Ga naar inhoud

systeemherstel lukt niet schijf (d) zit bijna vol

axel321

Door axel321
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

axel321 Vaste Klant

axel321

Geplaatst:
Geplaatst: (aangepast)

hallo hier ben ik weeral met een probleem

mijn laptop gaat traag en hangt een beetje ik denk niet dat het komt door een virus maar door al onze rommel

ik wil een systeemherstel doen maar die mislukt altijd door een onbekende fout die optreed

toch plaats ik voor de zekerheid een hjt logje en een log van mbam

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:12:29, on 19/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\sabaj\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\sabaj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\sabaj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\sabaj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7320 bytes

Malwarebytes' Anti-Malware 1.41

Database versie: 3249

Windows 6.0.6002 Service Pack 2

18/01/2010 13:01:09

mbam-log-2010-01-18 (13-01-09).txt

Scan type: Snelle Scan

Objecten gescand: 96989

Verstreken tijd: 10 minute(s), 11 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

ik heb een schijfdefarmentatie gedaan en een schijfopruiming ik laat ccleaner elkde dag werken

mijn recovery(d:) zit wel goed vol ik heb nog maar 1.28GB over van de 10.9GB maar ik weet niet wat ik daar mag van verwijderen

alvast bedankt

---------- Post toegevoegd om 13:46 ---------- Vorige post was om 13:40 ----------

ik heb bij mijn taakbeheer 66 processen en mijn cpu gaat niet rap boven de 50% uit ik weet niet of het er iets meer te maken heefd

aangepast door axel321
nieuwe hjt log
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgend programma Ask.com via Configuratiescherm -> Software (indien aanwezig) of anders via verwijderen vetgedrukte map

C:\Program Files\Ask.com

Link naar reactie
Delen op andere sites
axel321 Vaste Klant

axel321

Geplaatst:
  • Auteur
Geplaatst:

kape ik heb gedaan wat je hebt gevraagd ik heb de nieuwe hjt log in mijn eerste post geplaats

ik heb vandaag de pc opgestart en ik heb een blauwe scherm gekregen heb even gewacht en kon weer op pc

wel door die blauwe scherm denk ik dat ik een virus heb dus heb combofix gedownload en laten scannen hier is de log van combofix

ComboFix 10-01-18.03 - sabaj 19/01/2010 16:50:20.7.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1923 [GMT 1:00]

Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-19 to 2010-01-19 ))))))))))))))))))))))))))))))

.

2010-01-19 16:03 . 2010-01-19 16:04 -------- d-----w- c:\users\sabaj\AppData\Local\temp

2010-01-19 16:03 . 2010-01-19 16:03 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-19 16:03 . 2010-01-19 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-19 13:39 . 2009-11-25 03:01 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX32A.DLL

2010-01-19 13:39 . 2009-11-25 03:01 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVEX15.SYS

2010-01-19 13:38 . 2009-11-25 03:01 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG.SYS

2010-01-19 13:38 . 2009-11-25 03:01 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\NAVENG32.DLL

2010-01-19 13:38 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\CCERASER.DLL

2010-01-19 13:38 . 2009-11-25 03:01 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\EECTRL.SYS

2010-01-19 13:38 . 2009-11-25 03:01 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\ECMSVR32.DLL

2010-01-19 13:38 . 2009-11-25 03:01 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100118.039\ERASER.SYS

2010-01-16 19:47 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\Scxpx86.dll

2010-01-16 19:47 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys

2010-01-16 19:47 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys

2010-01-16 19:47 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSxpx86.dll

2010-01-16 19:47 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSviA64.sys

2010-01-16 16:25 . 2010-01-16 16:25 -------- d-----w- c:\users\sabaj\AppData\Roaming\NeroDCTemplates

2010-01-14 16:43 . 2010-01-14 16:43 -------- d-----w- c:\users\sabaj\AppData\Local\AskToolbar

2010-01-13 08:24 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 08:24 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-09 16:28 . 2010-01-09 16:28 -------- d-----w- c:\users\sabaj\AppData\Roaming\Nero

