Archief - Laptop: bij opstarten wordt mijn documenten automatisch geopend

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Violator

Legacy Member
Hey

Zoals in de titel beschreven heb ik de sinds een paar weken last dat mijn documenten automatisch wordt geopend wanneer mijn laptop opstart:

Kan je eens kijken naar mijn log file?

TIA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:43, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe
C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" /startup
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [System] explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\RunServices: [System] explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [System] explorer.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/44.09/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230040224062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...3/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
O23 - Service: CCEClient - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RedundancyControl - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
O23 - Service: RedundancyState - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: SCSMonitor - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
O23 - Service: SIMATIC NET Synchronization Service (sim9sync) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PROFINET CbA - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server PROFINET IO - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpnio\scorepnio.exe
O23 - Service: SIMATIC NET Core Server S7 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager (SIMATIC NET RouteManager) - SIEMENS AG - C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SIMATIC Security Control Service (SSCService) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
O23 - Service: SIMATIC NET Station Manager (StatMgr) - Siemens AG - C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15717 bytes

Juisterr

Legacy Member
Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Violator

Legacy Member
Logje HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:53, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe
C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe
C:\WINDOWS\system32\S7OTBXSX.EXE
C:\Program Files\Siemens\Step7\s7bin\s7acmgrx.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Transfer\TransferTool.exe
C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" /startup
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\RunServices: [System] explorer.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [System] explorer.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/44.09/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230040224062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...3/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
O23 - Service: CCEClient - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RedundancyControl - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
O23 - Service: RedundancyState - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: SCSMonitor - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
O23 - Service: SIMATIC NET Synchronization Service (sim9sync) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PROFINET CbA - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server PROFINET IO - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpnio\scorepnio.exe
O23 - Service: SIMATIC NET Core Server S7 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager (SIMATIC NET RouteManager) - SIEMENS AG - C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SIMATIC Security Control Service (SSCService) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
O23 - Service: SIMATIC NET Station Manager (StatMgr) - Siemens AG - C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 16000 bytes


Logje Malware:

Malwarebytes' Anti-Malware 1.34
Database versie: 1773
Windows 5.1.2600 Service Pack 3

18/02/2009 8:59:15
mbam-log-2009-02-18 (08-59-15).txt

Scan type: Snelle Scan
Objecten gescand: 96937
Verstreken tijd: 13 minute(s), 33 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\hhupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hij heeft wel niet gevraagd om opnieuw op te starten. Is dit nodig voor de log files anders maak ik ze wel eens opnieuw?

Thanx

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\RunServices: [System] explorer.exe
O4 - HKCU\..\RunServices: [System] explorer.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab



Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Violator

Legacy Member
Aub

ComboFix 09-02-17.02 - Pieter 2009-02-18 19:52:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2046.1186 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Pieter\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1PVPstWsQattis
c:\windows\1PVPstWsQattis\00000000000000000000.DLL
c:\windows\3PQPQpexYafmis
c:\windows\3PQPQpexYafmis\00000000000000000000.DLL
c:\windows\3PQPQpexYattis
c:\windows\3PQPQpexYattis\00000000000000000000.DLL
c:\windows\3PUP_lcsQafmis
c:\windows\3PUP_lcsQafmis\00000000000000000000.DLL
c:\windows\4PUPQPPPPPfmis
c:\windows\4PUPQPPPPPfmis\00000000000000000000.DLL
c:\windows\4PUPRPPPPPfmis
c:\windows\4PUPRPPPPPfmis\00000000000000000000.DLL
c:\windows\4PUPSPPPPPfmis
c:\windows\4PUPSPPPPPfmis\00000000000000000000.DLL
c:\windows\4PUPTPQWQattis
c:\windows\4PUPTPQWQattis\00000000000000000000.DLL
c:\windows\system32\1PVPstWsQattis
c:\windows\system32\1PVPstWsQattis\00000000000000000000.DLL
c:\windows\system32\3PQPQpexYafmis
c:\windows\system32\3PQPQpexYafmis\00000000000000000000.DLL
c:\windows\system32\3PQPQpexYattis
c:\windows\system32\3PQPQpexYattis\00000000000000000000.DLL
c:\windows\system32\3PUP_lcsQafmis
c:\windows\system32\3PUP_lcsQafmis\00000000000000000000.DLL
c:\windows\system32\4PUPQPPPPPfmis
c:\windows\system32\4PUPQPPPPPfmis\00000000000000000000.DLL
c:\windows\system32\4PUPRPPPPPfmis
c:\windows\system32\4PUPRPPPPPfmis\00000000000000000000.DLL
c:\windows\system32\4PUPSPPPPPfmis
c:\windows\system32\4PUPSPPPPPfmis\00000000000000000000.DLL
c:\windows\system32\4PUPTPQWQattis
c:\windows\system32\4PUPTPQWQattis\00000000000000000000.DLL

