redcliff
-
Items
70 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door redcliff
-
-
dat zal ik niet zelf kunnen oplossen zeker
-
heb hem afgesloten en terug opgestart maar bleef weer hangen terug de stekker moeten uitrekken dan start hij op .
-
scan is gedaan
---------- Post toegevoegd om 13:35 ---------- Vorige post was om 13:34 ----------
ga dat nu uittesten
-
de scan is voltooid maar er is niets uitgekomen denk dus dat alles in orde is
-
oke ga het doen laat wel iets weten als het in orde is
-
ja zal ze nemen maar wat moet ik doen als de cd van windows iets vraagt
-
jammer maar is niet opgelost.
soms start de pc gewoon op maar als ik hem dan na een tijd afsluit en een paar uur nadien weer wil opstarten ,dan krijg ik het scherm van windows xp met logo en die blauwe balkes .die balkjes beginnen dan te lopen maar stoppen dan ineens en blijven hangen.
als ik dan de stekker van de pc uittrek en terug insteek krijg ik wel een tekst van windows is niet goed afgesloten .en kan ik kiezen uit veilige modus of normaal opstarten ik kies dan normaal opstarten en dan doet hij dat direkt .
vervelend dat ik altijd eerst de stekker dan moet uittrekken
wat me opvalt is als ik hem voor het eerst opstart bvb smorgens dan doet hij het altijd
-
ComboFix 09-11-18.06 - Chris 18/11/2009 11:34.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1367 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Chris\Bureaublad\CFScript.txt..txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
"c:\windows\system32\3E.tmp"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\12148
c:\documents and settings\All Users\Application Data\12148\{D2F18318-4592-4BA5-9F61-E8BA4E39BD64}.swf
c:\documents and settings\Chris\Local Settings\Application Data\BearShare
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Artwork\wEih86UbZfo.tmp
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Creatives.xml
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\10.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1040.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1043.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1044.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1050.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1054.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1055.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1057.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1058.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1060.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1062.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1063.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\1070.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\11.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\12.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\13.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\14.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\15.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\16.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\17.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\18.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\19.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\2.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\20.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\21.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\22.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\23.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\24.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\25.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\26.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\27.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\28.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\29.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\3.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\30.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\31.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\32.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\33.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\34.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\35.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\36.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\37.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\38.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\4.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\5.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\6.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\7.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\8.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\CreativesFiles\9.gif
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\Cddb.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\ContentDirs.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\ContentFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\DownloadFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\PartsHashes.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\Playlists.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\BackUp\VirtualFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\Cddb.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\ContentDirs.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\ContentFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\DownloadFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\PartsHashes.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\Playlists.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\Data\VirtualFile.db
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\player.swf
c:\documents and settings\Chris\Local Settings\Application Data\BearShare\shistory.im
c:\program files\BearShare Applications
c:\program files\BearShare Applications\BearShare\ammp3.dll
c:\program files\BearShare Applications\BearShare\avcodec-51.dll
c:\program files\BearShare Applications\BearShare\avformat-51.dll
c:\program files\BearShare Applications\BearShare\avutil-49.dll
c:\program files\BearShare Applications\BearShare\BearShare.exe
c:\program files\BearShare Applications\BearShare\BerkeleyLoader.dll
c:\program files\BearShare Applications\BearShare\DiscoveryHelper.dll
c:\program files\BearShare Applications\BearShare\FFPage.exe
c:\program files\BearShare Applications\BearShare\FixAudioDriverSignature.reg
c:\program files\BearShare Applications\BearShare\GIFAnimator.dll
c:\program files\BearShare Applications\BearShare\HTML\error.html
c:\program files\BearShare Applications\BearShare\HTML\Images\bg-top.jpg
c:\program files\BearShare Applications\BearShare\HTML\loading.html
c:\program files\BearShare Applications\BearShare\HTML\noInternet.html
c:\program files\BearShare Applications\BearShare\HTML\offline.html
c:\program files\BearShare Applications\BearShare\HTML\Recommendation_Offline.html
c:\program files\BearShare Applications\BearShare\ImageUploader5.ocx
c:\program files\BearShare Applications\BearShare\IMTrProgress.dll
c:\program files\BearShare Applications\BearShare\IMWebControl.dll
c:\program files\BearShare Applications\BearShare\INSTALL.LOG
c:\program files\BearShare Applications\BearShare\InstallHelper.dll
c:\program files\BearShare Applications\BearShare\Launcher.exe
c:\program files\BearShare Applications\BearShare\libungif4.dll
c:\program files\BearShare Applications\BearShare\lic_helper.dll
c:\program files\BearShare Applications\BearShare\license.txt
c:\program files\BearShare Applications\BearShare\NCTAudioCDGrabber2.dll
c:\program files\BearShare Applications\BearShare\NCTAudioCDWriter2.dll
c:\program files\BearShare Applications\BearShare\NCTAudioCompress3.dll
c:\program files\BearShare Applications\BearShare\NCTAudioFile3.dll
c:\program files\BearShare Applications\BearShare\NCTAudioFileWMA3.dll
c:\program files\BearShare Applications\BearShare\NCTAudioFormatSettings3.dll
c:\program files\BearShare Applications\BearShare\NCTDataCDWriter2.dll
c:\program files\BearShare Applications\BearShare\ResourcesLOC.dll
c:\program files\BearShare Applications\BearShare\Shw32.dll
c:\program files\BearShare Applications\BearShare\Skins\Default.skn
c:\program files\BearShare Applications\BearShare\Skins\Default.xml
c:\program files\BearShare Applications\BearShare\Skins\Images\DefArtwork.jpg
c:\program files\BearShare Applications\BearShare\Skins\Images\DefFemale.gif
c:\program files\BearShare Applications\BearShare\Skins\Images\DefMale.gif
c:\program files\BearShare Applications\BearShare\Skins\Images\FriendshipNotif.jpg
c:\program files\BearShare Applications\BearShare\Skins\Images\SendPlaylist.jpg
c:\program files\BearShare Applications\BearShare\Skins\Images\TAFLogo.PNG
c:\program files\BearShare Applications\BearShare\Skins\Images\ToGoLogo.PNG
c:\program files\BearShare Applications\BearShare\Skins\PS.exe
c:\program files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz
c:\program files\BearShare Applications\BearShare\Skins\Settings.xml
c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
c:\program files\BearShare Applications\BearShare\UninstallUsers.exe
c:\program files\BearShare Applications\BearShare\UNWISE.EXE
c:\program files\BearShare Applications\BearShare\UnwiseLauncher.exe
c:\program files\BearShare Applications\BearShare\UpdateInst.exe
c:\program files\BearShare Applications\BearShare\WMAProfiles.prx
c:\program files\BearShare Applications\BearShare\WMHelper.dll
c:\program files\BearShare Applications\BearShare\WMHelper.log
c:\windows\system32\3E.tmp
c:\windows\system32\d3dx9_3232.dll
c:\windows\system32\LocalService
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-18 to 2009-11-18 ))))))))))))))))))))))))))))))
.
2009-11-18 10:20 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\ECMSVR32.DLL
2009-11-18 10:20 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\CCERASER.DLL
2009-11-18 10:20 . 2009-08-27 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\NAVENG.SYS
2009-11-18 10:20 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\EECTRL.SYS
2009-11-18 10:20 . 2009-08-27 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\NAVENG32.DLL
2009-11-18 10:20 . 2009-08-27 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\NAVEX32A.DLL
2009-11-18 10:20 . 2009-08-27 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\NAVEX15.SYS
2009-11-18 10:20 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.049\ERASER.SYS
2009-11-17 13:40 . 2009-11-17 13:40 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-15 08:50 . 2009-11-15 08:50 -------- d-----w- c:\documents and settings\Chris\Application Data\blg
2009-11-15 08:50 . 2009-11-15 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-11-13 09:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 09:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 09:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 09:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 09:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-12 13:13 . 2009-11-18 10:30 -------- d--h--r- c:\documents and settings\Chris\Onlangs geopend
2009-11-11 09:56 . 2009-11-11 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\1C148
2009-11-04 15:55 . 2009-11-04 15:55 -------- d-----w- c:\documents and settings\Chris\Application Data\URSE Games
2009-11-04 15:03 . 2009-11-04 15:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-28 13:11 . 2009-10-28 13:11 123392 ----a-w- c:\windows\system32\D3DX9_3832.dll
2009-10-27 19:15 . 2009-10-27 19:15 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-26 10:32 . 2009-10-26 10:32 -------- d-----w- c:\documents and settings\Chris\Application Data\Big Fish Games
2009-10-22 09:22 . 2009-10-22 09:22 -------- d-----w- c:\documents and settings\Chris\Application Data\TitanicMystery
