axel321

ik denk dat je miss het beste eerst is hijackthis download dat is iets waarmee je vanalles kunt op zien ze gebruiken het hier toch bijna altijd en het is niet echt slecht om het op uw pc te zetten zodat KAPE u drekt kan verder helpen dit berichtje komt van hier dus is veilig Hijackthis logje maken Download Trend Micro Hijack This Dubbelklik op HJTInstall.exe Hijackthis wordt nu op je PC geïnstalleerd, een snel koppeling wordt op je bureaublad geplaatst HijackThis zal openen na het installeren. Klik op "Do a systemscan and save a logfile". Er opent een Kladblok venster, houd gelijkt tijdig de CTRL en A toets ingedrukt, nu is alles geselecteerd. Houd gelijkt tijdig de CTRL en C toets ingedrukt, nu is alles gekopieerd. Log in op het forum en klik hier op "nieuw onderwerp" Voorzie dat van een Titel en een omschrijving van je probleem, vertel ook wat je al wel heb gedaan en wat je niet kon doen. Plak nu het HJT logje in je bericht door CTRL-V NB. gebruikers met Windows Vista zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

als je denkt dat er miss een er nog een virus zit dan zou ik hijackthis downloaden het lijkt me nooit slecht om dat op uw pc te zetten

wel combofix is verwijderd ik heb ccleaner laten werken en ik heb een nieuwe herstelpunt aangemaakt ik dacht dat je combofix op je pc moets laten staan net zo als ccleaner marja als het niet meer op mijn pc staad dan kan er ook niet veel mis gaan wel heel hartelijk bedankt voor uw geduld best vervelend als een tiener zich verveeld he ik heb nu dingen gedaan die ik nooit van tervoren kende of wiets

wel nu niet maar de eerste keer dat ik het combofix heb binnen gehaald en de voleedige download voleedig was kreeg ik wel problemen op alles wat ik aan klikte ik kon niets meer doen en bij de tweede keer het switch had ik dat ook dan moet ik elkens keer pc pc afsluiten en dan is er niets meer aan de hand is dit normaal ?

