Vraag & Antwoord

Beveiliging & privacy

"schijven beveiligd tegen schrijven"+"u bent

33 antwoorden
  • Hallo, ik heb een probleem met mijn computer, deze werkt onder Windows XP. Norton updates kan ik downloaden maar niet instaleren. "niet bevoegd" Mappen kan ik niet verwijderen. Geluid was weg, Steeds de error “schijven beveiligd tegen schrijven”als je een map wilde verwijderen. ( foto,s of bestanden ). Het begon nadat ik Nero 8 had gekocht en geinstaleerd. Dat heb ik uiteindelijk met veel moeite kunnen verwijderen met een backup harde schijf en de image weer terug te zetten met Acronis software. Nero 8 retour winkel. ( Net 2 dagen uit!) Nu heb ik in ieder geval mijn geluid weer terug en normaal uitziende mappen!. Ik kan Dus niet meer mappen verwijderen, dan krijg ik de melding; “u bent niet bevoegd”. Ik denk dat het toch een virus is, of dat de gebruiker gewisseld is op een of andere manier. Norton is pas vernieuwd tot 2008 ( via e-mail gedownload ) download wel updates maar verwerkt ze niet! Cc geprobeerd. Hitmanpro geprobeerd. In de veilige mode RO--HKCUSofware\Microsoft\Internet Explorer\Main ect. En de RO-HKLM\Software\Microsoft\Internet Explorer\Main ect.ect. verwijderd. Ook niet echt geholpen! Hierna systeemherstel uitgevoerd omdat mijn e-mail niet meer werkte. Nu zijn mijn mappen opties kleiner geworden en omschrijvingen bij mappen zijn onduidelijker Ik heb nog info in de veilige mode van Hyjack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:12, on 13-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\J. de Brabander\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - S-1-5-18 Startup: Butler 4012 USB VoIP.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: Butler 4012 USB VoIP.lnk = ? (User 'Default user') O4 - Startup: Butler 4012 USB VoIP.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/ O15 - Trusted Zone: *.msn messenger O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 9908 bytes Ik kan hier echt geen wijs uit! is het misschien beter om weer het bewaard image bestand er overheen te zetten? Omdat na deze ingreep de mappen er wel normaal uitzagen! Alllen zit ik dan nog steeds met "schijven beveiligd tegen schrijven".... Ik lees altijd graag het blad Computer totaal en ik hoop dat ik ook op deze manier geholpen kan worden. Kunt u mij helpen? Vriendelijke groet, Jack de Brabander
  • Kijk eens of het lukt een nieuwe account met volledige rechten aan te maken. Daarmee inloggen en zien of dat uitmaakt.
  • bedankt voor je reactie, ik zal het proberen. kan helaas nog geen verbinding krijgen op deze nieuwe account naar hetnet. De nieuwe account is ook volledig leeg in het bureablad. groeten, jack
  • Het Hijackthis logje is gemaakt in Veilige modus, kun je eens een logje maken in normale modus?