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))
.

2009-02-18 08:33 . 2009-02-18 08:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 08:33 . 2009-02-18 08:33 <DIR> d-------- c:\documents and settings\Pieter\Application Data\Malwarebytes
2009-02-18 08:33 . 2009-02-18 08:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-18 08:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 08:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-16 12:07 . 2009-02-16 12:07 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-16 10:19 . 2009-02-16 10:19 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 09:27 . 2009-02-16 09:27 <DIR> d-------- c:\windows\system32\beidpp
2009-02-16 09:27 . 2009-02-16 09:27 <DIR> d-------- c:\program files\Belgium Identity Card
2009-02-12 21:26 . 2009-02-12 21:26 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-10 11:51 . 2009-02-10 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll
2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll
2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll
2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll
2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll
2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll
2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll
2009-01-30 12:57 . 2009-01-30 12:57 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-29 11:58 . 2009-01-29 11:58 65,869 --a------ c:\windows\FontData.fdb
2009-01-29 11:56 . 2009-01-29 11:56 <DIR> d-------- c:\documents and settings\Pieter\Application Data\Corel
2009-01-29 11:56 . 2009-01-29 11:56 3,140 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-29 11:56 . 2009-01-29 11:56 88 -r-hs---- c:\documents and settings\All Users\Application Data\762BC8DE26.sys
2009-01-29 11:54 . 2009-01-29 11:54 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-29 11:54 . 2009-01-29 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-29 11:51 . 2009-01-29 11:51 <DIR> d-------- c:\program files\Corel
2009-01-29 11:51 . 2009-01-29 11:51 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-29 11:15 . 2009-01-29 11:15 <DIR> d-------- c:\program files\NewsLeecher
2009-01-29 11:15 . 2009-02-18 15:24 <DIR> d-------- c:\documents and settings\Pieter\Downloads
2009-01-29 11:15 . 2009-01-29 11:22 <DIR> d-------- c:\documents and settings\Pieter\Application Data\NewsLeecher
2009-01-29 10:20 . 2009-01-29 10:20 <DIR> d-------- c:\program files\QuickTime
2009-01-25 00:14 . 2009-01-25 10:10 <DIR> d-------- c:\documents and settings\Pieter\Application Data\Download Manager
2009-01-23 14:37 . 2009-01-23 15:37 <DIR> d-------- C:\dat
2009-01-22 18:37 . 2009-02-18 17:27 87 --a------ c:\windows\ParrotFlashWiz.INI
2009-01-22 18:31 . 2009-01-22 18:32 <DIR> d-------- c:\program files\Parrot Software Update Tool
2009-01-19 11:56 . 2003-11-18 13:48 65,536 --a------ c:\windows\system32\Dev2K.dll
2009-01-19 11:56 . 2003-01-21 15:43 6,003 -ra------ c:\windows\system32\drivers\FWDH485.INF
2009-01-19 11:56 . 2009-01-19 11:56 277 --a------ c:\windows\regopc.bat
2009-01-19 11:55 . 2009-01-19 11:55 <DIR> d-------- C:\SIEMENS
2009-01-19 11:55 . 2009-01-19 11:55 0 --a------ c:\windows\FwSim.INI
2009-01-19 11:47 . 1998-11-13 13:55 306,688 --a------ c:\windows\IsUn0804.exe
2009-01-19 11:43 . 2001-11-27 14:46 208,896 --a------ c:\windows\ptuninst.exe
2009-01-19 11:39 . 1999-05-04 10:36 43,711 --------- c:\windows\system32\S7ONLINX.VXD
2009-01-19 11:37 . 2009-01-19 11:46 <DIR> d-------- c:\program files\VBSdocs
2009-01-19 11:36 . 2004-02-27 08:23 319,543 --a------ c:\windows\system32\ptuninst.exe
2009-01-19 11:36 . 2001-10-25 19:40 2,908 --a------ c:\windows\system32\KeyboardLayoutsNeu.reg
2009-01-19 11:36 . 2001-10-04 10:44 118 --a------ c:\windows\system32\gl_ce_nt.reg
2009-01-19 10:57 . 2009-01-19 10:57 <DIR> d-------- C:\INTOUCH
2009-01-19 09:49 . 1998-04-27 19:15 570,128 --------- c:\program files\Common Files\dao350.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 20:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 20:26 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-11 23:19 --------- d-----w c:\program files\TomTom HOME