oke hier is de nieuwe als het is gelukt wand na het uitvoeren van dat ding kreeg ik op alles wat ik aan klikte de bewering is ongeldig omdat hij gemareerd is als verwijderen wel zo iets ongeveer dat kwam als ik op het internet klikte op word paint maar dat bij computer kwam dat niet dan heb ik de pc moeten afsluiten nu hoop ik dat het heefd gewerkt ComboFix 09-08-10.06 - sabaj 17/08/2009 17:59.3.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1983 [GMT 2:00] Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\sabaj\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))) . 2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\sabaj\AppData\Local\temp 2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-08-17 16:07 . 2009-08-17 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-17 10:02 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG.SYS 2009-08-17 10:02 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX15.SYS 2009-08-17 10:02 . 2009-04-15 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG32.DLL 2009-08-17 10:02 . 2009-04-15 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX32A.DLL 2009-08-17 10:02 . 2009-04-15 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\EECTRL.SYS 2009-08-17 10:02 . 2009-04-15 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ECMSVR32.DLL 2009-08-17 10:02 . 2009-04-15 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\CCERASER.DLL 2009-08-17 10:02 . 2009-04-15 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ERASER.SYS 2009-08-12 12:02 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 12:02 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-12 12:02 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 12:02 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-12 12:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 12:01 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 12:01 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 12:01 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 12:01 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-12 12:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 12:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-07-31 07:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-31 07:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-31 07:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 15:55 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat 2009-08-17 15:55 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat 2009-08-17 15:55 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-17 15:55 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-13 10:39 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help 2009-08-13 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-28 18:33 . 2008-11-21 14:16 -------- d-----w- c:\programdata\CyberLink 2009-07-21 21:52 . 2009-07-29 10:42 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-06-30 13:36 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-26 16:36 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-24 10:07 . 2009-06-24 10:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\WildTangent 2009-06-24 10:07 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent 2009-06-15 15:24 . 2009-07-15 09:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 09:53 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 09:53 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 09:53 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-14 13:55 . 2009-04-16 14:56 106944 ----a-w- c:\users\sabaj\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-13 17:34 . 2009-06-13 17:34 5741 ----a-w- c:\program files\hijackthis.log 2009-06-12 17:47 . 2009-06-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-26 15:52 . 2009-05-26 15:49 167676 ----a-w- c:\windows\hpqins00.dat 2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-08-17_10.34.28 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-08-17 15:50 42976 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-08-17 15:50 92054 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-29 13:26 . 2009-08-17 09:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-29 13:26 . 2009-08-17 15:48 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-29 13:26 . 2009-08-17 09:51 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-29 13:26 . 2009-08-17 15:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-29 13:26 . 2009-08-17 15:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-29 13:26 . 2009-08-17 09:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-04-16 14:47 . 2009-08-17 09:53 7482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909669116-3038768439-1391123093-1000_UserData.bin + 2009-04-16 14:47 . 2009-08-17 15:50 7482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909669116-3038768439-1391123093-1000_UserData.bin + 2009-08-17 15:48 . 2009-08-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-08-17 09:51 . 2009-08-17 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-08-17 09:51 . 2009-08-17 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-08-17 15:48 . 2009-08-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-08-17 15:55 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-08-17 10:17 587178 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-17 15:55 101250 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-08-17 10:17 101250 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C6D2729D-494C-40FC-B23A-AE625D0F31F1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{FD377D93-E596-4C3A-9D27-4577F49B0ACB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{132871EA-9DA8-4493-9010-F58E076B2733}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{04F1C3AD-92DB-44E8-8E2A-F8A0BD41E61E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{79FD76AB-D9E6-4F42-88FC-3C3BEEF889DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{48311FBA-7398-4C3B-8D53-9D11E1F29F83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9C55AD3F-C721-4A78-A818-554C43601287}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{9A231432-D50C-4EFB-8D94-61A2BD4CF9BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{1050392E-B175-4131-8DAA-5164423679FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 1 (0x1) R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [20/04/2009 18:07 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [20/04/2009 18:07 258608] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [20/04/2009 18:06 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12/08/2009 14:02 293424] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [20/04/2009 18:06 115560] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 17:08 365952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/06/2009 22:16 101936] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 16:52 112128] R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 9:30 144672] R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 17:01 269760] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [20/04/2009 18:07 39984] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 15:34 193840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map 2009-08-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-08-17 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dogsoftheseas.com\realm01 Trusted Zone: dogsoftheseas.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-17 18:07 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-08-17 18:11 ComboFix-quarantined-files.txt 2009-08-17 16:11 ComboFix2.txt 2009-08-17 10:38 combofix logje.txt 2009-08-17 10:58 Pre-Run: 230.984.232.960 bytes beschikbaar Post-Run: 230.446.796.800 bytes beschikbaar 192 --- E O F --- 2009-08-13 10:40

oke het is opnieuw geinstaleerd en ik heb er nu onmiddelijk een snelkoppeling bij gekregen maar ik heb het logje stom weg verwijderd :-s in plaats van hier op te zetten wel dan wil ik de CFScript.txt. in zetten maar het zegt je wilde CFScript.txt. gebruiken maar CFScript.txt. lijkt verkeerd gespeld te zijn dan annuleerd die de werking van combofix ---------- Post toegevoegd om 11:01 ---------- Vorige post was om 10:56 ---------- wel nee het logje is terug gevonden in de prullebak was vergeten dat we dat ook nog hebben maar het txt bestandje lukt nog niet ComboFix 09-08-10.06 - sabaj 17/08/2009 12:27.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1840 [GMT 2:00] Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))) . 2009-08-17 10:34 . 2009-08-17 10:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-08-17 10:34 . 2009-08-17 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-17 10:02 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG.SYS 2009-08-17 10:02 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX15.SYS 2009-08-17 10:02 . 2009-04-15 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVENG32.DLL 2009-08-17 10:02 . 2009-04-15 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\NAVEX32A.DLL 2009-08-17 10:02 . 2009-04-15 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\EECTRL.SYS 2009-08-17 10:02 . 2009-04-15 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ECMSVR32.DLL 2009-08-17 10:02 . 2009-04-15 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\CCERASER.DLL 2009-08-17 10:02 . 2009-04-15 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090816.022\ERASER.SYS 2009-08-14 10:59 . 2009-08-17 10:34 -------- d-----w- c:\users\sabaj\AppData\Local\temp 2009-08-12 12:02 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 12:02 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-12 12:02 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 12:02 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-12 12:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 12:01 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 12:01 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 12:01 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 12:01 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-12 12:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 12:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-07-31 07:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-31 07:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-31 07:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 10:17 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat 2009-08-17 10:17 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat 2009-08-17 10:17 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-17 10:17 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-13 10:39 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help 2009-08-13 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-28 18:33 . 2008-11-21 14:16 -------- d-----w- c:\programdata\CyberLink 2009-07-21 21:52 . 2009-07-29 10:42 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-06-30 13:36 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-26 16:36 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-24 10:07 . 2009-06-24 10:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\WildTangent 2009-06-24 10:07 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent 2009-06-15 15:24 . 2009-07-15 09:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 09:53 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 09:53 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 09:53 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-14 13:55 . 2009-04-16 14:56 106944 ----a-w- c:\users\sabaj\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-13 17:34 . 2009-06-13 17:34 5741 ----a-w- c:\program files\hijackthis.log 2009-06-12 17:47 . 2009-06-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-26 15:52 . 2009-05-26 15:49 167676 ----a-w- c:\windows\hpqins00.dat 2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C6D2729D-494C-40FC-B23A-AE625D0F31F1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{FD377D93-E596-4C3A-9D27-4577F49B0ACB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{132871EA-9DA8-4493-9010-F58E076B2733}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{04F1C3AD-92DB-44E8-8E2A-F8A0BD41E61E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{79FD76AB-D9E6-4F42-88FC-3C3BEEF889DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{48311FBA-7398-4C3B-8D53-9D11E1F29F83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9C55AD3F-C721-4A78-A818-554C43601287}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{9A231432-D50C-4EFB-8D94-61A2BD4CF9BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{1050392E-B175-4131-8DAA-5164423679FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 1 (0x1) R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [20/04/2009 18:07 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [20/04/2009 18:07 258608] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [20/04/2009 18:06 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12/08/2009 14:02 293424] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [20/04/2009 18:06 115560] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 17:08 365952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/06/2009 22:16 101936] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 16:52 112128] R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 9:30 144672] R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 17:01 269760] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [20/04/2009 18:07 39984] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 15:34 193840] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map 2009-08-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-08-17 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dogsoftheseas.com\realm01 Trusted Zone: dogsoftheseas.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-17 12:34 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-08-17 12:38 ComboFix-quarantined-files.txt 2009-08-17 10:38 Pre-Run: 230.989.664.256 bytes beschikbaar Post-Run: 230.957.432.832 bytes beschikbaar 171 --- E O F --- 2009-08-13 10:40

wel ik heb dan een snelkopeling gemaakt en het doet ook niets of moet dat een snelkopeling zijn die combifix zelf heefd opgezet of maakt dat niets uit of moet ik combifix miss niet verwijderen en opnieuw instaleren ?

wel niet simpel het staad er in maar het doet niets [ATTACH]2628[/ATTACH] ik heb het op het bureaublad opgeslagen en daar in gesleept ik heb wel geen snelkopeleing van combifix heefd dat er ook iets mee te maken ? ik ben een lastpak mag je wel zeggen :-p

ik heb het idd niet via de snelkopeling gedaan op het bureaublad gedaan maar ik heb het via gebreukersnaam gedaan en dan via downloads wat ik nu gedaan heb kan dat kwaad ? dit is het loge van combifox ComboFix 09-08-10.06 - sabaj 14/08/2009 12:48.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1923 [GMT 2:00] Gestart vanuit: c:\users\sabaj\Downloads\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1909669116-3038768439-1391123093-500 c:\$recycle.bin\S-1-5-21-2135842843-1020755630-1321821035-500 c:\windows\Installer\205a5.msi c:\windows\Installer\205a9.msi c:\windows\Installer\205ad.msi c:\windows\Installer\205b1.msi c:\windows\Installer\205b5.msi c:\windows\Installer\205bd.msi c:\windows\Installer\286d56.msi . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))) . 2009-08-14 10:01 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\NAVENG.SYS 2009-08-14 10:01 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\NAVEX15.SYS 2009-08-14 10:01 . 2009-04-15 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\NAVENG32.DLL 2009-08-14 10:01 . 2009-04-15 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\NAVEX32A.DLL 2009-08-14 10:01 . 2009-04-15 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\ERASER.SYS 2009-08-14 10:01 . 2009-04-15 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\EECTRL.SYS 2009-08-14 10:01 . 2009-04-15 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\ECMSVR32.DLL 2009-08-14 10:01 . 2009-04-15 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090813.022\CCERASER.DLL 2009-08-12 12:02 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 12:02 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-12 12:02 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 12:02 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 12:02 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-12 12:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 12:01 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 12:01 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 12:01 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 12:01 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-12 12:01 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 12:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-07-31 07:21 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-31 07:21 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-31 07:21 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-31 07:21 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 09:56 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat 2009-08-14 09:56 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat 2009-08-14 09:56 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-14 09:56 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-13 10:39 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help 2009-08-13 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-28 18:33 . 2008-11-21 14:16 -------- d-----w- c:\programdata\CyberLink 2009-07-21 21:52 . 2009-07-29 10:42 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-06-30 13:36 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-25 11:08 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-26 16:36 . 2009-07-25 11:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-24 10:07 . 2009-06-24 10:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\WildTangent 2009-06-24 10:07 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent 2009-06-15 15:24 . 2009-07-15 09:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 09:53 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 09:53 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 09:53 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-14 13:55 . 2009-04-16 14:56 106944 ----a-w- c:\users\sabaj\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-13 17:34 . 2009-06-13 17:34 5741 ----a-w- c:\program files\hijackthis.log 2009-06-12 17:47 . 2009-06-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-26 15:52 . 2009-05-26 15:49 167676 ----a-w- c:\windows\hpqins00.dat 2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C6D2729D-494C-40FC-B23A-AE625D0F31F1}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{FD377D93-E596-4C3A-9D27-4577F49B0ACB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{132871EA-9DA8-4493-9010-F58E076B2733}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{04F1C3AD-92DB-44E8-8E2A-F8A0BD41E61E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{79FD76AB-D9E6-4F42-88FC-3C3BEEF889DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{48311FBA-7398-4C3B-8D53-9D11E1F29F83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9C55AD3F-C721-4A78-A818-554C43601287}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{9A231432-D50C-4EFB-8D94-61A2BD4CF9BE}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster "{1050392E-B175-4131-8DAA-5164423679FC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 1 (0x1) R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [20/04/2009 18:07 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [20/04/2009 18:07 258608] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [20/04/2009 18:06 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12/08/2009 14:02 293424] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4:23 21504] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [20/04/2009 18:06 115560] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 17:08 365952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/06/2009 22:16 101936] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 16:52 112128] R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 9:30 144672] R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 17:01 269760] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [20/04/2009 18:07 39984] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 15:34 193840] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map 2009-08-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-08-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dogsoftheseas.com\realm01 Trusted Zone: dogsoftheseas.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-14 12:55 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-08-14 12:59 ComboFix-quarantined-files.txt 2009-08-14 10:59 Pre-Run: 230.958.002.176 bytes beschikbaar Post-Run: 230.915.506.176 bytes beschikbaar 179 --- E O F --- 2009-08-13 10:40

ha nee ik heb het gevonden het lag aan mij :-p het was al opgeslagen bij de gebruikers naam bij downloads daar moets ik op klikken die stap had ik even overgeslagen :-p dit is het nieuwe logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:21, on 14/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://realm01.dogsoftheseas.com O15 - Trusted Zone: Dogs of the Seas - Homepage | Online Pirate game, Massively Multiplayer Online Pirate Playing Game, free play109 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 4664 bytes waarom zie ik die c Program Files pas wanneer ik de log opslaag ? of is dat normaal en er zijn 04 lijntjes verdwenen of stel ik me er gewoon te veel vragen bij :-p dat kan ook