2010-01-09 16:11 . 2010-01-09 16:26 -------- d-----w- c:\program files\Nero

2010-01-09 16:11 . 2010-01-09 16:26 -------- d-----w- c:\program files\Common Files\Nero

2010-01-09 16:11 . 2010-01-09 16:15 -------- d-----w- c:\programdata\Nero

2010-01-09 16:08 . 2010-01-09 16:08 -------- d-----w- c:\program files\Common Files\LightScribe

2010-01-09 12:29 . 2010-01-09 12:29 -------- d-----w- c:\users\sabaj\AppData\Roaming\Ahead

2010-01-09 12:27 . 2003-03-29 14:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys

2010-01-09 12:26 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll

2010-01-09 12:26 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll

2010-01-09 12:26 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll

2010-01-09 12:26 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll

2010-01-09 12:26 . 2010-01-09 12:26 -------- d-----w- c:\program files\Common Files\Ahead

2010-01-09 12:26 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2010-01-09 12:26 . 2010-01-09 15:48 -------- d-----w- c:\program files\Ahead

2010-01-07 20:18 . 2010-01-07 20:19 15423336 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe

2010-01-07 20:16 . 2010-01-07 20:18 -------- d-----w- c:\users\sabaj\AppData\Local\Microsoft Games

2009-12-25 13:30 . 2009-12-25 13:30 -------- d-----w- c:\users\sabaj\AppData\Local\ArcSoft

2009-12-25 13:30 . 2009-12-26 10:38 -------- d-----w- c:\users\sabaj\AppData\Roaming\ArcSoft

2009-12-25 13:28 . 2009-12-26 10:38 -------- d-----w- c:\programdata\ArcSoft

2009-12-25 13:27 . 2009-12-26 10:45 -------- d-----w- c:\program files\Common Files\ArcSoft

2009-12-25 13:22 . 2009-12-26 10:42 -------- d-----w- C:\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-18 19:28 . 2009-06-14 14:35 -------- d-----w- c:\users\sabaj\AppData\Roaming\Image Zone Express

2010-01-18 11:37 . 2009-05-26 15:44 -------- d-----w- c:\programdata\HP Product Assistant

2010-01-18 11:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-18 10:52 . 2009-11-29 19:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\LimeWire

2010-01-17 18:29 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-01-17 18:29 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-01-17 18:29 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-17 18:29 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-14 10:12 . 2009-10-03 11:43 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 08:50 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help

2010-01-09 16:17 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent

2010-01-09 12:49 . 2009-11-29 19:06 -------- d-----w- c:\program files\LimeWire

2009-12-30 11:00 . 2009-11-21 17:21 -------- d-----w- c:\program files\Enigma Software Group

2009-12-26 11:31 . 2009-09-15 20:48 -------- d-----w- c:\program files\Google

2009-12-26 10:44 . 2008-11-21 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-16 19:34 . 2009-04-26 16:18 680 ----a-w- c:\users\sabaj\AppData\Local\d3d9caps.dat

2009-12-16 19:08 . 2009-12-16 19:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-12-16 18:38 . 2009-12-16 18:38 -------- d-----w- c:\program files\Samsung

2009-12-15 19:34 . 2009-06-12 17:46 -------- d-----w- c:\program files\Java

2009-12-09 11:49 . 2009-09-26 14:08 -------- d-----w- c:\users\sabaj\AppData\Roaming\CyberLink

2009-11-27 12:28 . 2009-09-08 13:40 -------- d-----w- c:\users\sabaj\AppData\Roaming\HpUpdate

2009-11-21 11:40 . 2009-04-16 14:47 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-21 06:40 . 2009-12-09 08:52 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 08:52 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 06:34 . 2009-12-09 08:52 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 04:59 . 2009-12-09 08:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-20 15:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 12:31 . 2009-12-09 11:58 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-09 11:57 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-09 11:57 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-11-05 15:14 . 2008-11-21 14:19 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