2009-01-30 11:57 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 11:45 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-21 15:37 --------- d-----w c:\program files\Common Files\Siemens
2009-01-21 13:22 --------- d-----w c:\documents and settings\Pieter\Application Data\Autodesk
2009-01-19 11:05 --------- d-----w c:\program files\Siemens
2009-01-16 08:12 --------- d-----w c:\documents and settings\Pieter\Application Data\VanDale
2009-01-09 08:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-09 08:26 --------- d-----w c:\program files\Java
2009-01-07 14:04 4,856 ----a-w c:\windows\system32\drivers\07E8E500.bin
2009-01-07 14:02 32 ----a-w c:\windows\system32\drivers\mshcmd.sys.
2009-01-07 14:02 259,584 ----a-w c:\windows\system32\drivers\XHASP.sys
2009-01-05 12:14 --------- d-----w c:\program files\FastStone Capture
2009-01-05 12:14 --------- d-----w c:\documents and settings\Pieter\Application Data\FastStone
2009-01-04 13:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-03 22:15 --------- d-----w c:\program files\MSXML 4.0
2009-01-03 01:07 --------- d-----w c:\program files\ffdshow
2009-01-02 23:14 --------- d-----w c:\program files\EPLAN
2009-01-02 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\EPLAN
2009-01-02 23:11 191,488 ----a-w c:\windows\system32\hlvdd.dll
2009-01-02 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-02 19:34 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-02 19:34 --------- d-----w c:\program files\AutoCAD 2009
2009-01-02 19:30 --------- d-----w c:\program files\MSBuild
2009-01-02 19:28 --------- d-----w c:\program files\Reference Assemblies
2009-01-02 19:04 --------- d-----w c:\documents and settings\Pieter\Application Data\Nero
2009-01-02 19:02 --------- d-----w c:\program files\Common Files\Nero
2009-01-02 18:47 --------- d-----w c:\program files\Nero
2009-01-02 18:45 --------- d-----w c:\program files\Windows Sidebar
2009-01-02 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-02 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2009-01-02 14:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 14:23 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-02 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-02 10:01 --------- d-----w c:\program files\QuickPar
2009-01-02 10:00 --------- d-----w c:\program files\Webteh
2009-01-02 10:00 --------- d-----w c:\program files\AC3Filter
2009-01-02 09:59 --------- d-----w c:\program files\RealVNC
2009-01-02 01:59 --------- d-----w c:\program files\PKWARE
2009-01-02 01:59 --------- d-----w c:\program files\Common Files\PKWARE
2009-01-02 01:33 --------- d-----w c:\documents and settings\Pieter\Application Data\SIEMENS AG
2009-01-02 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\Siemens
2009-01-02 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Siemens AG
2009-01-02 00:48 --------- d-----w c:\program files\Common Files\OPC Foundation
2009-01-02 00:48 --------- d-----w c:\program files\Common Files\Data Dynamics
2009-01-02 00:38 --------- d-----w c:\program files\Microsoft.NET
2009-01-02 00:36 --------- d-----w c:\program files\OPC Foundation
2009-01-02 00:36 --------- d-----w c:\program files\MSXML 6.0
2009-01-01 10:47 --------- d-----w c:\program files\Common Files\Binaries
2009-01-01 09:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-24 12:43 --------- d-----w c:\program files\VanDale
2008-12-24 12:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-24 12:07 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-24 12:07 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 11:07 --------- d-----w c:\documents and settings\Pieter\Application Data\DAEMON Tools Lite
2008-12-24 10:56 --------- d-----w c:\documents and settings\Pieter\Application Data\DAEMON Tools Pro
2008-12-24 10:56 --------- d-----w c:\documents and settings\Pieter\Application Data\DAEMON Tools
2008-12-24 10:55 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-24 10:55 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-24 10:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-24 10:50 --------- d-----w c:\program files\AVG
