-1-2010 19:18
Modified: 19-10-2009 2:12
Company: CANON INC.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
248552 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35760 bytes
Created: 22-12-2009 0:57
Modified: 22-12-2009 0:57
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 11-12-2009 14:57
Modified: 21-9-2010 19:37
Company: Adobe Systems Incorporated
--------------------
Value Name: avast5
Value Data: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
C:\Program Files\Alwil Software\Avast5\avastUI.exe
2838912 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:12
Company: AVAST Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 1-12-2010 15:38
Modified: 24-11-2010 15:26
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13-9-2010 11:47
Modified: 13-9-2010 11:47
Company: Google Inc.
--------------------
Value Name: msnmsgr
Value Data: "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
3872080 bytes
Created: 16-4-2010 22:12
Modified: 16-4-2010 22:12
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:38:51: Scanning -----SHELLEXECUTEHOOKS-----

************************************************************
15:38:51: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:38:51: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\VAILLA~1.SCR
C:\WINDOWS\VAILLA~1.SCR
186368 bytes
Created: 17-1-2010 14:28
Modified: 14-11-2005 10:22
Company: [no info]
--------------------

************************************************************
15:38:51: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:38:52: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 16-1-2010 19:25
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
--------------------

************************************************************
15:38:54: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 13-4-2008 23:10
Modified: 14-4-2008 1:10
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:11
Company: AVAST Software
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
30104 bytes
Created: 16-1-2010 20:37
Modified: 16-1-2010 23:41
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSErHrxpx
ImagePath: System32\Drivers\AVGIDSxx.sys
C:\WINDOWS\System32\Drivers\AVGIDSxx.sys - [file not found to scan]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\VANVEE~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr_tdi.sys
C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
----------
Key: McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe - [file not found to scan]
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
126686 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
1309184 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: NtMtlFax
ImagePath: system32\DRIVERS\NtMtlFax.sys
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
180360 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: RecAgent
ImagePath: system32\DRIVERS\RecAgent.sys
C:\WINDOWS\system32\DRIVERS\RecAgent.sys
13776 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 10-11-2010 16:39
Modified: 14-1-2009 17:53
Company: Microsoft Corp.
----------
Key: Slntamr
ImagePath: system32\DRIVERS\slntamr.sys
C:\WINDOWS\system32\DRIVERS\slntamr.sys
404990 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\Slnthal.sys
95424 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
73796 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 23:33
Company: Smart Link
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
13240 bytes
Created: 16-1-2010 20:20
Modified: 14-4-2008 0:53
Company: Smart Link
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{86850CE9-3854-4266-B6CD-B5B0868D0030}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 5-5-2008 21:31
Modified: 5-5-2008 21:31
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 7-5-2009 21:05
Modified: 7-5-2009 21:05
Company: CyberLink Corp.
----------

************************************************************
15:39:01: Scanning -----VXD ENTRIES-----

************************************************************
15:39:01: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:39:01: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast5\ashShell.dll
C:\Program Files\Alwil Software\Avast5\ashShell.dll
81072 bytes
Created: 12-11-2010 1:20
Modified: 7-9-2010 17:13
Company: AVAST Software
----------
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
15:39:01: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
373248 bytes
Created: 2-7-2009 15:06
Modified: 2-7-2009 15:06
Company: Sun Microsystems, Inc.
----------

************************************************************
15:39:01: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 14-1-2009 16:49
Modified: 14-1-2009 16:49
Company: Microsoft Corp.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
297648 bytes
Created: 13-9-2010 11:47
Modified: 25-10-2010 14:32
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
843832 bytes
Created: 25-10-2010 14:35
Modified: 25-10-2010 14:35
Company: Google Inc.
----------

************************************************************
15:39:02: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 14-4-2008 21:32
Modified: 14-4-2008 21:32
Company: Microsoft Corporation
----------