2009-11-05 15:05 . 2008-11-21 14:17 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

2009-10-29 09:17 . 2009-11-26 10:44 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-28 22:37 . 2009-12-19 13:56 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys

2009-10-28 22:37 . 2009-12-19 13:56 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys

2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-19 13:56 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll

2009-10-28 22:37 . 2009-12-19 13:56 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll

2009-10-28 22:37 . 2009-12-19 13:56 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys

2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-08 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

c:\users\sabaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-07-10 22:27 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 06:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-07-10 22:27 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 12:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA004Cfg.exe]

2008-06-24 15:00 32768 ----a-w- c:\windows\OA004Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-07-10 22:27 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-08-01 15:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-23 16:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-06 19:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):c6,70,ed,31,b2,3a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1909669116-3038768439-1391123093-1000]

"EnableNotificationsRef"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [9/09/2009 18:59 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [9/09/2009 18:59 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [9/09/2009 18:58 482432]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys [16/01/2010 20:47 343088]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 3:23 21504]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/09/2009 18:59 117640]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 16:08 365952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/11/2009 19:05 102448]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52 112128]

R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 8:30 144672]

R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 16:01 269760]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [9/09/2009 18:59 48688]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 14:34 193840]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3:23 21504]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/09/2009 21:25 54632]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909669116-3038768439-1391123093-1000Core.job

- c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-08 18:51]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909669116-3038768439-1391123093-1000UA.job

- c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-08 18:51]

2010-01-12 c:\windows\Tasks\HPCeeScheduleForsabaj.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKU-Default-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-19 17:03

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-01-19 17:13:36

ComboFix-quarantined-files.txt 2010-01-19 16:13

Pre-Run: 270.274.605.056 bytes beschikbaar

Post-Run: 272.326.545.408 bytes beschikbaar

- - End Of File - - 228AA0F16185FAF440914A839C401867

nogmaals bedankt

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

Folder::

c:\users\sabaj\AppData\Local\AskToolbar

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
axel321 Vaste Klant

axel321

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 10-01-18.03 - sabaj 21/01/2010 12:17:40.8.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1953 [GMT 1:00]

Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\sabaj\Desktop\CFScript.txt..txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe"

"c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

c:\users\sabaj\AppData\Local\AskToolbar

c:\users\sabaj\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll

c:\users\sabaj\AppData\Local\AskToolbar\Downloaded Program Files\Nero.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-21 to 2010-01-21 ))))))))))))))))))))))))))))))

.

2010-01-21 11:25 . 2010-01-21 11:26 -------- d-----w- c:\users\sabaj\AppData\Local\temp

2010-01-21 11:25 . 2010-01-21 11:25 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-21 11:25 . 2010-01-21 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-20 21:08 . 2009-11-25 03:01 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\NAVENG.SYS

2010-01-20 21:08 . 2009-11-25 03:01 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\NAVENG32.DLL

2010-01-20 21:08 . 2009-11-25 03:01 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\NAVEX32A.DLL

2010-01-20 21:08 . 2009-11-25 03:01 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\NAVEX15.SYS

2010-01-20 21:08 . 2009-11-25 03:01 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\ERASER.SYS

2010-01-20 21:08 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\CCERASER.DLL

2010-01-20 21:08 . 2009-11-25 03:01 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\EECTRL.SYS

2010-01-20 21:08 . 2009-11-25 03:01 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100120.005\ECMSVR32.DLL

2010-01-20 18:41 . 2010-01-20 18:41 -------- d-----w- c:\windows\Sun

2010-01-20 14:08 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll

2010-01-20 14:08 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys

2010-01-20 14:08 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys

2010-01-20 14:08 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll

2010-01-20 14:07 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys

2010-01-16 19:47 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\Scxpx86.dll

2010-01-16 19:47 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys

2010-01-16 19:47 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys

2010-01-16 19:47 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSxpx86.dll

2010-01-16 19:47 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSviA64.sys

2010-01-16 16:25 . 2010-01-16 16:25 -------- d-----w- c:\users\sabaj\AppData\Roaming\NeroDCTemplates