2008-12-24 01:23 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-24 00:54 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-24 00:50 --------- d-----w c:\program files\Microsoft Works
2008-12-23 22:53 --------- d-----w c:\program files\Google
2008-12-23 18:37 --------- d-----w c:\program files\Windows Desktop Search
2008-12-23 18:37 --------- d-----w c:\documents and settings\Pieter\Application Data\Windows Desktop Search
2008-12-23 14:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-23 14:25 --------- d-----w c:\program files\CONEXANT
2008-12-23 14:13 --------- d-----w c:\program files\Digital Line Detect
2008-12-23 14:00 --------- d-----w c:\program files\SigmaTel
2008-12-23 13:58 776 ----a-w c:\windows\system32\drivers\sthdae.log
2008-12-23 13:57 --------- d-----w c:\program files\IDT
2008-12-23 13:35 --------- d-----w c:\program files\Dell
2008-12-23 13:35 --------- d-----w c:\documents and settings\Pieter\Application Data\InstallShield
2008-12-23 13:35 --------- d-----w c:\documents and settings\Pieter\Application Data\Dell
2008-12-23 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2008-12-23 13:26 --------- d-----w c:\program files\Intel
2008-12-23 13:24 --------- d-----w c:\program files\O2Micro OZ776 SCR Driver
2008-12-23 13:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-23 13:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-12-23 13:20 --------- d-----w c:\program files\DellTPad
2008-12-23 13:20 --------- d-----w c:\program files\Broadcom
2008-12-23 12:33 --------- d-----w c:\program files\microsoft frontpage
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-16 03:00 33,456 ----a-w c:\windows\system32\u7oPROae.dll
2008-12-16 03:00 33,456 ----a-w c:\windows\system32\u7oPROad.dll
2008-12-16 03:00 33,456 ----a-w c:\windows\system32\u7oPROac.dll
2008-12-16 03:00 33,456 ----a-w c:\windows\system32\u7oPROab.dll
2008-12-16 01:01 57,404 ----a-w c:\windows\system32\u7oSCPax.dll
2008-12-16 01:01 45,116 ----a-w c:\windows\system32\u7oUSSax.dll
2008-12-16 01:01 45,116 ----a-w c:\windows\system32\u7oPROax.dll
2008-12-16 01:01 33,456 ----a-w c:\windows\system32\u7oPROaa.dll
2008-12-15 22:11 32,768 ----a-w c:\windows\system32\u7by01ax.dll
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-04-14 17:02 1,037,312 --sh--r c:\windows\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WinCC flexible Smart Start"="c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" [2008-08-02 114688]
"S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2008-07-15 102453]
"simpcmon"="c:\program files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe" [2007-08-21 110667]
"Stationmanager"="c:\program files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe" [2007-12-12 520192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-29 413696]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 12:57 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-17 03:03 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"c:\\WINDOWS\\system32\\s7otbxsx.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\Miniweb.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbeng9.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\EPLAN\\Electric P8\\1.9.6\\BIN\\W3u.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-05 325128]
R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [2008-05-20 1146880]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 CCAgent;CCAgent;c:\program files\Common Files\Siemens\ace\bin\CCAgent.exe [2008-04-28 344064]
R2 CCEServer;CCEServer;c:\program files\Common Files\Siemens\ace\bin\CCEServer.exe [2008-04-28 237568]
R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [2007-06-25 266240]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2007-06-25 28363]
R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 RedundancyControl;RedundancyControl;c:\program files\Common Files\Siemens\ace\bin\RedundancyControl.exe [2008-04-28 393216]
R2 RedundancyState;RedundancyState;c:\program files\Common Files\Siemens\ace\bin\RedundancyState.exe [2008-04-28 180224]