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 10:42 . 2009-10-07 10:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-18 10:42 . 2009-10-07 10:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-18 10:09 . 2009-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-16 14:30 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat
2009-11-16 14:30 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat
2009-11-16 10:45 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 12:19 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 10:21 . 2009-03-29 17:57 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-04 15:04 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java
2009-11-02 09:56 . 2009-09-17 11:16 -------- d-----w- c:\documents and settings\Chris\Application Data\Merscom
2009-11-02 09:56 . 2009-09-17 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-30 10:24 . 2009-04-17 13:39 -------- d-----w- c:\documents and settings\Chris\Application Data\SpinTop Games
2009-10-29 09:42 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire
2009-10-24 15:59 . 2009-04-06 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-10-15 12:24 . 2009-10-15 12:24 -------- d-----w- c:\documents and settings\Chris\Application Data\Flood Light Games
2009-10-15 12:24 . 2009-10-15 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-10-15 09:50 . 2009-04-30 09:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 08:37 . 2009-10-11 08:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Ph03nixNewMedia
2009-10-11 03:17 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 06:44 . 2009-10-09 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-10-08 18:09 . 2009-10-07 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-07 10:47 . 2009-10-07 10:47 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 10:41 . 2009-10-07 10:38 -------- d-----w- c:\program files\Logitech
2009-10-07 10:41 . 2009-10-07 10:41 -------- d-----w- c:\documents and settings\Chris\Application Data\Leadertech
2009-10-07 10:40 . 2009-10-07 10:38 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-06 18:37 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst
2009-10-06 18:37 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-10-06 17:25 . 2009-10-06 17:25 -------- d-----w- c:\documents and settings\Chris\Application Data\URSoft
2009-10-04 10:40 . 2009-10-04 10:40 -------- d-----w- c:\documents and settings\Chris\Application Data\Magic Academy 2
2009-10-01 11:19 . 2009-03-31 16:54 -------- d-----w- c:\program files\Windows Live
2009-10-01 11:17 . 2009-03-31 16:54 -------- d-----w- c:\program files\Microsoft
2009-09-28 09:00 . 2009-09-28 09:00 -------- d-----w- c:\documents and settings\Chris\Application Data\FlyWheelGames
2009-09-26 13:06 . 2009-09-26 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-09-25 15:38 . 2009-09-25 15:38 -------- d-----w- c:\documents and settings\Chris\Application Data\ERS G-Studio
2009-09-25 10:43 . 2009-09-25 10:43 -------- d-----w- c:\documents and settings\Chris\Application Data\SecretIslandEng
2009-09-11 14:20 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 09:20 . 2009-04-01 01:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-11 09:20 . 2009-04-01 01:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-11 09:20 . 2008-01-29 10:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 09:20 . 2008-01-29 10:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-04 21:05 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 08:13 . 2009-04-01 01:32 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-16_11.04.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 10:11 . 2009-11-18 10:11 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2009-11-18 10:42 . 2009-11-18 10:42 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat
- 2004-08-04 12:00 . 2009-10-25 08:27 68606 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-11-16 14:30 68606 c:\windows\system32\perfc009.dat
+ 2009-11-17 13:40 . 2009-11-17 13:40 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-08-10 11:32 . 2009-08-10 11:41 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-07-26 08:06 . 2009-11-17 10:24 6308 c:\windows\system32\Restore\rstrlog.dat
- 2004-08-04 12:00 . 2009-10-25 08:27 435710 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-11-16 14:30 435710 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [9/09/2009 8:50 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [9/09/2009 8:50 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [9/09/2009 8:50 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [13/11/2009 10:57 329592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 10:28 54752]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [9/09/2009 8:49 117640]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 10:18 202016]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 22:57 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 9:00 102448]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mbr
.
Inhoud van de 'Gedeelde Taken' map
2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-11-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-11-18 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.jansmit.com/index/?/nl/index.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: minatica.be\www
Trusted Zone: onlinehelpdesk.be\www
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-18 11:42
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1496)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Voltooingstijd: 2009-11-18 11:45 - machine werd herstart
ComboFix-quarantined-files.txt 2009-11-18 10:45
ComboFix2.txt 2009-11-16 11:08
ComboFix3.txt 2009-08-22 17:17
Pre-Run: 359.166.480.384 bytes beschikbaar
Post-Run: 359.145.103.360 bytes beschikbaar
- - End Of File - - 85D7D41B6310410AF046D0C273EAD4F8
ga alles nu een paar dagen testen en laat dan iets weten of alles oke is
bedankt
groetjes
-
ik kreeg wel dit toen Combofix bezig was .