2010-01-13 08:24 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 08:24 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-09 16:28 . 2010-01-09 16:28 -------- d-----w- c:\users\sabaj\AppData\Roaming\Nero

2010-01-09 16:11 . 2010-01-09 16:26 -------- d-----w- c:\program files\Nero

2010-01-09 16:11 . 2010-01-09 16:26 -------- d-----w- c:\program files\Common Files\Nero

2010-01-09 16:11 . 2010-01-09 16:15 -------- d-----w- c:\programdata\Nero

2010-01-09 16:08 . 2010-01-09 16:08 -------- d-----w- c:\program files\Common Files\LightScribe

2010-01-09 12:29 . 2010-01-09 12:29 -------- d-----w- c:\users\sabaj\AppData\Roaming\Ahead

2010-01-09 12:27 . 2003-03-29 14:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys

2010-01-09 12:26 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll

2010-01-09 12:26 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll

2010-01-09 12:26 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll

2010-01-09 12:26 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll

2010-01-09 12:26 . 2010-01-09 12:26 -------- d-----w- c:\program files\Common Files\Ahead

2010-01-09 12:26 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2010-01-09 12:26 . 2010-01-09 15:48 -------- d-----w- c:\program files\Ahead

2010-01-07 20:18 . 2010-01-07 20:19 15423336 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe

2010-01-07 20:16 . 2010-01-07 20:18 -------- d-----w- c:\users\sabaj\AppData\Local\Microsoft Games

2009-12-25 13:30 . 2009-12-25 13:30 -------- d-----w- c:\users\sabaj\AppData\Local\ArcSoft

2009-12-25 13:30 . 2009-12-26 10:38 -------- d-----w- c:\users\sabaj\AppData\Roaming\ArcSoft

2009-12-25 13:28 . 2009-12-26 10:38 -------- d-----w- c:\programdata\ArcSoft

2009-12-25 13:27 . 2009-12-26 10:45 -------- d-----w- c:\program files\Common Files\ArcSoft

2009-12-25 13:22 . 2009-12-26 10:42 -------- d-----w- C:\temp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-18 19:28 . 2009-06-14 14:35 -------- d-----w- c:\users\sabaj\AppData\Roaming\Image Zone Express

2010-01-18 11:37 . 2009-05-26 15:44 -------- d-----w- c:\programdata\HP Product Assistant

2010-01-18 11:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-18 10:52 . 2009-11-29 19:07 -------- d-----w- c:\users\sabaj\AppData\Roaming\LimeWire

2010-01-17 18:29 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-01-17 18:29 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-01-17 18:29 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-17 18:29 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-14 10:12 . 2009-10-03 11:43 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 08:50 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help

2010-01-09 16:17 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent

2010-01-09 12:49 . 2009-11-29 19:06 -------- d-----w- c:\program files\LimeWire

2009-12-30 11:00 . 2009-11-21 17:21 -------- d-----w- c:\program files\Enigma Software Group

2009-12-26 11:31 . 2009-09-15 20:48 -------- d-----w- c:\program files\Google

2009-12-26 10:44 . 2008-11-21 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-16 19:34 . 2009-04-26 16:18 680 ----a-w- c:\users\sabaj\AppData\Local\d3d9caps.dat

2009-12-16 19:08 . 2009-12-16 19:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-12-16 18:38 . 2009-12-16 18:38 -------- d-----w- c:\program files\Samsung

2009-12-15 19:34 . 2009-06-12 17:46 -------- d-----w- c:\program files\Java

2009-12-09 11:49 . 2009-09-26 14:08 -------- d-----w- c:\users\sabaj\AppData\Roaming\CyberLink

2009-11-27 12:28 . 2009-09-08 13:40 -------- d-----w- c:\users\sabaj\AppData\Roaming\HpUpdate