R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [2008-07-14 69685]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [2008-07-03 77312]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2008-07-03 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [2008-07-03 31232]
R2 s7otsadx;s7otsadx;c:\windows\system32\drivers\s7otsadx.sys [2008-07-03 170496]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2007-07-30 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2008-07-03 240712]
R2 SCSMonitor;SCSMonitor;c:\program files\Common Files\Siemens\ace\bin\SCSMX.exe [2008-04-28 159744]
R2 sim9sync;SIMATIC NET Synchronization Service;c:\program files\Common Files\Siemens\SimNetCom\sim9sync.exe [2007-08-21 131072]
R2 SIMATIC NET Configuration Server;SIMATIC NET Configuration Server;c:\program files\Siemens\SIMATIC.NET\opc2\bincfg\scorecfg.exe [2007-09-03 430158]
R2 SIMATIC NET Configuration Service;SIMATIC NET Configuration Service;c:\program files\Siemens\SIMATIC.NET\opc2\bincfg\sservcfg.exe [2007-09-03 1028174]
R2 SIMATIC NET P&P Manager;SIMATIC NET P&P Manager;c:\program files\Siemens\SIMATIC.NET\SimNetCom\SimNetPnpMan.exe [2007-08-21 364612]
R2 SIMATIC NET RouteManager;SIMATIC NET Route Manager;c:\program files\Common Files\Siemens\S7wnrmsx\s7wnrmsx.exe [2007-12-12 356412]
R2 SSCService;SIMATIC Security Control Service;c:\program files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [2007-07-17 339968]
R2 StatMgr;SIMATIC NET Station Manager;c:\program files\Common Files\Siemens\S7wnsmsx\s7wnsmsx.exe [2007-12-12 516096]
R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [2007-11-05 115654]
R3 fwkbd;fwkbd;c:\windows\system32\drivers\FwKbd.sys [2009-01-19 2976]
R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [2008-08-01 5632]
R3 S7o5512x;SIMATIC CP 5512;c:\windows\system32\drivers\S7o5512x.sys [2007-08-28 216064]
R3 S7osobux;SIMATIC SoftBus;c:\windows\system32\drivers\S7osobux.sys [2008-07-03 133120]
S3 CCEClient;CCEClient;c:\program files\Common Files\Siemens\ace\bin\CCEClient.exe [2008-04-28 262144]
S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [2007-08-21 64286]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2008-07-03 124928]
S3 s7outs2x;SIMATIC TS Adapter II Driver;c:\windows\system32\drivers\s7outs2x.sys [2007-08-29 12333]
S3 SIMATIC NET Core Server DP;SIMATIC NET Core Server DP;c:\program files\Siemens\SIMATIC.NET\opc2\binDP\scoredp.exe [2007-08-21 704588]
S3 SIMATIC NET Core Server DP2;SIMATIC NET Core Server DP2;c:\program files\Siemens\SIMATIC.NET\opc2\bindp2\scoredp2.exe [2007-08-21 532558]
S3 SIMATIC NET Core Server FDL;SIMATIC NET Core Server FDL;c:\program files\Siemens\SIMATIC.NET\opc2\binFDL\scorefdl.exe [2007-08-21 602190]
S3 SIMATIC NET Core Server FMS;SIMATIC NET Core Server FMS;c:\program files\Siemens\SIMATIC.NET\opc2\binFMS\scorefms.exe [2007-08-21 622670]
S3 SIMATIC NET Core Server PD;SIMATIC NET Core Server PD;c:\program files\Siemens\SIMATIC.NET\opc2\binpd\scorepd.exe [2007-08-21 589900]
S3 SIMATIC NET Core Server PROFINET CbA;SIMATIC NET Core Server PROFINET CbA;c:\program files\Siemens\SIMATIC.NET\opc2\binPN\scorepn.exe [2007-08-21 643148]
S3 SIMATIC NET Core Server PROFINET IO;SIMATIC NET Core Server PROFINET IO;c:\program files\Siemens\SIMATIC.NET\opc2\binpnio\scorepnio.exe [2007-08-21 626768]
S3 SIMATIC NET Core Server S7;SIMATIC NET Core Server S7;c:\program files\Siemens\SIMATIC.NET\opc2\binS7\scores7.exe [2007-08-21 925772]
S3 SIMATIC NET Core Server SNMP;SIMATIC NET Core Server SNMP;c:\program files\Siemens\SIMATIC.NET\opc2\binsnmp\scoresnmp.exe [2007-08-21 716880]
S3 SIMATIC NET Core Server SR;SIMATIC NET Core Server SR;c:\program files\Siemens\SIMATIC.NET\opc2\binSR\scoresr.exe [2007-08-29 688204]
S3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2009-01-07 259584]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.standaard.be/
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 19:54:56
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-02-18 19:56:42
ComboFix-quarantined-files.txt 2009-02-18 18:56:39