  • Bedankt voor je reactie! Dit is in de normale mode: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:05:21, on 14-10-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe D:\Nieuwe map\TrueImageMonitor.exe D:\Nieuwe map\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\ASUSKBService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Butler 4012 USB VoIP.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/ O15 - Trusted Zone: *.msn messenger O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 10863 bytes groeten, jack
  • hallo, hier heb ik nog meer info van Hyjackthis. Ik hoop dat iemand mij kan helpen. In de nieuwe account kan ik geen internet verbinding maken en zijn er geen mappen gevuld zoals bij mijn eerste account. Wat doe ik verkeerd? Norton is niet in staat in mijn oude account om de gegevens te verwerken. "error, neem contact op met Symatec". Maar ook daar kan ik het verwijdertool niet van instaleren. Wederom "error, neem contact op met Symatec". Verwijderen lukt niet, bij geen enkele map. "niet bevoegd tot". Ik weet het niet meer.....Ik hoop dat iemand mij kan helpen! groeten, jack Hier is de info van Hyjackthis: Comparison of your HijackThis log file items to others The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database. Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page. Index % of PCs with item Code Data 1 0.0% O14 START_PAGE_URL=http://www.hetnet.nl/ 2 0.0% O15 *.msn messenger 3 1.8% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll 4 0.3% O16 {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab 5 0.2% O16 {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab 6 0.2% O16 {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab 7 0.1% O16 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe 8 1.4% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 9 3.7% O2 (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 10 2.5% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 11 0.7% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll 12 0.0% O2 Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 13 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 14 0.0% O2 NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll 15 0.0% O2 Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll 16 0.0% O20 MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 17 5.4% O23 NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 18 5.1% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 19 4.2% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 20 4.1% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21 2.7% O23 ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 22 0.9% O23 iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe 23 0.5% O23 ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 24 0.3% O23 Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe 25 0.3% O23 Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 26 0.1% O23 SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe 27 0.1% O23 B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe 28 0.0% O23 ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe 29 0.0% O23 Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) 30 0.0% O23 NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) 31 0.0% O23 DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing) 32 0.0% O23 Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe 33 0.0% O23 PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe 34 0.0% O23 PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe 35 0.0% O23 PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe 36 0.7% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll 37 0.0% O3 Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll 38 0.0% O3 Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll 39 14.3% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 40 6.4% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 41 5.6% O4 [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 42 4.0% O4 [nwiz] nwiz.exe /install 43 2.9% O4 [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 44 2.6% O4 [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 45 1.0% O4 [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 46 0.7% O4 [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE 47 0.6% O4 [Logitech Utility] Logi_MwX.Exe 48 0.3% O4 [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" 49 0.2% O4 [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" 50 0.2% O4 [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" 51 0.1% O4 [Spyware Doctor] (User 'SYSTEM') 52 0.1% O4 [Spyware Doctor] (User 'Default user') 53 0.0% O4 [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe 54 0.0% O4 [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe 55 0.0% O4 [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto 56 0.0% O4 [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce 57 0.0% O4 Butler 4012 USB VoIP.lnk = ? 58 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 59 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 60 0.0% O4 [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" 61 0.0% O4 [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe 62 0.0% O4 [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe 63 0.0% O4 [osCheck] "D:\Nieuwe map\osCheck.exe" 64 0.1% O8 E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 65 0.0% O8 Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html 66 0.0% O8 Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html 67 0.0% O8 Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html 68 0.0% O8 Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html 69 11.5% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 70 11.3% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 71 0.2% O9 Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 72 0.0% O9 Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 73 0.0% O9 Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll 74 0.0% O9 RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk 75 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 76 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 77 0.0% O9 Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll 78 22.3% P01 C:\WINDOWS\Explorer.EXE 79 21.8% P01 C:\WINDOWS\system32\svchost.exe 80 21.8% P01 C:\WINDOWS\system32\lsass.exe 81 21.8% P01 C:\WINDOWS\system32\winlogon.exe 82 21.8% P01 C:\WINDOWS\system32\services.exe 83 21.7% P01 C:\WINDOWS\System32\smss.exe 84 20.9% P01 C:\WINDOWS\system32\spoolsv.exe 85 15.1% P01 C:\WINDOWS\system32\ctfmon.exe 86 5.3% P01 C:\WINDOWS\system32\Ati2evxx.exe 87 4.7% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 88 4.0% P01 C:\Program Files\QuickTime\qttask.exe 89 2.5% P01 C:\WINDOWS\system32\csrss.exe 90 1.8% P01 C:\WINDOWS\system32\wbem\wmiprvse.exe 91 1.2% P01 C:\WINDOWS\system32\msiexec.exe 92 0.9% P01 C:\Program Files\Skype\Phone\Skype.exe 93 0.9% P01 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 94 0.8% P01 C:\WINDOWS\system32\LVCOMSX.EXE 95 0.6% P01 C:\Program Files\Skype\Plugin Manager\SkypePM.exe 96 0.5% P01 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 97 0.3% P01 C:\Program Files\Logitech\MouseWare\system\em_exec.exe 98 0.3% P01 C:\Program Files\Canon\CAL\CALMAIN.exe 99 0.3% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 100 0.3% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe 101 0.2% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 102 0.2% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe 103 0.2% P01 C:\WINDOWS\system32\UAService7.exe 104 0.1% P01 C:\WINDOWS\system32\bgsvcgen.exe 105 0.0% P01 C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe 106 0.0% P01 c:\WINDOWS\ASUSKBService.exe 107 0.0% P01 C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe 108 0.0% P01 C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE 109 0.0% P01 C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe 110 0.0% P01 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe 111 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 112 0.0% P01 D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe 113 0.0% P01 D:\Nieuwe map\TrueImageMonitor.exe 114 0.0% P01 D:\Nieuwe map\TimounterMonitor.exe 115 0.0% P01 C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe 116 0.5% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen 117 0.7% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost 118 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/ 119 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/ 120 1.1% R3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Explanation of the codes R - Registry, StartPage/SearchPage changes R0 - Changed registry value R1 - Created registry value R2 - Created registry key R3 - Created extra registry value where only one should be F - IniFiles, autoloading entries F0 - Changed inifile value F1 - Created inifile value F2 - Changed inifile value, mapped to Registry F3 - Created inifile value, mapped to Registry N - Netscape/Mozilla StartPage/SearchPage changes N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js of Netscape 7 N4 - Change in prefs.js of Mozilla O - Other, several sections which represent: O1 - Hijack of auto.search.msn.com with Hosts file O2 - Enumeration of existing MSIE BHO's O3 - Enumeration of existing MSIE toolbars O4 - Enumeration of suspicious autoloading Registry entries O5 - Blocking of loading Internet Options in Control Panel O6 - Disabling of 'Internet Options' Main tab with Policies O7 - Disabling of Regedit with Policies O8 - Extra MSIE context menu items O9 - Extra 'Tools' menuitems and buttons O10 - Breaking of Internet access by New.Net or WebHancer O11 - Extra options in MSIE 'Advanced' settings tab O12 - MSIE plugins for file extensions or MIME types O13 - Hijack of default URL prefixes O14 - Changing of IERESET.INF O15 - Trusted Zone Autoadd O16 - Download Program Files item O17 - Domain hijack O18 - Enumeration of existing protocols and filters O19 - User stylesheet hijack O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key O22 - SharedTaskScheduler autorun Registry key O23 - Enumeration of NT Services O24 - Enumeration of ActiveX Desktop Components
  • Ga naar start --> uitvoeren en typ daar: [b:e3613514dd]sfc /scannow[/b:e3613514dd] Meer info over scannow: http://www.updatexp.com/scannow-sfc.html Daarna: Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:e3613514dd]bureaublad[/b:e3613514dd] Dubbelklik op [u:e3613514dd]combofix.exe[/u:e3613514dd] Kies voor "Continue" door [b:e3613514dd]1[/b:e3613514dd] te typen gevolgd door [b:e3613514dd]ENTER[/b:e3613514dd]. Tijdens het runnen van de fix, [b:e3613514dd]NIET[/b:e3613514dd] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:e3613514dd]combofix.txt[/b:e3613514dd] openen. Bewaar dit logje. [i:e3613514dd]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:e3613514dd] Plaats in je volgende antwoord het logje van combofix ([i:e3613514dd]combofix.txt[/i:e3613514dd])
  • Hallo, Bedankt voor uw reactie! Ik heb Scannow onderzoek laten doen op mijn computer met als resultaat: "679 found + 679 Restricted" dat volgens mij betekend dat het software programma niets kon uitrichten? Met Combofix ging het beter, ondanks dat Windows het programma af wilde sluiten met een "in Sed.cfexe is een fout opgetreden en moet worden afgesloten", maakte Combofix het logje af! Hier het Combofix.txt logje: ComboFix 07-10-12.4 - J. de Brabander 2007-10-15 22:31:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1976 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))) . 