2009-11-21 06:40 . 2009-12-09 08:52 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 08:52 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 06:34 . 2009-12-09 08:52 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 04:59 . 2009-12-09 08:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-20 15:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 12:31 . 2009-12-09 11:58 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-09 11:57 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-09 11:57 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-29 09:17 . 2009-11-26 10:44 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-28 22:37 . 2009-12-19 13:56 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys

2009-10-28 22:37 . 2009-12-19 13:56 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys

2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-19 13:56 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll

2009-10-28 22:37 . 2009-12-19 13:56 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll

2009-10-28 22:37 . 2009-12-19 13:56 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys

2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-08 135664]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

c:\users\sabaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-07-10 22:27 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 06:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-07-10 22:27 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 12:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA004Cfg.exe]

2008-06-24 15:00 32768 ----a-w- c:\windows\OA004Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-07-10 22:27 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-08-01 15:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-23 16:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-06 19:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):c6,70,ed,31,b2,3a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1909669116-3038768439-1391123093-1000]

"EnableNotificationsRef"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [9/09/2009 18:59 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [9/09/2009 18:59 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [9/09/2009 18:58 482432]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys [20/01/2010 15:08 343088]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 3:23 21504]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/09/2009 18:59 117640]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 16:08 365952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/11/2009 19:05 102448]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52 112128]

R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 8:30 144672]

R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 16:01 269760]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [9/09/2009 18:59 48688]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 14:34 193840]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3:23 21504]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/09/2009 21:25 54632]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909669116-3038768439-1391123093-1000Core.job

- c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-08 18:51]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909669116-3038768439-1391123093-1000UA.job

- c:\users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-08 18:51]

2010-01-12 c:\windows\Tasks\HPCeeScheduleForsabaj.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-01-21 12:26

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-01-21 12:29:27

ComboFix-quarantined-files.txt 2010-01-21 11:29

ComboFix2.txt 2010-01-19 16:13

Pre-Run: 271.571.042.304 bytes beschikbaar

Post-Run: 271.548.190.720 bytes beschikbaar

- - End Of File - - 028F3F113249C41301EF5CFB5F149895

hier de log van hjt

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:15, on 21/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Users\sabaj\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe

C:\Windows\Explorer.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\sabaj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\sabaj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\sabaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6985 bytes

ik heb nu toevalig bij taakbeheer gezien dat de cpu soms 100% is val daar iets tegen te doen ?

ik wilde nog even wachten met het verwijderen van combofix tot dat jij kan zeggen het mag nu verwijderd worden

---------- Post toegevoegd om 12:44 ---------- Vorige post was om 12:42 ----------

als ik hier of ergens anders een bericht verstuurt dan spingt de cpu ook ineens tot 70% lijkt mij veel voor een bericht te versturen

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Verwijder volgende vetgedrukte bestand :

C:\Users\sabaj\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

Met HijackThis mag je deze lijn nog fixen :

O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

En dat hoge CPU-gebruik in je Taakbeheer : bij welke toepassingen of programma's zie je dat ineens opduiken ?

Link naar reactie
Delen op andere sites
axel321 Vaste Klant

axel321

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

C:\Users\sabaj\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

vin ik alleen als ik dat ingeef bij start zoeken dan klik ik er op en wil dat verwijderen maar ik heb die toe gang niet zegt dat ding

en die 70% heb ik als ik limeware mbam of als ik gewoon op het internet surf en als ik hier een antwoord post gaat die onmiddelijk naar 70 dan blijft die even tussen 40% 70% hangen en naar 5 sec is hij terug onder de 20 %

eigenlijk komt dat gewoon overal wel is voor soms is het inplaats van 70% ook wel is100%

fysiek geheugen (MB)

totaal 3002

in cache 1985

beschikbaar 52

kernelgeheugen

totaal 271

inwisselbestand 151

niet in wisselbestand 119

nu net heb ik in taakbeheer van prestaties naar services geklikt en ps bleef ongeveer 5 sec hangen

aangepast door axel321
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.