boot partitie kan niet correct opgeteld worden.
heb dan op oke gedrukt en is verder gegaan hier mijn log
ComboFix 09-11-16.05 - Chris 16/11/2009 11:57.3.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1463 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Application Data\02000000046c88a9684C.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9684O.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9684P.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9684S.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9691C.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9691O.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9691P.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9691S.manifest
c:\documents and settings\Chris\Application Data\Desktopicon
c:\documents and settings\Chris\Application Data\Desktopicon\config.ini
c:\documents and settings\Chris\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\system32\LocalService\329.crack.zip
c:\windows\system32\LocalService\329.crack.zip.kwd
c:\windows\system32\LocalService\330.keygen.zip
c:\windows\system32\LocalService\330.keygen.zip.kwd
c:\windows\system32\LocalService\331.serial.zip
c:\windows\system32\LocalService\331.serial.zip.kwd
c:\windows\system32\LocalService\332.setup.zip
c:\windows\system32\LocalService\332.setup.zip.kwd
c:\windows\system32\LocalService\333.music.au
c:\windows\system32\LocalService\333.music.au.kwd
c:\windows\system32\LocalService\334.music2.au
c:\windows\system32\LocalService\334.music2.au.kwd
c:\windows\system32\LocalService\335.music3.au
c:\windows\system32\LocalService\335.music3.au.kwd
c:\windows\system32\LocalService\336.music4.au
c:\windows\system32\LocalService\336.music4.au.kwd
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))))
.
2009-11-16 09:03 . 2009-08-27 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\NAVENG.SYS
2009-11-16 09:03 . 2009-08-27 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\NAVENG32.DLL
2009-11-16 09:03 . 2009-08-27 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\NAVEX32A.DLL
2009-11-16 09:03 . 2009-08-27 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\NAVEX15.SYS
2009-11-16 09:03 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\ECMSVR32.DLL
2009-11-16 09:03 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\CCERASER.DLL
2009-11-16 09:03 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\EECTRL.SYS
2009-11-16 09:03 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091115.020\ERASER.SYS
2009-11-15 08:50 . 2009-11-15 08:50 -------- d-----w- c:\documents and settings\Chris\Application Data\blg
2009-11-15 08:50 . 2009-11-15 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-11-13 09:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 09:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 09:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 09:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 09:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-12 13:13 . 2009-11-15 09:02 -------- d--h--r- c:\documents and settings\Chris\Onlangs geopend
2009-11-11 09:56 . 2009-11-11 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\1C148
2009-11-04 15:55 . 2009-11-04 15:55 -------- d-----w- c:\documents and settings\Chris\Application Data\URSE Games
2009-11-04 15:03 . 2009-11-04 15:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 09:55 . 2009-11-02 09:56 -------- d-----w- c:\program files\Wisegal - NL
2009-10-29 09:48 . 2009-11-11 10:01 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\BearShare
2009-10-29 09:48 . 2009-10-29 09:48 -------- d-----w- c:\program files\BearShare Applications
2009-10-29 09:27 . 2009-10-29 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\12148
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-28 13:11 . 2009-10-28 13:11 123392 ----a-w- c:\windows\system32\D3DX9_3832.dll
2009-10-27 19:15 . 2009-10-27 19:15 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-26 10:32 . 2009-10-26 10:32 -------- d-----w- c:\documents and settings\Chris\Application Data\Big Fish Games
2009-10-23 09:02 . 2009-11-16 11:02 -------- d-sh--w- c:\windows\system32\LocalService
2009-10-22 09:22 . 2009-10-22 09:22 -------- d-----w- c:\documents and settings\Chris\Application Data\TitanicMystery
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 11:04 . 2009-10-07 10:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-16 11:04 . 2009-10-07 10:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-16 10:45 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 12:19 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 10:21 . 2009-03-29 17:57 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-04 15:04 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java
2009-11-02 09:56 . 2009-09-17 11:16 -------- d-----w- c:\documents and settings\Chris\Application Data\Merscom
2009-11-02 09:56 . 2009-09-17 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-30 10:24 . 2009-04-17 13:39 -------- d-----w- c:\documents and settings\Chris\Application Data\SpinTop Games
2009-10-29 09:42 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire
2009-10-28 13:12 . 2009-10-28 13:12 522240 --sha-w- c:\windows\system32\3E.tmp
2009-10-25 08:27 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat
2009-10-25 08:27 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat
2009-10-24 15:59 . 2009-04-06 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-10-15 12:24 . 2009-10-15 12:24 -------- d-----w- c:\documents and settings\Chris\Application Data\Flood Light Games
2009-10-15 12:24 . 2009-10-15 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-10-15 09:50 . 2009-04-30 09:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 08:37 . 2009-10-11 08:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Ph03nixNewMedia
2009-10-11 03:17 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 06:44 . 2009-10-09 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-10-08 18:09 . 2009-10-07 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-07 10:47 . 2009-10-07 10:47 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 10:41 . 2009-10-07 10:38 -------- d-----w- c:\program files\Logitech
2009-10-07 10:41 . 2009-10-07 10:41 -------- d-----w- c:\documents and settings\Chris\Application Data\Leadertech
2009-10-07 10:40 . 2009-10-07 10:38 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-10-06 18:37 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst
2009-10-06 18:37 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-10-06 17:25 . 2009-10-06 17:25 -------- d-----w- c:\documents and settings\Chris\Application Data\URSoft
2009-10-04 10:40 . 2009-10-04 10:40 -------- d-----w- c:\documents and settings\Chris\Application Data\Magic Academy 2
2009-10-01 11:19 . 2009-03-31 16:54 -------- d-----w- c:\program files\Windows Live
2009-10-01 11:17 . 2009-03-31 16:54 -------- d-----w- c:\program files\Microsoft
2009-09-28 09:00 . 2009-09-28 09:00 -------- d-----w- c:\documents and settings\Chris\Application Data\FlyWheelGames
2009-09-26 13:06 . 2009-09-26 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-09-26 12:40 . 2009-09-26 12:40 121344 ----a-w- c:\windows\system32\d3dx9_3232.dll
2009-09-25 15:38 . 2009-09-25 15:38 -------- d-----w- c:\documents and settings\Chris\Application Data\ERS G-Studio
2009-09-25 10:43 . 2009-09-25 10:43 -------- d-----w- c:\documents and settings\Chris\Application Data\SecretIslandEng
2009-09-11 14:20 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 09:20 . 2009-04-01 01:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-11 09:20 . 2009-04-01 01:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-11 09:20 . 2008-01-29 10:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 09:20 . 2008-01-29 10:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-04 21:05 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 08:13 . 2009-04-01 01:32 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [9/09/2009 8:50 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [9/09/2009 8:50 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [9/09/2009 8:50 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [13/11/2009 10:57 329592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 10:28 54752]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [9/09/2009 8:49 117640]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 10:18 202016]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 22:57 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 9:00 102448]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mbr
.
Inhoud van de 'Gedeelde Taken' map
2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-11-15 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.jansmit.com/index/?/nl/index.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: minatica.be\www
Trusted Zone: onlinehelpdesk.be\www
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-16 12:04
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3796)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Voltooingstijd: 2009-11-16 12:08 - machine werd herstart
ComboFix-quarantined-files.txt 2009-11-16 11:07
ComboFix2.txt 2009-08-22 17:17
Pre-Run: 359.084.769.280 bytes beschikbaar
Post-Run: 359.260.913.664 bytes beschikbaar
- - End Of File - - 21CE3A9D8642570BA0CE212A55C75169
-
mijn pc blijft soms hangen als ik opstart .dan zie ik alleen windows xp staan .en dan loopt het eerst traag en dan blijft het hangen.als ik de stekker dan eens uittrek en opnieuw opstart lukt het wel.
en dan werkt alles goed .ik heb belgacom b-box2 laten aansluiten en sinds dan is dat begonnen.ik ben een leek met pc maar mischien kan iemand me wel helpen.
hierbij mijn log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:37, on 16/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: Minatica.be
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
--
End of file - 7625 bytes
-
heel er bedankt ga dat zeker nog doen
thanks
chris
-
neen alles werkt perfect nu .
alleen staat bij software nog die mirar heb geprobeerd die te verwijderen maar dat gaat niet maar verder geen problemen meer
alvast bedankt en groetjes
-
ComboFix 09-08-21.02 - Chris 22/08/2009 19:11.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1413 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Chris\Bureaublad\CFScript.txt..txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Findbasic
c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe
c:\documents and settings\All Users\Application Data\Hitman Pro
c:\documents and settings\All Users\Application Data\Hitman Pro\Banner.bin
c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.key
c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.lic
c:\program files\Findbasic
c:\program files\Findbasic\findbasic.dll
c:\program files\Findbasic\findbasic.exe
c:\program files\Findbasic\uninstall.exe
c:\program files\MegaSwellAdsForYou
c:\program files\MegaSwellAdsForYou\uninstall.exe
c:\windows\system32\drivers\hitmanpro35.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FINDBASIC_SERVICE
-------\Service_Findbasic Service
(((((((((((((((((((( Bestanden Gemaakt van 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))
.
2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\documents and settings\Chris\Application Data\VSRevoGroup
2009-08-22 14:45 . 2009-08-22 15:07 -------- d-----w- c:\program files\SpywareGuard
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro
2009-08-22 07:04 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG.SYS
2009-08-22 07:04 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX15.SYS
2009-08-22 07:04 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ECMSVR32.DLL
2009-08-22 07:04 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG32.DLL
2009-08-22 07:04 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX32A.DLL
2009-08-22 07:04 . 2009-04-01 01:32 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\EECTRL.SYS
2009-08-22 07:04 . 2009-04-01 01:32 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ERASER.SYS
2009-08-22 07:04 . 2009-04-01 01:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\CCERASER.DLL
2009-08-19 09:03 . 2009-08-20 12:49 -------- d-----w- c:\documents and settings\Chris\Application Data\MysteryStudio
2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\Chris\Application Data\PoBros
2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-12 10:15 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:14 . 2009-08-19 14:31 -------- d--h--w- c:\windows\$hf_mig$
2009-08-12 09:05 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 09:05 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 09:05 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 09:05 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 09:05 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-10 11:41 . 2009-08-10 11:41 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 16:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 16:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 16:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 16:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 16:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 16:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 16:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 08:03 . 2009-08-05 08:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 13:44 . 2009-08-04 13:44 -------- d-----w- c:\documents and settings\Chris\Application Data\she_is_a_shadow
2009-08-03 12:13 . 2009-08-03 12:13 -------- d-----w- c:\documents and settings\Chris\Application Data\EleFun Games
2009-07-31 09:26 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-31 09:26 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-31 09:26 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-31 09:26 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-31 09:26 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-29 08:33 . 2009-08-02 10:47 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\TheLostIncaProphecy
2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-07-28 11:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-28 11:54 . 2009-08-21 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 11:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 11:06 . 2009-07-26 11:06 -------- d-----w- c:\documents and settings\Chris\.housecall6.6
2009-07-26 10:17 . 2009-07-26 10:30 -------- d-----w- c:\documents and settings\Chris\Application Data\Desktopicon
2009-07-26 10:17 . 2009-07-26 10:40 -------- d-----w- c:\program files\Unlocker
2009-07-24 14:07 . 2009-07-24 14:07 -------- d--h--w- c:\windows\PIF
2009-07-24 13:58 . 2009-07-24 13:59 -------- d-----w- c:\program files\Incomplete
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 17:05 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 14:21 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire
2009-08-20 10:41 . 2009-04-27 11:51 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-19 15:24 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst
2009-08-12 13:32 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 06:44 . 2009-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-10 17:21 . 2009-04-30 09:15 -------- d-----w- c:\program files\NOS
2009-08-09 15:57 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2009-08-08 18:53 . 2009-03-29 17:39 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 17:12 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat
2009-08-08 17:12 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat
2009-08-08 17:05 . 2009-03-29 17:42 -------- d-----w- c:\program files\Microsoft Works
2009-08-08 17:03 . 2009-03-29 17:42 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 08:03 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java
2009-07-25 03:23 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 14:21 . 2009-03-29 18:08 -------- d-----w- c:\program files\LimeWire
2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Gogii Games
2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games
2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\Chris\Application Data\Little Games Company
2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:32 . 2009-07-08 14:06 -------- d-----w- c:\documents and settings\Chris\Application Data\Games
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-10 10:46 . 2009-06-20 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-07-09 15:04 . 2009-07-09 15:03 -------- d-----w- c:\documents and settings\Chris\Application Data\SprillRichiEng
2009-07-09 13:21 . 2009-07-09 13:21 -------- d-----w- c:\documents and settings\Chris\Application Data\GARMIN
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\DIFX
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin
2009-07-09 09:42 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\Chris\Application Data\SulusGames
2009-07-07 09:43 . 2009-07-07 09:43 -------- d-----w- c:\documents and settings\Chris\Application Data\MA
2009-07-03 17:00 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 11:04 . 2009-07-03 11:04 -------- d-----w- c:\documents and settings\Chris\Application Data\Aisle 5 Games, Inc
2009-06-30 14:06 . 2009-06-30 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-06-29 09:57 . 2009-06-29 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-06-27 13:43 . 2009-06-27 09:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Enlightenus
2009-06-26 14:42 . 2009-06-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-06-25 10:31 . 2009-06-25 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams
2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:16 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:22 . 2009-03-28 21:15 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-22_12.31.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 17:14 . 2009-08-22 17:14 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [1/04/2009 3:32 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [1/04/2009 3:32 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [1/04/2009 3:32 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [12/08/2009 11:05 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 11:28 55152]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [1/04/2009 3:32 115560]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 23:57 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/04/2009 10:39 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.jansmit.com/index/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: minatica.be\www
Trusted Zone: onlinehelpdesk.be\www
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-22 19:15
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(564)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Voltooingstijd: 2009-08-22 19:17 - machine werd herstart
ComboFix-quarantined-files.txt 2009-08-22 17:17
ComboFix2.txt 2009-08-22 12:32
Pre-Run: 363.835.121.664 bytes beschikbaar
Post-Run: 363.710.496.768 bytes beschikbaar
267 --- E O F --- 2009-08-12 13:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:00, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\windows\explorer.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: Minatica.be
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
--
End of file - 6896 bytes
-
bij software staat nog altijd een map met mirar maar kan ze niet verwijderen
-
ComboFix 09-08-21.02 - Chris 22/08/2009 14:29.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1572 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Application Data\02000000046c88a9648C.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9648O.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9648P.manifest
c:\documents and settings\Chris\Application Data\02000000046c88a9648S.manifest
c:\windows\Installer\534801.msi
c:\windows\Installer\534802.msp
c:\windows\Installer\534803.msp
c:\windows\Installer\534804.msp
c:\windows\Installer\534805.msp
c:\windows\Installer\534806.msp
c:\windows\Installer\534807.msp
c:\windows\Installer\534808.msp
c:\windows\Installer\534809.msp
c:\windows\Installer\53480a.msp
c:\windows\Installer\53480b.msp
c:\windows\system32\E9yE9Iy.vbs
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))
.
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro
2009-08-22 07:04 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG.SYS
2009-08-22 07:04 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX15.SYS
2009-08-22 07:04 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ECMSVR32.DLL
2009-08-22 07:04 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG32.DLL
2009-08-22 07:04 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX32A.DLL
2009-08-22 07:04 . 2009-04-01 01:32 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\EECTRL.SYS
2009-08-22 07:04 . 2009-04-01 01:32 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ERASER.SYS
2009-08-22 07:04 . 2009-04-01 01:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\CCERASER.DLL
2009-08-21 14:27 . 2009-08-13 19:32 54776 ----a-w- c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe
2009-08-21 14:25 . 2009-08-21 14:32 -------- d-----w- c:\program files\Findbasic
2009-08-21 14:25 . 2009-08-21 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-08-21 14:23 . 2009-08-22 07:04 -------- d-----w- c:\program files\MegaSwellAdsForYou
2009-08-19 09:03 . 2009-08-20 12:49 -------- d-----w- c:\documents and settings\Chris\Application Data\MysteryStudio
2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\Chris\Application Data\PoBros
2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-12 10:15 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:14 . 2009-08-19 14:31 -------- d--h--w- c:\windows\$hf_mig$
2009-08-12 09:05 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 09:05 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 09:05 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 09:05 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 09:05 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-10 11:41 . 2009-08-10 11:41 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 16:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 16:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 16:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 16:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 16:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 16:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 16:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 08:03 . 2009-08-05 08:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 13:44 . 2009-08-04 13:44 -------- d-----w- c:\documents and settings\Chris\Application Data\she_is_a_shadow
2009-08-03 12:13 . 2009-08-03 12:13 -------- d-----w- c:\documents and settings\Chris\Application Data\EleFun Games
2009-07-31 09:26 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-31 09:26 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-31 09:26 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-31 09:26 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-31 09:26 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-29 08:33 . 2009-08-02 10:47 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\TheLostIncaProphecy
2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-07-28 11:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-28 11:54 . 2009-08-21 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 11:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 11:06 . 2009-07-26 11:06 -------- d-----w- c:\documents and settings\Chris\.housecall6.6
2009-07-26 10:33 . 2009-07-27 15:18 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-07-26 10:32 . 2009-07-26 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-07-26 10:17 . 2009-07-26 10:30 -------- d-----w- c:\documents and settings\Chris\Application Data\Desktopicon