2007-10-15 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 21:10 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert 2007-10-14 20:04 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-14 20:04 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-14 19:34 <DIR> d-------- C:\temp\Tmp___553 2007-10-14 19:34 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\PC Tools 2007-10-14 19:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 19:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-14 19:34 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-14 19:34 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-14 19:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-14 19:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 17:43 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Application Data\ATI 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Sjablonen 2007-10-13 17:31 <DIR> dr-h----- C:\Documents and Settings\Jack de Brabander\Onlangs geopend 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Mijn documenten 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Menu Start 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Favorieten 2007-10-13 17:31 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Bureaublad 2007-10-13 11:54 <DIR> d-------- C:\Hitman Pro 2007-10-13 11:13 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-13 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-12 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-12 20:20 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\LimeWire 2007-10-06 15:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2007-10-06 15:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-06 15:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-06 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2007-10-02 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages 2007-09-29 12:20 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-09-29 12:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-20 19:47 42,752 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 20:07 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Skype 2007-10-14 18:34 --------- d-----w C:\Program Files\Yahoo! 2007-10-14 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 18:05 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-13 10:48 --------- d-----w C:\Program Files\Symantec 2007-10-13 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 15:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 15:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 13:45 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Symantec 2007-10-02 20:25 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Canon 2007-10-02 14:04 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX 2007-09-29 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-23 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2007-09-19 09:22 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-11 17:14 --------- d-----w C:\Program Files\Microsoft Encarta 2007-09-10 17:07 --------- d-----w C:\Program Files\CBS 2007-09-09 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI 2007-09-02 20:52 --------- d-----w C:\Program Files\Ahead 2007-09-02 20:50 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Ahead 2007-09-02 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-SAL 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-08-29 12:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-28 16:01 --------- d-----w C:\Program Files\Common Files\YDP 2007-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-08-24 12:23 --------- d-----w C:\Program Files\DivX 2007-08-23 15:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-23 12:46 --------- d-----w C:\Program Files\Skype 2007-08-23 12:46 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-23 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-23 11:53 --------- d-----w C:\Program Files\Java 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-06-25 15:31 81,920 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe 2007-06-25 15:31 47,360 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys 2006-09-18 08:09 284 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-06 15:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50] "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49] "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12] "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08] "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12] "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07] "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53] "RegistryMechanic"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "D:\Nieuwe map\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] D:\Nieuwe map\olympus master software\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.exe "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job" - D:\Nieuwe map\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 22:34:47 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-15 22:35:24 . --- E O F --- Downloads van Symatic worden ook niet verwerkt. Met een speciale tool van Symatic het bestand te verwijderen, met de bedoeling om het software programma van Symatic opnieuw te instaleren is ook niet mogelijk. Ik krijg steeds "error". Of is het beter om een ding te gelijk te bekijken? Groeten, Jack
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:0c0a3812c0] Registry:: [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [/b:0c0a3812c0] Sla dit op op je Bureaublad als [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0] Sleep [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0] in [b:0c0a3812c0]ComboFix.exe[/b:0c0a3812c0] zoals getoond in onderstaand voorbeeld : [img:0c0a3812c0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0c0a3812c0] Dit zal [b:0c0a3812c0]ComboFix[/b:0c0a3812c0] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:0c0a3812c0]Combofix.txt[/b:0c0a3812c0] in je volgende antwoord Download Dial-a-fix via http://wiki.djlizard.net/Dial-a-fix#Standard_version Start Dial-A-Fix en in het hoofd-venster vink je alles aan en klik onderaan op 'Go' Laat het tooltje zijn werk doen en herstart je pc, kijk of het dan gebeterd is.
  • Hallo, bedankt voor je reactie! Ik hoop dat dit het goede bestand is? De andere suggestie zal ik hierna uitvoeren. groeten, jack ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 0:26:32.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1886 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.lnk * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))) . 2007-10-15 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 21:10 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert 2007-10-14 20:04 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-14 20:04 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-14 19:34 <DIR> d-------- C:\temp\Tmp___553 2007-10-14 19:34 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\PC Tools 2007-10-14 19:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 19:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-14 19:34 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-14 19:34 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-14 19:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-14 19:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 17:43 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Application Data\ATI 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Sjablonen 2007-10-13 17:31 <DIR> dr-h----- C:\Documents and Settings\Jack de Brabander\Onlangs geopend 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Mijn documenten 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Menu Start 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Favorieten 2007-10-13 17:31 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Bureaublad 2007-10-13 11:54 <DIR> d-------- C:\Hitman Pro 2007-10-13 11:13 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-13 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-12 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-12 20:20 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\LimeWire 2007-10-06 15:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2007-10-06 15:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-06 15:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-06 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2007-10-02 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages 2007-09-29 12:20 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-09-29 12:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-20 19:47 42,752 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 21:52 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Skype 2007-10-15 21:35 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX 2007-10-14 18:34 --------- d-----w C:\Program Files\Yahoo! 2007-10-14 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 18:05 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-13 10:48 --------- d-----w C:\Program Files\Symantec 2007-10-13 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 15:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 15:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 13:45 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Symantec 2007-10-02 20:25 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Canon 2007-09-29 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-23 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2007-09-19 09:22 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-11 17:14 --------- d-----w C:\Program Files\Microsoft Encarta 2007-09-10 17:07 --------- d-----w C:\Program Files\CBS 2007-09-09 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI 2007-09-02 20:52 --------- d-----w C:\Program Files\Ahead 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-SAL 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-08-29 12:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-28 16:01 --------- d-----w C:\Program Files\Common Files\YDP 2007-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-08-24 12:23 --------- d-----w C:\Program Files\DivX 2007-08-23 15:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-23 12:46 --------- d-----w C:\Program Files\Skype 2007-08-23 12:46 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-23 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-23 11:53 --------- d-----w C:\Program Files\Java 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-06-25 15:31 81,920 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe 2007-06-25 15:31 47,360 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys 2006-09-18 08:09 284 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-06 15:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50] "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49] "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12] "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08] "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12] "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07] "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53] "RegistryMechanic"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "D:\Nieuwe map\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] D:\Nieuwe map\olympus master software\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.exe "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job" - D:\Nieuwe map\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 00:27:50 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-16 0:28:30 C:\ComboFix2.txt ... 2007-10-15 22:35 . --- E O F ---
  • Hoi Jack, Het is niet helemaal goed gegaan, je hebt nu het tekstbestandje opgeslagen als een snelkoppeling: CFScript.txt.lnk Lees bovenstaande instructies nog eens door en probeer het nog eens;) Probeer Dial-a-fix ook nog eens.
  • Hallo, Het leek mij ook niet zo moeilijk! Maar ik weet niet of dit dan wel goed is? of de volgende? Dus 2 keer hier neergezet. De computer gaf weer de melding "fout in Sed.cfexe opgetreden en moet worden afgesloten". Ik hoor wel of het nu wel goed was?Als ik CFScript.txt intik bij opslaan als voor bureablad staat er op het bureaublad CFScript en niet met txt erbij. De Dial a Fix. leverde geen resultaat op. Nog steeds dezelfde problemen. Zal het nog een keer proberen! groeten, jack ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 17:58:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2023 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))) . 