wel ik weet niet of ik het nu heb wand eerst krijg ik beveiliginsvragen zo van onbekende uitgever wel ik klik op door gaan en tijdens het dounloaden krijg ik dit [ATTACH]2621[/ATTACH] en dan stop alles dus :-s heb ik iets verkeerd gedaan ik zou niet weten wat ik kan nog niet eens zeggen van opslaan als of die naam veranderen zo ver komt die niet

die twee RO lijntje krijg ik niet weg marja zo als je zegt het kan toch geen kwaad en de npggsvc krijg ik ook niet weg nu mijn laptop heefd nu wel geen problemen maar ik wilde gewoon ze weg hebben maar nu wil weten waarom ik de npggsvc niet weg krijg blokeerd een programma? dat miss zit daar een virus aan vast ? is daar geen andere manier om hem weg te krijgen ?

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) dat dacht ik dat die mogen gewist worden

hier is al vast een logje ik weet dat er dingen zijn die gewist mogen worden maar als ik op fix klikt dan krijg ik dit [ATTACH]2609[/ATTACH] ik heb ccleaner de nieuwe versie Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:13, on 12/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://realm01.dogsoftheseas.com O15 - Trusted Zone: Dogs of the Seas - Homepage | Online Pirate game, Massively Multiplayer Online Pirate Playing Game, free play109 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5651 bytes al vast bedankt

ha dank je wel ik hoopte dat is iets op de laptop kon laden maar nu weet ik het zeker dat ik dan is naar de winkel moet gaan maar ik ga nog even afwachten wel meer moet ik niet weten dan zal ik dit als opgelsot markeren

ik heb soms problemen met het internet soms kan ik hoe dan ook niet op het internet ik heb een laptop en draadloos ik zie 4 lampjes branden op dat modem ding en soms brand online niet ligt dat nu aan de modem of kan het nog ergens anders aan liggen kan miss zijn dat ik drekt niet kan antwoorden dan heb ik weer geen internet mvg ikke

ik heb hier ook een vraagje over mag O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe die ook weg? ik lees zo is regelmatig htjlogjes na niet dat ik er iets van ken :-p maar ik wilde het wel is weten al bundy natuurlijk nog niet verwijderen zonder dat kape het heeft gezecht he

oke ik dacht dat er iets aan de hand was omdat er zo veel van dat spel op stond vals alarm dan wel hartelijk bedankt dan zal ik dit dan maar als opgelost klikken

cclaener heb ik al dan zal ik die is laten werken maar wat bedoel je met cookies staan die niet bij browsegeschiedenis ?

mijn broer speelt een spel op het internet ik wil dat ook spelen maar wiest de naam niet van het spel dus dacht ik als ik het ga op zoeken bij tijdelijke internetbestanden dat ik de web wel weer terug vind ik heb de weg wel gevonden maar het staad er ik weet niet hoeveel van op ja kan zien aan het schuif balk tot hoe ver het gaat het spel noemt dogofthesea nu is de vraag of dit kwaad kan en waarom vin ik niet alle webpaginas die ik bezocht heb er op terug vind hier een schreenschotje [ATTACH]2268[/ATTACH] al vast bedankt

neen met fix doet die het ook niet dan zal het niets zijn denk ik :-s merja het is niet dat het problemen zal brengen he is er nog iets dat ik kan doen ?

oke maar het staad er nog kan ik het ook niet met fix

oke dat heb ik ingetypt als je bij npggsvc dit bedoeld O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) wel die staad er nog merja de pc is toch al wat op ge kuist heel hartelijk bedankt voor de hulp dit mag gesloten worden denk ik he

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:34:50, on 13/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Downloads - Programmadownloads zijn gecheckt tegen virus en spyware R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://realm01.dogsoftheseas.com O15 - Trusted Zone: Dogs of the Seas - Homepage | Online Pirate game, Massively Multiplayer Online Pirate Playing Game, free play109 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5740 bytes

maar die bios heb ik niet meer nodig mij pc valt al even niet meer uit ik denk dat het zo wel opgelost is toch hartelijk bedankt voor de hulp allemaal