2009-07-26 10:17 . 2009-07-26 10:40 -------- d-----w- c:\program files\Unlocker
2009-07-24 14:07 . 2009-07-24 14:07 -------- d--h--w- c:\windows\PIF
2009-07-24 13:58 . 2009-07-24 13:59 -------- d-----w- c:\program files\Incomplete
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 09:11 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 14:21 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire
2009-08-20 10:41 . 2009-04-27 11:51 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-19 15:24 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst
2009-08-12 13:32 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 06:44 . 2009-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-10 17:21 . 2009-04-30 09:15 -------- d-----w- c:\program files\NOS
2009-08-09 15:57 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2009-08-08 18:53 . 2009-03-29 17:39 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 17:12 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat
2009-08-08 17:12 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat
2009-08-08 17:05 . 2009-03-29 17:42 -------- d-----w- c:\program files\Microsoft Works
2009-08-08 17:03 . 2009-03-29 17:42 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 08:03 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java
2009-07-25 03:23 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 14:21 . 2009-03-29 18:08 -------- d-----w- c:\program files\LimeWire
2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Gogii Games
2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games
2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\Chris\Application Data\Little Games Company
2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:32 . 2009-07-08 14:06 -------- d-----w- c:\documents and settings\Chris\Application Data\Games
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-10 10:46 . 2009-06-20 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-07-09 15:04 . 2009-07-09 15:03 -------- d-----w- c:\documents and settings\Chris\Application Data\SprillRichiEng
2009-07-09 13:21 . 2009-07-09 13:21 -------- d-----w- c:\documents and settings\Chris\Application Data\GARMIN
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\DIFX
2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin
2009-07-09 09:42 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\Chris\Application Data\SulusGames
2009-07-07 09:43 . 2009-07-07 09:43 -------- d-----w- c:\documents and settings\Chris\Application Data\MA
2009-07-03 17:00 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 11:04 . 2009-07-03 11:04 -------- d-----w- c:\documents and settings\Chris\Application Data\Aisle 5 Games, Inc
2009-06-30 14:06 . 2009-06-30 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-06-29 09:57 . 2009-06-29 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-06-27 13:43 . 2009-06-27 09:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Enlightenus
2009-06-26 14:42 . 2009-06-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-06-25 10:31 . 2009-06-25 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams
2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:16 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:22 . 2009-03-28 21:15 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [1/04/2009 3:32 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [1/04/2009 3:32 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [1/04/2009 3:32 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [12/08/2009 11:05 276344]
R2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe [21/08/2009 16:27 54776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 11:28 55152]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [1/04/2009 3:32 115560]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 23:57 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/04/2009 10:39 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.jansmit.com/index/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: minatica.be\www
Trusted Zone: onlinehelpdesk.be\www
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-22 14:31
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2009-08-22 14:32
ComboFix-quarantined-files.txt 2009-08-22 12:32
Pre-Run: 363.860.549.632 bytes beschikbaar
Post-Run: 363.882.713.088 bytes beschikbaar
248 --- E O F --- 2009-08-12 13:32
had wel de nieuwe versie van hijackthis gedownload maar de oude niet verwijderd
hoop dat nu alles in orde is combo fix gaf wel een fout aan bij het installeren
groetjes
-
Logfile of HijackThis v1.99.1
Scan saved at 13:22:00, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Findbasic\findbasic.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [iNTERNATIONAL] International
O15 - Trusted Zone: Minatica.be
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.ex
-
hier mijn nieuwe logs
Logfile of HijackThis v1.99.1
Scan saved at 9:11:14, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Findbasic\findbasic.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\windows\System32\svchost.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [iNTERNATIONAL] International
O15 - Trusted Zone: Minatica.be
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
Malwarebytes' Anti-Malware 1.40
Database versie: 2675
Windows 5.1.2600 Service Pack 3
22/08/2009 9:10:17
mbam-log-2009-08-22 (09-10-17).txt
Scan type: Snelle Scan
Objecten gescand: 87503
Verstreken tijd: 3 minute(s), 18 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
-
hallo
als ik mijn internet open krijg ik altijd spyware dat opent
daarom kan iemand me helpen hier is mijn hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 18:47:59, on 21/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Findbasic\findbasic.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaSwellAdsForYou - {B8AFA6F8-90AF-2466-C153-04043912FFBC} - C:\Program Files\MegaSwellAdsForYou\MegaSwellAdsForYou.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [iNTERNATIONAL] International
O15 - Trusted Zone: Minatica.be
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
pc start niet op
in Archief Windows Algemeen
Geplaatst:
oke ga dat doen