2007-10-16 00:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-10-15 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 21:10 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert 2007-10-14 20:04 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-14 20:04 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-14 19:34 <DIR> d-------- C:\temp\Tmp___553 2007-10-14 19:34 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\PC Tools 2007-10-14 19:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 19:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-14 19:34 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-14 19:34 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-14 19:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-14 19:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 17:43 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Application Data\ATI 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Sjablonen 2007-10-13 17:31 <DIR> dr-h----- C:\Documents and Settings\Jack de Brabander\Onlangs geopend 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Mijn documenten 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Menu Start 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Favorieten 2007-10-13 17:31 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Bureaublad 2007-10-13 11:54 <DIR> d-------- C:\Hitman Pro 2007-10-13 11:13 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-13 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-12 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-12 20:20 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\LimeWire 2007-10-06 15:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2007-10-06 15:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-06 15:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-06 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2007-10-02 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages 2007-09-29 12:20 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-09-29 12:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-20 19:47 42,752 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-16 15:48 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Skype 2007-10-15 21:35 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX 2007-10-14 18:34 --------- d-----w C:\Program Files\Yahoo! 2007-10-14 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 18:05 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-13 10:48 --------- d-----w C:\Program Files\Symantec 2007-10-13 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 15:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 15:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 13:45 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Symantec 2007-10-02 20:25 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Canon 2007-09-29 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-23 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2007-09-19 09:22 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-11 17:14 --------- d-----w C:\Program Files\Microsoft Encarta 2007-09-10 17:07 --------- d-----w C:\Program Files\CBS 2007-09-09 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI 2007-09-02 20:52 --------- d-----w C:\Program Files\Ahead 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-SAL 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-08-29 12:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-28 16:01 --------- d-----w C:\Program Files\Common Files\YDP 2007-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-08-24 12:23 --------- d-----w C:\Program Files\DivX 2007-08-23 15:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-23 12:46 --------- d-----w C:\Program Files\Skype 2007-08-23 12:46 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-23 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-23 11:53 --------- d-----w C:\Program Files\Java 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-06-25 15:31 81,920 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe 2007-06-25 15:31 47,360 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys 2006-09-18 08:09 284 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-15 22:15:23 1,926,248 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat + 2007-10-15 22:15:23 1,926,248 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-06 15:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50] "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49] "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12] "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08] "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12] "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07] "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53] "RegistryMechanic"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "D:\Nieuwe map\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] D:\Nieuwe map\olympus master software\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.exe "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job" - D:\Nieuwe map\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 18:00:24 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-16 18:01:04 C:\ComboFix2.txt ... 2007-10-16 00:28 C:\ComboFix3.txt ... 2007-10-15 22:35 . --- E O F --- Of deze uitvoering?: ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 18:07:46.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1923 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))) . 2007-10-16 00:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-10-15 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 21:10 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert 2007-10-14 20:04 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-14 20:04 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-14 19:34 <DIR> d-------- C:\temp\Tmp___553 2007-10-14 19:34 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\PC Tools 2007-10-14 19:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 19:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-14 19:34 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-14 19:34 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-14 19:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-14 19:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 17:43 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Application Data\ATI 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Sjablonen 2007-10-13 17:31 <DIR> dr-h----- C:\Documents and Settings\Jack de Brabander\Onlangs geopend 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Mijn documenten 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Menu Start 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Favorieten 2007-10-13 17:31 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Bureaublad 2007-10-13 11:54 <DIR> d-------- C:\Hitman Pro 2007-10-13 11:13 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-13 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-12 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-12 20:20 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\LimeWire 2007-10-06 15:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2007-10-06 15:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-06 15:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-06 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2007-10-02 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages 2007-09-29 12:20 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-09-29 12:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-20 19:47 42,752 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-16 15:48 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Skype 2007-10-15 21:35 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX 2007-10-14 18:34 --------- d-----w C:\Program Files\Yahoo! 