Pre-Run: 45.179.056.128 bytes beschikbaar
Post-Run: 49,451,261,952 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional ²" /noexecute=optin /fastdetect

360 --- E O F --- 2009-02-12 20:31:29

Juisterr

Legacy Member
Heeft U ook een nieuw HJT logje ter controle aub, en vertel gelijk even of het al beter gaat.

Violator

Legacy Member
Aub.

Kheb nog maar één keer opnieuw opgestart maar het gaat iederdaad beter. Geen mijn documenten meer die keer. Opstarten duurt nog wel lang, maar misschien ligt dit aan al de services die opgestart moeten worden.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:27, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe
C:\WINDOWS\system32\S7OTBXSX.EXE
C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe
C:\Program Files\Siemens\Step7\s7bin\s7acmgrx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Transfer\TransferTool.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" /startup
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/44.09/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230040224062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...3/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe
O23 - Service: CCEClient - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RedundancyControl - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
O23 - Service: RedundancyState - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: SCSMonitor - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
O23 - Service: SIMATIC NET Synchronization Service (sim9sync) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PROFINET CbA - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server PROFINET IO - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpnio\scorepnio.exe
O23 - Service: SIMATIC NET Core Server S7 - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - SIEMENS AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager (SIMATIC NET RouteManager) - SIEMENS AG - C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SIMATIC Security Control Service (SSCService) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
O23 - Service: SIMATIC NET Station Manager (StatMgr) - Siemens AG - C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15719 bytes

Juisterr

Legacy Member
die dingen van siemens bedoeld u, weet u waar die van zijn ?

Violator

Legacy Member
Jup,

Siemens Step7, WinCC Flexible en Simatic NET software.

Laptop dient grotendeels om Siemens PLC's te programmeren.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan