[OPGELOST] spyware op internet

[redcliff]

hallo

als ik mijn internet open krijg ik altijd spyware dat opent

daarom kan iemand me helpen hier is mijn hijackthis log

Logfile of HijackThis v1.99.1

Scan saved at 18:47:59, on 21/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\windows\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Findbasic\findbasic.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\windows\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MegaSwellAdsForYou - {B8AFA6F8-90AF-2466-C153-04043912FFBC} - C:\Program Files\MegaSwellAdsForYou\MegaSwellAdsForYou.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International

O15 - Trusted Zone: Minatica.be

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

[kape]

Ga naar Start - Uitvoeren en tik in: sc stop “Findbasic Service”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete “Findbasic Service”

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: MegaSwellAdsForYou - {B8AFA6F8-90AF-2466-C153-04043912FFBC} - C:\Program Files\MegaSwellAdsForYou\MegaSwellAdsForYou.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[redcliff]

hier mijn nieuwe logs

Logfile of HijackThis v1.99.1

Scan saved at 9:11:14, on 22/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\windows\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Findbasic\findbasic.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\windows\System32\svchost.exe

C:\windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International

O15 - Trusted Zone: Minatica.be

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Malwarebytes' Anti-Malware 1.40

Database versie: 2675

Windows 5.1.2600 Service Pack 3

22/08/2009 9:10:17

mbam-log-2009-08-22 (09-10-17).txt

Scan type: Snelle Scan

Objecten gescand: 87503

Verstreken tijd: 3 minute(s), 18 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

[kape]

In je logje van HiJackThis zijn de aangeduide items - om één of andere reden - niet verwijderd. Je werkt ook nog met een antieke versie van HJT. Download hier de meest actuele versie van HiJackThis en probeer dan eens opnieuw om die items te verwijderen. Om meer kans te hebben op succes, zou je dit misschien eerst in "veilige modus" kunnen uitvoeren. Hang daarna je nieuwe log in een volgend bericht.

[redcliff]

Logfile of HijackThis v1.99.1

Scan saved at 13:22:00, on 22/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\windows\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Findbasic\findbasic.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\windows\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Mijn dokumenten\instalatie\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International

O15 - Trusted Zone: Minatica.be

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic117.exe" "C:\Program Files\Findbasic\findbasic.dll" Service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\3.0.0.134\diMaster.dll" /prefetch:1 (file missing)

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.ex

[kape]

Je hebt nog steeds de nieuwe versie van HijackThis niet gebruikt. Dit kan wel enig verschil maken :s

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[redcliff]

ComboFix 09-08-21.02 - Chris 22/08/2009 14:29.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1572 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Chris\Application Data\02000000046c88a9648C.manifest

c:\documents and settings\Chris\Application Data\02000000046c88a9648O.manifest

c:\documents and settings\Chris\Application Data\02000000046c88a9648P.manifest

c:\documents and settings\Chris\Application Data\02000000046c88a9648S.manifest

c:\windows\Installer\534801.msi

c:\windows\Installer\534802.msp

c:\windows\Installer\534803.msp

c:\windows\Installer\534804.msp

c:\windows\Installer\534805.msp

c:\windows\Installer\534806.msp

c:\windows\Installer\534807.msp

c:\windows\Installer\534808.msp

c:\windows\Installer\534809.msp

c:\windows\Installer\53480a.msp

c:\windows\Installer\53480b.msp

c:\windows\system32\E9yE9Iy.vbs

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))

.

2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro

2009-08-22 07:04 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG.SYS

2009-08-22 07:04 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX15.SYS

2009-08-22 07:04 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ECMSVR32.DLL

2009-08-22 07:04 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG32.DLL

2009-08-22 07:04 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX32A.DLL

2009-08-22 07:04 . 2009-04-01 01:32 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\EECTRL.SYS

2009-08-22 07:04 . 2009-04-01 01:32 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ERASER.SYS

2009-08-22 07:04 . 2009-04-01 01:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\CCERASER.DLL

2009-08-21 14:27 . 2009-08-13 19:32 54776 ----a-w- c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe

2009-08-21 14:25 . 2009-08-21 14:32 -------- d-----w- c:\program files\Findbasic

2009-08-21 14:25 . 2009-08-21 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic

2009-08-21 14:23 . 2009-08-22 07:04 -------- d-----w- c:\program files\MegaSwellAdsForYou

2009-08-19 09:03 . 2009-08-20 12:49 -------- d-----w- c:\documents and settings\Chris\Application Data\MysteryStudio

2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\Chris\Application Data\PoBros

2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros

2009-08-12 10:15 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 10:14 . 2009-08-19 14:31 -------- d--h--w- c:\windows\$hf_mig$

2009-08-12 09:05 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys

2009-08-12 09:05 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys

2009-08-12 09:05 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll

2009-08-12 09:05 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll

2009-08-12 09:05 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys

2009-08-10 11:41 . 2009-08-10 11:41 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\program files\Reference Assemblies

2009-08-08 16:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-08 16:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-08 16:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-08 16:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-08 16:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-08 16:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-08 16:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-05 08:03 . 2009-08-05 08:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-04 13:44 . 2009-08-04 13:44 -------- d-----w- c:\documents and settings\Chris\Application Data\she_is_a_shadow

2009-08-03 12:13 . 2009-08-03 12:13 -------- d-----w- c:\documents and settings\Chris\Application Data\EleFun Games

2009-07-31 09:26 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys

2009-07-31 09:26 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys

2009-07-31 09:26 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll

2009-07-31 09:26 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll

2009-07-31 09:26 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys

2009-07-29 08:33 . 2009-08-02 10:47 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\TheLostIncaProphecy

2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes

2009-07-28 11:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-28 11:54 . 2009-08-21 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-28 11:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-26 11:06 . 2009-07-26 11:06 -------- d-----w- c:\documents and settings\Chris\.housecall6.6

2009-07-26 10:33 . 2009-07-27 15:18 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-07-26 10:32 . 2009-07-26 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2009-07-26 10:17 . 2009-07-26 10:30 -------- d-----w- c:\documents and settings\Chris\Application Data\Desktopicon

2009-07-26 10:17 . 2009-07-26 10:40 -------- d-----w- c:\program files\Unlocker

2009-07-24 14:07 . 2009-07-24 14:07 -------- d--h--w- c:\windows\PIF

2009-07-24 13:58 . 2009-07-24 13:59 -------- d-----w- c:\program files\Incomplete

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-22 09:11 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-21 14:21 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire

2009-08-20 10:41 . 2009-04-27 11:51 -------- d-----w- c:\program files\Wise Registry Cleaner

2009-08-19 15:24 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst

2009-08-12 13:32 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-11 06:44 . 2009-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-10 17:21 . 2009-04-30 09:15 -------- d-----w- c:\program files\NOS

2009-08-09 15:57 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames

2009-08-08 18:53 . 2009-03-29 17:39 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-08 17:12 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat

2009-08-08 17:12 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat

2009-08-08 17:05 . 2009-03-29 17:42 -------- d-----w- c:\program files\Microsoft Works

2009-08-08 17:03 . 2009-03-29 17:42 -------- d-----w- c:\program files\MSBuild

2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 08:03 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java

2009-07-25 03:23 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-24 14:21 . 2009-03-29 18:08 -------- d-----w- c:\program files\LimeWire

2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Gogii Games

2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games

2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\Chris\Application Data\Little Games Company

2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company

2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 09:32 . 2009-07-08 14:06 -------- d-----w- c:\documents and settings\Chris\Application Data\Games

2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-07-10 10:46 . 2009-06-20 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2009-07-09 15:04 . 2009-07-09 15:03 -------- d-----w- c:\documents and settings\Chris\Application Data\SprillRichiEng

2009-07-09 13:21 . 2009-07-09 13:21 -------- d-----w- c:\documents and settings\Chris\Application Data\GARMIN

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin GPS Plugin

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\DIFX

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin

2009-07-09 09:42 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\Chris\Application Data\SulusGames

2009-07-07 09:43 . 2009-07-07 09:43 -------- d-----w- c:\documents and settings\Chris\Application Data\MA

2009-07-03 17:00 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-03 11:04 . 2009-07-03 11:04 -------- d-----w- c:\documents and settings\Chris\Application Data\Aisle 5 Games, Inc

2009-06-30 14:06 . 2009-06-30 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-06-29 09:57 . 2009-06-29 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

2009-06-27 13:43 . 2009-06-27 09:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Enlightenus

2009-06-26 14:42 . 2009-06-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear

2009-06-25 10:31 . 2009-06-25 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams

2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:45 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2009-03-28 21:15 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:11 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [1/04/2009 3:32 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [1/04/2009 3:32 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [1/04/2009 3:32 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [12/08/2009 11:05 276344]

R2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe [21/08/2009 16:27 54776]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 11:28 55152]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [1/04/2009 3:32 115560]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 23:57 36864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/04/2009 10:39 101936]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-04-01 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-22 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.jansmit.com/index/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: minatica.be\www

Trusted Zone: onlinehelpdesk.be\www

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-22 14:31

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Voltooingstijd: 2009-08-22 14:32

ComboFix-quarantined-files.txt 2009-08-22 12:32

Pre-Run: 363.860.549.632 bytes beschikbaar

Post-Run: 363.882.713.088 bytes beschikbaar

248 --- E O F --- 2009-08-12 13:32

had wel de nieuwe versie van hijackthis gedownload maar de oude niet verwijderd

hoop dat nu alles in orde is combo fix gaf wel een fout aan bij het installeren

groetjes

[redcliff]

bij software staat nog altijd een map met mirar maar kan ze niet verwijderen

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\hitmanpro35.sys

Folder::

c:\documents and settings\All Users\Application Data\Hitman Pro

c:\program files\Findbasic

c:\documents and settings\All Users\Application Data\Findbasic

c:\program files\MegaSwellAdsForYou

Driver::

Findbasic Service

hitmanpro35

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[redcliff]

ComboFix 09-08-21.02 - Chris 22/08/2009 19:11.2.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2038.1413 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Chris\Bureaublad\CFScript.txt..txt

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

"c:\windows\system32\drivers\hitmanpro35.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Findbasic

c:\documents and settings\All Users\Application Data\Findbasic\findbasic117.exe

c:\documents and settings\All Users\Application Data\Hitman Pro

c:\documents and settings\All Users\Application Data\Hitman Pro\Banner.bin

c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.key

c:\documents and settings\All Users\Application Data\Hitman Pro\HitmanPro.lic

c:\program files\Findbasic

c:\program files\Findbasic\findbasic.dll

c:\program files\Findbasic\findbasic.exe

c:\program files\Findbasic\uninstall.exe

c:\program files\MegaSwellAdsForYou

c:\program files\MegaSwellAdsForYou\uninstall.exe

c:\windows\system32\drivers\hitmanpro35.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FINDBASIC_SERVICE

-------\Service_Findbasic Service

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))

.

2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\documents and settings\Chris\Application Data\VSRevoGroup

2009-08-22 14:45 . 2009-08-22 15:07 -------- d-----w- c:\program files\SpywareGuard

2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro

2009-08-22 07:04 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG.SYS

2009-08-22 07:04 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX15.SYS

2009-08-22 07:04 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ECMSVR32.DLL

2009-08-22 07:04 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVENG32.DLL

2009-08-22 07:04 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\NAVEX32A.DLL

2009-08-22 07:04 . 2009-04-01 01:32 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\EECTRL.SYS

2009-08-22 07:04 . 2009-04-01 01:32 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\ERASER.SYS

2009-08-22 07:04 . 2009-04-01 01:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090821.039\CCERASER.DLL

2009-08-19 09:03 . 2009-08-20 12:49 -------- d-----w- c:\documents and settings\Chris\Application Data\MysteryStudio

2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\Chris\Application Data\PoBros

2009-08-17 09:34 . 2009-08-17 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros

2009-08-12 10:15 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 10:14 . 2009-08-19 14:31 -------- d--h--w- c:\windows\$hf_mig$

2009-08-12 09:05 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys

2009-08-12 09:05 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys

2009-08-12 09:05 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll

2009-08-12 09:05 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll

2009-08-12 09:05 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys

2009-08-10 11:41 . 2009-08-10 11:41 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 17:08 . 2009-08-08 17:08 -------- d-----w- c:\program files\Reference Assemblies

2009-08-08 16:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-08 16:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-08 16:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-08 16:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-08 16:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-08 16:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-08 16:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-05 08:03 . 2009-08-05 08:03 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-04 13:44 . 2009-08-04 13:44 -------- d-----w- c:\documents and settings\Chris\Application Data\she_is_a_shadow

2009-08-03 12:13 . 2009-08-03 12:13 -------- d-----w- c:\documents and settings\Chris\Application Data\EleFun Games

2009-07-31 09:26 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys

2009-07-31 09:26 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys

2009-07-31 09:26 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll

2009-07-31 09:26 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll

2009-07-31 09:26 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys

2009-07-29 08:33 . 2009-08-02 10:47 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\TheLostIncaProphecy

2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes

2009-07-28 11:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-28 11:54 . 2009-07-28 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-28 11:54 . 2009-08-21 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-28 11:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-26 11:06 . 2009-07-26 11:06 -------- d-----w- c:\documents and settings\Chris\.housecall6.6

2009-07-26 10:17 . 2009-07-26 10:30 -------- d-----w- c:\documents and settings\Chris\Application Data\Desktopicon

2009-07-26 10:17 . 2009-07-26 10:40 -------- d-----w- c:\program files\Unlocker

2009-07-24 14:07 . 2009-07-24 14:07 -------- d--h--w- c:\windows\PIF

2009-07-24 13:58 . 2009-07-24 13:59 -------- d-----w- c:\program files\Incomplete

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-22 17:05 . 2009-05-06 13:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-21 14:21 . 2009-03-29 18:09 -------- d-----w- c:\documents and settings\Chris\Application Data\LimeWire

2009-08-20 10:41 . 2009-04-27 11:51 -------- d-----w- c:\program files\Wise Registry Cleaner

2009-08-19 15:24 . 2009-04-04 09:13 -------- d-----w- c:\documents and settings\Chris\Application Data\PlayFirst

2009-08-12 13:32 . 2009-03-29 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-11 06:44 . 2009-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-10 17:21 . 2009-04-30 09:15 -------- d-----w- c:\program files\NOS

2009-08-09 15:57 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames

2009-08-08 18:53 . 2009-03-29 17:39 69232 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-08 17:12 . 2004-08-04 12:00 87620 ----a-w- c:\windows\system32\perfc013.dat

2009-08-08 17:12 . 2004-08-04 12:00 502530 ----a-w- c:\windows\system32\perfh013.dat

2009-08-08 17:05 . 2009-03-29 17:42 -------- d-----w- c:\program files\Microsoft Works

2009-08-08 17:03 . 2009-03-29 17:42 -------- d-----w- c:\program files\MSBuild

2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 08:03 . 2009-03-29 18:08 -------- d-----w- c:\program files\Java

2009-07-25 03:23 . 2009-03-29 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-24 14:21 . 2009-03-29 18:08 -------- d-----w- c:\program files\LimeWire

2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Gogii Games

2009-07-21 08:29 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games

2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\Chris\Application Data\Little Games Company

2009-07-17 10:23 . 2009-07-17 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company

2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 09:32 . 2009-07-08 14:06 -------- d-----w- c:\documents and settings\Chris\Application Data\Games

2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-07-10 10:46 . 2009-06-20 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2009-07-09 15:04 . 2009-07-09 15:03 -------- d-----w- c:\documents and settings\Chris\Application Data\SprillRichiEng

2009-07-09 13:21 . 2009-07-09 13:21 -------- d-----w- c:\documents and settings\Chris\Application Data\GARMIN

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin GPS Plugin

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\DIFX

2009-07-09 13:20 . 2009-07-09 13:20 -------- d-----w- c:\program files\Garmin

2009-07-09 09:42 . 2009-07-09 09:42 -------- d-----w- c:\documents and settings\Chris\Application Data\SulusGames

2009-07-07 09:43 . 2009-07-07 09:43 -------- d-----w- c:\documents and settings\Chris\Application Data\MA

2009-07-03 17:00 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll

2009-07-03 11:04 . 2009-07-03 11:04 -------- d-----w- c:\documents and settings\Chris\Application Data\Aisle 5 Games, Inc

2009-06-30 14:06 . 2009-06-30 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-06-29 09:57 . 2009-06-29 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

2009-06-27 13:43 . 2009-06-27 09:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Enlightenus

2009-06-26 14:42 . 2009-06-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear

2009-06-25 10:31 . 2009-06-25 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams

2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:45 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2009-03-28 21:15 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:11 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_12.31.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-22 17:14 . 2009-08-22 17:14 16384 c:\windows\Temp\Perflib_Perfdata_338.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [1/04/2009 3:32 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [1/04/2009 3:32 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [1/04/2009 3:32 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [12/08/2009 11:05 276344]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/05/2009 11:28 55152]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [1/04/2009 3:32 115560]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 11:18 202016]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28/03/2009 23:57 36864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/04/2009 10:39 101936]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-04-01 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-22 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{8B8B62A1-46CE-47ED-B5BC-2A559A621610}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.jansmit.com/index/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: minatica.be\www

Trusted Zone: onlinehelpdesk.be\www

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-22 19:15

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(564)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Voltooingstijd: 2009-08-22 19:17 - machine werd herstart

ComboFix-quarantined-files.txt 2009-08-22 17:17

ComboFix2.txt 2009-08-22 12:32

Pre-Run: 363.835.121.664 bytes beschikbaar

Post-Run: 363.710.496.768 bytes beschikbaar

267 --- E O F --- 2009-08-12 13:32

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22:00, on 22/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\windows\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\windows\System32\svchost.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\windows\explorer.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Jan Smit

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: Minatica.be

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528189484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--

End of file - 6896 bytes