2007-10-14 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 18:05 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-13 10:48 --------- d-----w C:\Program Files\Symantec 2007-10-13 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 15:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 15:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 13:45 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Symantec 2007-10-02 20:25 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Canon 2007-09-29 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-23 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2007-09-19 09:22 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-11 17:14 --------- d-----w C:\Program Files\Microsoft Encarta 2007-09-10 17:07 --------- d-----w C:\Program Files\CBS 2007-09-09 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI 2007-09-02 20:52 --------- d-----w C:\Program Files\Ahead 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-SAL 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-08-29 12:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-28 16:01 --------- d-----w C:\Program Files\Common Files\YDP 2007-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-08-24 12:23 --------- d-----w C:\Program Files\DivX 2007-08-23 15:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-23 12:46 --------- d-----w C:\Program Files\Skype 2007-08-23 12:46 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-23 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-23 11:53 --------- d-----w C:\Program Files\Java 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-06-25 15:31 81,920 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe 2007-06-25 15:31 47,360 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys 2006-09-18 08:09 284 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-15 22:15:23 1,926,248 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat + 2007-10-15 22:15:23 1,926,248 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-06 15:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50] "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49] "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12] "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08] "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12] "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07] "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53] "RegistryMechanic"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "D:\Nieuwe map\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] D:\Nieuwe map\olympus master software\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.exe "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job" - D:\Nieuwe map\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 18:08:57 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-16 18:09:35 . --- E O F ---
  • Het is nog steeds niet helemaal goed gegaan op de een of andere manier, we lossen het even anders op. Lees de instructies goed door! Ik zie dat je het programma AdwareAlert hebt geinstalleerd, ik raad je aan deze te deinstalleren vanwege een dubieuze reputatie, lees ook dit: http://castlecops.com/s9265-AdwareAlert_Exe.html Kopieer onderstaande code in de codebox in een leeg kladblok venster: [i:f2118919ab](vergeet REGEDIT4 niet mee te kopieeren!) [/i:f2118919ab] [code:1:f2118919ab] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [/code:1:f2118919ab] la deze op als [b:f2118919ab]fixreg.reg[/b:f2118919ab] en geef als type "[b:f2118919ab]Alle bestanden[/b:f2118919ab]" Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit: [img:f2118919ab]http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif[/img:f2118919ab] Dubbelklik vervolgens op [b:f2118919ab]fixreg.reg[/b:f2118919ab]. Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:f2118919ab]Ja/Ok[/b:f2118919ab] Herstart je PC. Maak een nieuw Combofixlog en Hijackthis logje en post deze in je volgende bericht. Pim
  • Hallo Pim, Ik weet niet precies wat je bedoeld met "vergeet REGIDIT4 niet er in te zetten". Waar staat deze REGEDIT4 dan? Ziet het er zo uit? Ik heb hem in het kladblok gezet op deze manier: [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] REGEDIT4 En opgeslagen als Fixreg.reg en type: alle bestanden. Ik kreeg inderdaad dat icoontje. Toen ja en oke. Hierna gaf hij een melding: "C\Document and Settings\J.de Brabander\Bureablad\Fixreg.niet te importeren\Het opgegeven bestand is geen register script. U kunt alleen binaire register bestanden importeren vanuit de register-editor". hier het Combifix logje en de Hyjackthis log.. Ik ben bang dat ik in Kladblok nog niet de juiste handeling heb gezet. Want met het Fixreg.reg bestand op mijn bureablad gebeurd niets. Dank je wel voor de moeite Pim. Groeten, jack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:14, on 2007-10-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\ASUSKBService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\QuickTime\qttask.exe D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe D:\Nieuwe map\TrueImageMonitor.exe D:\Nieuwe map\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: Butler 4012 USB VoIP.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/ O15 - Trusted Zone: *.msn messenger O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 10940 bytes ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 21:50:16.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2016 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))) . 2007-10-16 18:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-10-15 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 20:04 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-10-14 20:04 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-10-14 19:34 <DIR> d-------- C:\temp\Tmp___553 2007-10-14 19:34 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\PC Tools 2007-10-14 19:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-14 19:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-14 19:34 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-14 19:34 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-14 19:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-14 19:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 17:43 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Application Data\ATI 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Sjablonen 2007-10-13 17:31 <DIR> dr-h----- C:\Documents and Settings\Jack de Brabander\Onlangs geopend 2007-10-13 17:31 <DIR> d--h----- C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Mijn documenten 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Menu Start 2007-10-13 17:31 <DIR> dr------- C:\Documents and Settings\Jack de Brabander\Favorieten 2007-10-13 17:31 <DIR> d-------- C:\Documents and Settings\Jack de Brabander\Bureaublad 2007-10-13 11:54 <DIR> d-------- C:\Hitman Pro 2007-10-13 11:13 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-13 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-12 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-12 20:20 <DIR> d-------- C:\Documents and Settings\J. de Brabander\Application Data\LimeWire 2007-10-06 15:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2007-10-06 15:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-06 15:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-06 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2007-10-02 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages 2007-09-29 12:20 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-09-29 12:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-20 19:47 42,752 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-16 19:20 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Lavasoft 2007-10-16 19:15 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Skype 2007-10-15 21:35 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX 2007-10-14 18:34 --------- d-----w C:\Program Files\Yahoo! 2007-10-14 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-14 18:05 --------- d-----w C:\Program Files\SpywareBlaster 2007-10-13 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-13 10:48 --------- d-----w C:\Program Files\Symantec 2007-10-13 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 15:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 15:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 13:45 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Symantec 2007-10-02 20:25 --------- d-----w C:\Documents and Settings\J. de Brabander\Application Data\Canon 2007-09-29 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-23 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2007-09-19 09:22 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-11 17:14 --------- d-----w C:\Program Files\Microsoft Encarta 2007-09-10 17:07 --------- d-----w C:\Program Files\CBS 2007-09-09 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI 2007-09-02 20:52 --------- d-----w C:\Program Files\Ahead 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-SAL 2007-08-31 22:07 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-08-29 12:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-28 16:01 --------- d-----w C:\Program Files\Common Files\YDP 2007-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-08-24 12:23 --------- d-----w C:\Program Files\DivX 2007-08-23 15:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-23 12:46 --------- d-----w C:\Program Files\Skype 2007-08-23 12:46 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-23 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-08-23 11:53 --------- d-----w C:\Program Files\Java 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-06-25 15:31 81,920 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe 2007-06-25 15:31 47,360 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys 2006-09-18 08:09 284 ----a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-06 15:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50] "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49] "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12] "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08] "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12] "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07] "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53] "RegistryMechanic"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "D:\Nieuwe map\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] D:\Nieuwe map\olympus master software\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Inhoud van de 'Gedeelde Taken' map "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job" - D:\Nieuwe map\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 21:51:58 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-10-16 21:52:40 C:\ComboFix2.txt ... 2007-10-16 18:09 . --- E O F ---
  • Inderdaad foutje van mijn kant, maar hij is weg! (al door Combofix, hij had toch gewerkt, zit te pitten hier:oops:) Kun je even de exacte foutmelding plaatsen die je krijgt en/of een duidelijke opsomming geven welke problemen je nog hebt?
  • Hallo, Kan je mij ook vertellen wat nu "weg" is? Zal het systeem checken en laat het je weten. Groeten, jack
  • Die register entry's die wegzijn waren een aantal restjes van toolbars die over zijn gebleven.
  • Hallo Pim, Bedankt voor je hulp! Ik kan nu alle mappen weer in en kan ze verwijderen of verplaatsen! Zelfs Limewire kan ik weer gebruiken zonder "error ". Ik denk dat Windows Genuine was meegereist op Nero 8. Wat nu nog niet werkt is mijn Symantec beveiligings software. Hij download wel maar verwerkt niet. Nu kan ik zelfs geen verbinding meer maken via mijn icoon update van Symantec, er gebeurt dan niets. Het verwijderings tool van Symantec geinstaleerd, deze geeft ook een "error"tijdens het verwijderen, en moet ik contact opnemen met de Symantec helpdesk. Verwijderen via mijn software gaat ook niet! Mapjes een voor een verwijderen? ( weet niet welke ze allemaal zijn ). Hoop dat je daar ook iets op weet? groeten, jack :D
  • Staat er ook een exacte error bij die melding die je krijgt bij de verwijdertool van Symantec? De mapjes één voor één verwijderen lijkt me geen goed idee, want dan blijven er nog steeds resten in het register over en dat levert problemen op bij het opnieuw installeren van de software. Probeer eens de CD van Norton erin te stoppen en deze over de bestaande versie heen te installeren, als het goed is krijg je dan vanzelf de melding waarbij je kan kiezen tussen verwijderen en repareren, kies hier eens voor repareren. Je zou ook het volgende nog kunnen proberen: > Kijk in het mapje van Norton of je daar een uninstaller kan vinden. > Draai de verwijdertool eens in veilige modus: http://users.telenet.be/marcvn/spyware/1378056.htm Post in je volgende antwoord ook een vers Hijackthis logje.
  • Hallo Pim, Had ik nou maar een CD gekocht ipv de software downloader van Symantec! Weer wat geleerd! Ik kan wel de oude CD gebruiken van Symantec, die heb ik nog wel! Ik zal nog even zoeken naar een mapje met een uninstaller en proberen in de veilige modus. groeten, jack

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.