Hoi Huib,
Zie nu dat er twee keer de HJT log is opgestuurd.
Probeer het opnieuw.
Inmiddels zit ik ook met de Windows search die me echt stoort.
Kan je daar ook naar kijken?
Hier de Combofixlog:
ComboFix 09-11-19.03 - Anne Hof 19/11/2009 22:45.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.766.192
Gestart vanuit: d:\documents and settings\Anne Hof\Bureaublad\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-19 to 2009-11-19 ))))))))))))))))))))))))))))))
.
2009-11-19 17:17 . 2009-11-19 17:50 ——– d–h–r- d:\documents and settings\Anne Hof\Onlangs geopend
2009-11-19 16:39 . 2009-08-29 09:00 84912 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\NAVENG.SYS
2009-11-19 16:39 . 2009-08-29 09:00 177520 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\NAVENG32.DLL
2009-11-19 16:39 . 2009-08-29 09:00 1647984 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\NAVEX32A.DLL
2009-11-19 16:39 . 2009-08-29 09:00 1323568 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\NAVEX15.SYS
2009-11-19 16:39 . 2009-10-25 17:46 2747952 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\CCERASER.DLL
2009-11-19 16:39 . 2009-10-25 17:46 259440 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\ECMSVR32.DLL
2009-11-19 16:39 . 2009-08-29 09:00 371248 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\EECTRL.SYS
2009-11-19 16:39 . 2009-08-29 09:00 102448 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091119.004\ERASER.SYS
2009-11-16 22:51 . 2009-11-16 22:51 ——– d—–w- c:\program files\Trend Micro
2009-11-16 21:14 . 2009-11-16 21:15 ——– d—–w- c:\program files\CleanUp!
2009-11-16 12:32 . 2009-11-16 12:38 ——– d—–w- c:\program files\Windows Live
2009-11-16 11:15 . 2009-11-19 21:44 ——– d—–w- c:\windows\system32\CatRoot2
2009-11-14 23:14 . 2009-11-14 23:14 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\Windows Desktop Search
2009-11-12 20:39 . 2009-10-28 22:37 343088 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-12 20:39 . 2009-10-28 22:37 329592 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-12 20:39 . 2009-10-28 22:37 811896 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-12 20:39 . 2009-10-28 22:37 488312 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-12 20:39 . 2009-10-28 22:37 466992 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-11 20:40 . 2009-10-28 22:37 811896 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-11-11 20:40 . 2009-10-28 22:37 343088 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-11-11 20:40 . 2009-10-28 22:37 329592 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-11-11 20:40 . 2009-10-28 22:37 488312 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-11-11 20:40 . 2009-10-28 22:37 466992 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSviA64.sys
2009-11-11 14:40 . 2009-11-16 14:16 117760 —-a-w- d:\documents and settings\Anne Hof\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-11 14:39 . 2009-11-11 14:39 ——– d—–w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-11 14:39 . 2009-11-11 14:39 ——– d—–w- c:\program files\SUPERAntiSpyware
2009-11-11 14:39 . 2009-11-11 14:39 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\SUPERAntiSpyware.com
2009-11-10 19:44 . 2009-11-19 21:35 ——– d—–w- C:\Tracing
2009-11-10 17:16 . 2009-11-10 17:16 3584 —-a-r- d:\documents and settings\Anne Hof\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-10 17:16 . 2009-11-10 17:16 ——– d—–w- c:\program files\Windows Installer Clean Up
2009-11-10 16:59 . 2009-11-10 16:59 ——– d—–w- c:\program files\CCleaner
2009-11-07 17:13 . 2009-11-07 17:13 ——– d—–w- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-11-06 17:22 . 2009-11-06 17:22 152576 —-a-w- d:\documents and settings\Anne Hof\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 17:22 . 2009-11-06 17:22 79488 —-a-w- d:\documents and settings\Anne Hof\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-04 23:50 . 2009-11-04 23:50 201616 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHRules.dll
2009-11-04 23:50 . 2009-11-04 23:50 663088 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx64.sys
2009-11-04 23:50 . 2009-11-04 23:50 524848 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx86.sys
2009-11-04 23:50 . 2009-11-04 23:50 1413520 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHEngine.dll
2009-11-04 23:50 . 2009-11-04 23:50 610704 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\bbRGen.dll
2009-10-30 11:08 . 2009-11-16 12:38 ——– d—–w- c:\program files\Windows Live SkyDrive
2009-10-30 10:58 . 2009-11-10 17:15 ——– d—–w- c:\program files\MSECACHE
2009-10-29 17:57 . 2009-10-29 17:57 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\Malwarebytes
2009-10-29 17:57 . 2009-09-10 13:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 17:57 . 2009-10-29 17:57 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 17:57 . 2009-10-29 17:57 ——– d—–w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 17:57 . 2009-09-10 13:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 17:35 . 2009-10-29 17:35 ——– d—–w- C:\MSXML3msms
2009-10-28 22:37 . 2009-10-28 22:37 343088 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-26 13:57 . 2009-10-26 13:57 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\Uniblue
2009-10-26 12:54 . 2009-10-26 13:07 ——– d—a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-10-25 17:29 . 2009-10-29 02:31 784752 —-a-r- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-10-25 17:29 . 2009-08-30 00:16 164216 —-a-r- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-10-25 17:29 . 2009-10-25 17:29 ——– d—–w- c:\program files\Symantec
2009-10-25 17:29 . 2009-10-25 17:29 60808 —-a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-25 17:29 . 2009-10-25 17:29 124976 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-25 17:28 . 2009-08-30 00:16 467504 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys
2009-10-25 17:28 . 2009-08-30 00:16 342576 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys
2009-10-25 17:28 . 2009-08-30 00:16 329080 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSxpx86.sys
2009-10-25 17:28 . 2009-08-30 00:16 732024 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\Scxpx86.dll
2009-10-25 17:28 . 2009-08-30 00:16 488312 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSxpx86.dll
2009-10-25 17:28 . 2009-08-26 22:13 900464 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2009-10-25 17:28 . 2009-09-01 08:45 892784 —-a-w- d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2009-10-25 17:28 . 2009-11-13 10:27 ——– d—–w- c:\windows\system32\drivers\NIS
2009-10-25 17:28 . 2009-10-25 17:28 ——– d—–w- c:\program files\Norton Internet Security
2009-10-25 17:20 . 2009-10-25 17:20 ——– d—–w- d:\documents and settings\All Users\Application Data\PCSettings
2009-10-25 17:20 . 2009-10-25 17:20 ——– d—–w- d:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-25 17:20 . 2009-10-25 17:20 ——– d—–w- c:\program files\NortonInstaller
2009-10-25 17:17 . 2009-10-25 17:30 ——– d—–w- d:\documents and settings\All Users\Application Data\Norton
2009-10-25 14:24 . 2009-10-25 14:28 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\ZipGenius
2009-10-25 14:23 . 2009-10-25 14:24 ——– d—–w- c:\program files\ZipGenius 6
2009-10-22 19:12 . 2009-10-22 19:12 10134 —-a-r- d:\documents and settings\Anne Hof\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-10-22 19:12 . 2009-10-22 19:12 10134 —-a-r- d:\documents and settings\Anne Hof\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
2009-10-22 19:12 . 2009-10-22 19:12 10134 —-a-r- d:\documents and settings\Anne Hof\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-10-22 18:41 . 2009-10-22 18:41 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\Windows Search
2009-10-22 18:07 . 2009-10-22 18:15 ——– d—–w- d:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-10-22 18:06 . 2009-11-19 15:12 ——– d—–w- c:\program files\Windows Desktop Search
2009-10-22 18:06 . 2009-10-22 18:06 ——– d—–w- c:\windows\system32\GroupPolicy
2009-10-22 18:05 . 2008-03-07 17:02 98304 ——w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-22 18:05 . 2008-03-07 17:02 29696 ——w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-22 18:05 . 2008-03-07 17:02 192000 ——w- c:\windows\system32\dllcache\offfilt.dll
2009-10-22 17:57 . 2006-06-29 11:07 14048 ——w- c:\windows\system32\spmsg2.dll
2009-10-22 16:28 . 2009-11-09 12:00 ——– d—–w- C:\sj654
2009-10-22 16:09 . 2009-11-09 11:24 ——– d—–w- C:\SCANJET
2009-10-22 14:49 . 1994-03-24 23:00 398416 —-a-w- c:\windows\system\VBRUN300.DLL
2009-10-22 14:49 . 1993-04-27 23:00 7008 —-a-w- c:\windows\system\SETUPKIT.DLL
2009-10-21 08:22 . 2009-10-21 08:22 ——– d—–w- d:\documents and settings\Anne Hof\Local Settings\Application Data\LogiShrd
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 18:24 . 2004-09-10 15:24 535778 —-a-w- c:\windows\system32\perfh013.dat
2009-11-19 18:24 . 2004-09-10 15:24 101340 —-a-w- c:\windows\system32\perfc013.dat
2009-11-19 13:25 . 2008-12-04 12:12 ——– d—–w- d:\documents and settings\All Users\Application Data\Google Updater
2009-11-16 12:32 . 2008-03-27 09:35 ——– d—–w- d:\documents and settings\All Users\Application Data\WLInstaller
2009-11-16 11:15 . 2009-11-16 11:15 76487 —-a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-15 14:21 . 2006-10-09 12:05 ——– d—–w- c:\program files\Popsy
2009-11-11 14:38 . 2006-10-09 12:01 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 14:16 . 2008-07-18 09:29 ——– d—–w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-11-11 14:15 . 2006-10-05 12:03 ——– d—–w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 20:37 . 2008-07-18 17:09 ——– d—–w- c:\program files\Common Files\Logishrd
2009-11-06 17:23 . 2006-10-05 18:27 ——– d—–w- c:\program files\Java
2009-10-26 12:53 . 2008-12-04 12:12 ——– d—–w- c:\program files\Google
2009-10-25 18:35 . 2006-10-05 18:27 ——– d—–w- c:\program files\Common Files\Symantec Shared
2009-10-25 17:29 . 2009-10-25 17:29 805 —-a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-25 17:29 . 2009-10-25 17:29 7443 —-a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-25 17:25 . 2006-10-05 18:38 ——– d—–w- d:\documents and settings\All Users\Application Data\Symantec
2009-10-22 19:09 . 2006-10-23 11:34 ——– d—–w- c:\program files\Common Files\Logitech
2009-10-22 19:09 . 2006-10-23 11:34 ——– d—–w- c:\program files\Logitech
2009-10-20 23:11 . 2008-07-18 17:17 ——– d—–w- d:\documents and settings\All Users\Application Data\LogiShrd
2009-10-19 14:48 . 2007-03-13 15:30 ——– d—–w- c:\program files\Common Files\Adobe
2009-10-13 18:43 . 2008-09-10 21:20 ——– d—–w- d:\documents and settings\LocalService\Application Data\SACore
2009-10-11 21:59 . 2008-11-06 14:58 339968 —-a-w- c:\windows\system32\pythoncom25.dll
2009-10-11 21:59 . 2008-11-06 14:58 114688 —-a-w- c:\windows\system32\pywintypes25.dll
2009-10-11 21:58 . 2008-11-06 14:58 2117632 —-a-w- c:\windows\system32\python25.dll
2009-10-11 03:17 . 2009-03-02 12:37 411368 —-a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2008-07-29 17:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-09-10 15:23 23040 —-a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-09-10 15:23 220160 —-a-w- c:\windows\system32\oleacc.dll
2009-10-07 12:37 . 2006-10-06 13:51 ——– d—–w- d:\documents and settings\Anne Hof\Application Data\MailWasher
2009-09-24 20:45 . 2009-09-24 20:45 152576 —-a-w- d:\documents and settings\Anne Hof\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-24 18:33 . 2009-09-17 14:19 ——– d—–w- c:\program files\Microsoft Silverlight
2009-09-17 14:21 . 2006-10-05 09:52 104856 —-a-w- d:\documents and settings\Anne Hof\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:20 . 2004-09-10 15:23 136192 —-a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-09-10 15:23 58880 —-a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2004-09-10 15:23 916480 ——w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-09-10 15:24 247326 —-a-w- c:\windows\system32\strmdll.dll
2009-03-31 20:47 . 2008-07-18 08:32 324976 —-a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
2009-09-03 14:21 548352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
2008-05-02 00:42 72208 —-a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
2006-01-30 06:53 49152 —-a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
@=“”
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“EnableFirewall”= 0 (0x0)
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”=
“c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\APPS\\skype\\Phone\\Skype.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx86.sys
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS
S2 gupdate1c95c9e9947aaae;Google Update Service (gupdate1c95c9e9947aaae);c:\program files\Google\Update\GoogleUpdate.exe
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys
S3 fsssvc;De service Windows Live Family Safety;“c:\program files\Windows Live\Family Safety\fsssvc.exe” –> c:\program files\Windows Live\Family Safety\fsssvc.exe
S3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys
.
Inhoud van de ‘Gedeelde Taken’ map
2009-11-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
2009-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2009-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2009-11-13 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Anne Hof.job
- c:\program files\Norton Internet Security\Engine\17.1.0.19\Navw32.exe
2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{4E03E60E-8657-4758-A564-8D5F839B7A9F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Afdrukken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Afdrukvoorbeeld - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Toevoegen aan afdruklijst - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Versneld afdrukken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\documents and settings\Anne Hof\Application Data\Mozilla\Firefox\Profiles\5uoruzdc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 22:55
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
“ImagePath”=“\”c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\“ /s \”NIS\“ /m \”c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\“ /prefetch:1”
“ImagePath”=“\”c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00ð
[%\00«Ô‘|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00?\03pè\13\00pè\13\00\18î"
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
“EnableAutodisconnect”=dword:00000001
“EnableExitDisconnect”=dword:00000001
“DisconnectIdleTime”=dword:00000014
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(444)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\apps\Softex\OmniPass\opxpgina.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > ‘explorer.exe’(4588)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-11-19 22:59
ComboFix-quarantined-files.txt 2009-11-19 21:59
ComboFix2.txt 2009-11-19 14:34
Pre-Run: 49.940.762.624 bytes beschikbaar
Post-Run: 49.899.737.088 bytes beschikbaar
- - End Of File - - A40B3950A7961501226A8C44F6E87D06
en de HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:51, on 19/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: De service Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c95c9e9947aaae) (gupdate1c95c9e9947aaae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
–
End of file - 9924 bytes
Hoop dat het nu goed overkomt.
Groetjes,
Anne(tu)
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
:S