************************************************************
15:39:02: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:39:02: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:39:02: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
15:39:02: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:39:02: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
-HS- 84 bytes
Created: 16-1-2010 20:19
Modified: 16-1-2010 19:28
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:39:03: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 2-12-2010 0:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 17-4-2010 16:55
Modified: 17-4-2010 16:54
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: elke 1 uur, vanaf 0:26 uur, gedurende 24 uur elke dag, te beginnen op 14-10-2010
Next Run Time: 1-12-2010 16:26:00
Status: Ready
Creator: SYSTEM
Comments: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze taak wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt.
----------
Taskname: Scheduled Update for Ask Toolbar
File: C:\Program Files\Ask.com\UpdateTask.exe
C:\Program Files\Ask.com\UpdateTask.exe
96136 bytes
Created: 28-9-2010 22:44
Modified: 28-9-2010 22:44
Company: [no info]
Schedule: elke 1 uur, vanaf 1:01 uur, gedurende 24 uur elke dag, te beginnen op 1-1-2008
Next Run Time: 1-12-2010 16:01:00
Status: Ready
Creator: van veen
Comments:
----------

************************************************************
15:39:03: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:39:03: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created: 17-1-2010 14:13
Modified: 25-1-2004 17:18
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 17-1-2010 14:13
Modified: 21-9-2007 1:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
839680 bytes
Created: 17-1-2010 14:13
Modified: 24-9-2008 19:41
Company: www
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
85504 bytes
Created: 17-1-2010 14:13
Modified: 13-10-2009 19:00
Company: [no info]
----------

************************************************************
15:39:05: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\van veen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
23970870 bytes
Created: 20-1-2010 20:45
Modified: 25-10-2010 20:32
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:39:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 14-4-2008 21:33
Modified: 9-2-2009 12:27
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe - file already scanned
--------------------
C:\Program Files\Cyberlink\Shared Files\brs.exe - file already scanned
--------------------
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\avastUI.exe - file already scanned
--------------------
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 14-4-2008 21:33
Modified: 17-8-2010 14:17
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 13-9-2010 11:44
Modified: 13-9-2010 11:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\WINDOWS\system32\slserv.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14-4-2008 21:33
Modified: 14-4-2008 21:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
501480 bytes
Created: 14-5-2010 10:44
Modified: 14-5-2010 10:44
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\internet explorer\iexplore.exe
634648 bytes
Created: 16-1-2010 19:25
Modified: 25-8-2010 12:30
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\van veen\Application Data\Simply Super Software\Trojan Remover\jjd8F.exe
FileSize: 3761072
[This is a Trojan Remover component]
--------------------

************************************************************
15:39:20: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Windows programs
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Startpagina.nl - alles op een rijtje! (ook op mobiel)
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Sign In

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:39:20 01 dec 2010
Total Scan time: 00:00:33
************************************************************


hallo als het goed is is dit wat je bedoeld. het kon niet in 1 bericht dus staat het in 2
o

osmplayer

Legacy Member
Jha dat klopt ja dat ene probleem is nu opgelost.
Nu alleen Die foutmelding van windows live messenger nog die is nog steeds zo
Groetjess
J

Juisterr

Legacy Member
Verwijder windows live messenger en installeer deze opnieuw, dat lijkt me de enige oplossing.
o

osmplayer

Legacy Member
ik kan windows live niet vinden in mijn software dus hoe moet ik hem dan verwijderen.
Ik heb wel Zapmessenger.?
o

osmplayer

Legacy Member
en datheb ik geprobeerd maar hij doet het ng steeds niet
steeds dezelfde foutmelding
J

Juisterr

Legacy Member
Download zoek.exe
Plaats hem op je bureaublad en dubbelklik hem om te starten.
Dubbelklik zoek.exe opnieuw om hem te starten.
Typ B gevolgd door Enter om de "Custom search" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:

Code: 
msnmsgr.exe;
Als je code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.
o

osmplayer

Legacy Member
Hallo hij zegd bestand niet gevonden en dan komt er dese log

==================
Zoek.exe by smeenk
Updated 03-12-2010
==================
*************Folders************


**************Files*************

Listing of 34E7-271B C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2010-04-16 22:12:58 A------- 3,872,080 msnmsgr.exe
Listing of 34E7-271B C:\WINDOWS\Prefetch\MSNMSGR.EXE-030AB647.pf
2010-12-02 12:33:29 A------- 72,418 MSNMSGR.EXE-030AB647.pf
Listing of 34E7-271B C:\WINDOWS\Prefetch\MSNMSGR.EXE-05B6CB67.pf
2010-12-02 12:25:51 A------- 47,770 MSNMSGR.EXE-05B6CB67.pf
********************************
J

Juisterr

Legacy Member
Welk gevonden dus, hij staat dus op je computer.

Verwijder hem nu start opnieuw op en download hem opnieuw.

Als het goed is zal hij het als normaal gewoon doen.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan