er gaat iets mis hjt

danita · 24 dec 2009

Sorry ik heb deze hjt bij vergissing ook bij mijn originele vraag geplaatst in virus etc.
maar weet niet hoe het daar te wissen
er zal wel iemand met admin rechten dit willen doen zeker

bedankt voor de reacties
bijgevoegd de gevraagde file
hopelijk vind iemand deze iretante medespeler op mijn pc

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 8:59:25, on 24/12/2009
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v7.0 (7.0.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Symantec Intrusion Prevention - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Symantec Intrusion Prevention - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Symantec Intrusion Prevention - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Symantec Intrusion Prevention - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Symantec Intrusion Prevention - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ScsiAccess - Unknown - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

gast99 · 24 dec 2009

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis (Als Admin uitvoeren).

danita · 25 dec 2009

hallo Rosty,

hierbij de twee gevraagde logjes

hopelijk komt het allemaal in orde

alvast bedankt om het na te zien

Malwarebytes' Anti-Malware 1.42
Database versie: 3426
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

25/12/2009 11:21:50
mbam-log-2009-12-25 (11-21-50).txt

Scan type: Snelle Scan
Objecten gescand: 124452
Verstreken tijd: 13 minute(s), 50 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 11:25:59, on 25/12/2009
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v7.0 (7.0.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Symantec Intrusion Prevention - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Symantec Intrusion Prevention - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Symantec Intrusion Prevention - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Symantec Intrusion Prevention - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Symantec Intrusion Prevention - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ScsiAccess - Unknown - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

gast99 · 26 dec 2009

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.[/quote]

danita · 26 dec 2009

Hallo Rosty,

zojuist alles uitgevoerd

ComboFix 09-12-25.04 - Michel 26/12/2009 10:29:09.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.32.1043.18.3067.1770 [GMT 1:00]
Gestart vanuit: c:\users\Michel\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Michel\AppData\Roaming\020000004769e017705C.manifest
c:\users\Michel\AppData\Roaming\020000004769e017705O.manifest
c:\users\Michel\AppData\Roaming\020000004769e017705P.manifest
c:\users\Michel\AppData\Roaming\020000004769e017705S.manifest
c:\windows\system32\F1NPXZtvrvqPKlJ.vbs
c:\windows\system32\mDH4u0TL2UpOf.vbs
c:\windows\system32\TGOmIsxR7QkQf.vbs
c:\windows\system32\ZURXAJrQwwLWssl.vbs

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-11-26 to 2009-12-26 ))))))))))))))))))))))))))))))
.

2009-12-26 09:23 . 2009-12-26 09:23 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-12-26 08:34 . 2009-08-29 01:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\NAVENG.SYS
2009-12-26 08:34 . 2009-08-29 01:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\NAVENG32.DLL
2009-12-26 08:34 . 2009-08-29 01:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\NAVEX32A.DLL
2009-12-26 08:34 . 2009-08-29 01:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\NAVEX15.SYS
2009-12-26 08:34 . 2009-08-29 01:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\ERASER.SYS
2009-12-26 08:34 . 2009-12-10 07:51 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\CCERASER.DLL
2009-12-26 08:34 . 2009-10-29 19:14 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\ECMSVR32.DLL
2009-12-26 08:34 . 2009-08-29 01:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091225.036\EECTRL.SYS
2009-12-25 10:49 . 2009-12-25 10:49 -------- d-----w- c:\windows\system32\RTCOM
2009-12-25 10:37 . 2009-12-25 10:37 247296 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-12-25 10:37 . 2009-12-25 10:37 247296 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-12-25 10:37 . 2009-12-25 10:37 247296 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-12-25 10:37 . 2009-12-25 10:37 247296 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-12-24 09:52 . 2009-12-24 09:52 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 21:12 . 2009-12-23 21:12 -------- d-----w- c:\programdata\WindowsSearch
2009-12-23 18:51 . 2009-12-19 08:37 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-23 18:51 . 2009-12-12 18:51 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-23 18:51 . 2009-12-12 18:51 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-23 18:51 . 2009-12-12 18:51 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-22 10:03 . 2009-12-22 10:03 -------- d-----w- c:\users\Michel\AppData\Roaming\uniblue
2009-12-22 10:02 . 2009-12-22 10:02 -------- d-----w- c:\program files\Uniblue
2009-12-21 15:24 . 2009-12-21 15:24 -------- d-----w- c:\users\Michel\AppData\Roaming\LogoMaker
2009-12-19 20:34 . 2009-12-19 20:34 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-19 20:34 . 2009-12-19 20:34 -------- d-----w- c:\users\Michel\AppData\Roaming\NCH Swift Sound
2009-12-19 10:58 . 2009-12-19 10:58 -------- d-----w- C:\PRODUCER
2009-12-19 08:37 . 2009-12-12 18:51 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-18 21:42 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 21:42 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 21:42 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 21:42 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 21:42 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-17 21:17 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091216.001\IDSvix86.sys
2009-12-17 21:17 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091216.001\IDSXpx86.sys
2009-12-17 21:17 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091216.001\Scxpx86.dll
2009-12-17 21:17 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091216.001\IDSxpx86.dll
2009-12-17 21:17 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091216.001\IDSviA64.sys
2009-12-15 09:11 . 2009-12-15 09:11 -------- d-----w- c:\users\Michel\AppData\Local\GlobalSCAPE
2009-12-15 09:11 . 2009-12-15 09:11 -------- d-----w- c:\programdata\GlobalSCAPE
2009-12-15 09:06 . 2009-12-15 09:06 -------- d-----w- c:\users\Michel\AppData\Roaming\GlobalSCAPE
2009-12-15 09:06 . 2009-12-25 10:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 09:06 . 2009-12-15 09:06 -------- d-----w- c:\program files\GlobalSCAPE
2009-12-15 09:06 . 2009-12-25 10:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-13 10:34 . 2009-12-13 10:34 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-12 10:03 . 2009-12-12 10:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-12 09:51 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-12 09:50 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-12 09:50 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-12 09:50 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-09 09:11 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 09:11 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 09:11 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 09:08 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 09:08 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 09:07 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 09:06 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll
2009-12-02 16:42 . 2009-11-23 14:28 52224 ----a-w- c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFExternalAlert.dll
2009-12-02 16:42 . 2009-11-23 14:28 114688 ----a-w- c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\npmozax.dll
2009-12-01 16:28 . 2009-12-11 12:31 -------- d-----w- c:\program files\PhotoArtist 2
2009-11-30 13:32 . 2009-11-30 13:32 -------- d-----w- c:\program files\FireTrust
2009-11-30 12:28 . 2009-11-30 12:28 -------- d-----w- c:\windows\system32\syncdb
2009-11-30 12:13 . 2009-11-30 12:13 -------- d-----w- c:\programdata\IObit
2009-11-30 11:58 . 2009-11-04 15:49 635664 ----a-w- c:\users\Michel\AppData\Roaming\IObit\Common\TB_Helper.exe
2009-11-30 11:58 . 2009-10-21 18:01 52224 ----a-w- c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-11-30 11:58 . 2009-10-21 18:01 114688 ----a-w- c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll
2009-11-28 20:21 . 2009-11-29 09:28 -------- d-----w- c:\program files\LimeWire
2009-11-28 12:51 . 2009-12-26 09:25 0 ----a-w- c:\users\Michel\AppData\Local\prvlcl.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 09:22 . 2008-01-21 06:39 667114 ----a-w- c:\windows\system32\perfh013.dat
2009-12-26 09:22 . 2008-01-21 06:39 126648 ----a-w- c:\windows\system32\perfc013.dat
2009-12-26 09:09 . 2009-08-10 18:46 -------- d-----w- c:\users\Michel\AppData\Roaming\MailWasherPro
2009-12-26 08:23 . 2009-11-16 09:09 -------- d-----w- c:\programdata\NVIDIA
2009-12-26 08:23 . 2009-11-16 12:18 35085 ----a-w- c:\programdata\nvModes.dat
2009-12-25 10:50 . 2009-12-25 10:48 -------- d--h--w- c:\program files\Temp
2009-12-25 10:48 . 2009-12-25 10:48 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-25 10:48 . 2009-12-25 10:48 -------- d-----w- c:\program files\Realtek
2009-12-25 10:38 . 2009-11-16 11:03 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-25 10:37 . 2009-11-16 11:03 -------- d-----w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab
2009-12-25 09:23 . 2009-10-02 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 18:46 . 2009-07-10 17:58 2032 ----a-w- c:\users\Michel\AppData\Local\d3d9caps.dat
2009-12-19 13:29 . 2009-09-22 15:03 -------- d-----w- c:\users\Michel\AppData\Roaming\LimeWire
2009-12-17 22:44 . 2009-09-22 20:14 -------- d-----w- c:\program files\Findbasic
2009-12-12 10:05 . 2009-10-03 16:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-12 10:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-12 10:03 . 2009-12-12 10:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-12 10:02 . 2009-12-12 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-09 09:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2009-08-11 13:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-07 13:12 . 2009-09-15 07:29 -------- d-----w- c:\program files\Photodex
2009-12-07 12:44 . 2009-09-15 07:29 -------- d-----w- c:\program files\Photodex Presenter
2009-12-07 12:44 . 2009-09-15 07:29 131072 ----a-w- c:\users\Michel\AppData\Roaming\Netscape\Plugins\npPxPlay.dll
2009-12-07 12:44 . 2009-09-15 07:29 131072 ----a-w- c:\users\Michel\AppData\Roaming\Mozilla\Plugins\npPxPlay.dll
2009-12-03 15:14 . 2009-10-02 11:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-02 11:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 19:26 . 2009-09-15 07:29 -------- d-----w- c:\users\Michel\AppData\Roaming\Photodex
2009-11-30 12:13 . 2009-08-11 14:29 -------- d-----w- c:\program files\IObit
2009-11-30 11:58 . 2009-08-11 14:29 -------- d-----w- c:\users\Michel\AppData\Roaming\IObit
2009-11-29 09:28 . 2009-10-29 18:53 -------- d-----w- c:\programdata\Norton
2009-11-29 09:28 . 2009-10-25 16:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-28 20:06 . 2009-08-10 18:40 -------- d-----w- c:\program files\FastStone Image Viewer
2009-11-17 12:51 . 2009-08-10 20:06 -------- d-----w- c:\programdata\FLEXnet
2009-11-17 12:49 . 2009-07-10 17:58 102552 ----a-w- c:\users\Michel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-17 12:40 . 2009-11-17 12:40 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-17 12:39 . 2009-08-10 19:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-16 13:31 . 2009-11-16 13:31 -------- d-----w- c:\users\Michel\AppData\Roaming\Media Player Classic
2009-11-16 11:13 . 2009-11-16 11:13 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-16 11:11 . 2009-11-16 11:11 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-16 11:11 . 2009-11-16 11:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 11:03 . 2009-11-16 11:03 290816 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-11-16 11:03 . 2009-11-16 11:03 290816 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-11-16 11:03 . 2009-11-16 11:03 290816 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-11-16 11:03 . 2009-11-16 11:03 290816 ----a-w- c:\users\Michel\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-11-15 16:42 . 2009-11-15 16:42 -------- d-----w- c:\users\Michel\AppData\Roaming\PCF-VLC
2009-11-15 16:41 . 2009-09-28 13:53 70 ----a-w- c:\users\Michel\AppData\Roaming\Participatory Culture Foundation\Miro\Profiles\ckmn6rte.default\extensions\BitZip@v0.themes.getmiro.com
2009-11-15 16:22 . 2009-11-15 16:22 -------- d-----w- c:\program files\Topaz Labs
2009-11-11 13:57 . 2009-10-25 15:48 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-10 12:07 . 2009-08-10 18:22 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 18:09 . 2009-08-11 19:57 -------- d-----w- c:\program files\Java
2009-11-04 08:54 . 2009-11-04 08:53 -------- d-----w- c:\program files\QuickTime
2009-11-04 08:53 . 2009-11-04 08:53 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 08:52 . 2009-11-04 08:52 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 08:52 . 2009-11-04 08:52 -------- d-----w- c:\programdata\Apple
2009-11-04 08:52 . 2009-11-04 08:52 -------- d-----w- c:\program files\Apple Software Update
2009-11-03 10:08 . 2009-11-02 08:32 -------- d-----w- c:\program files\Microsoft Works
2009-11-02 19:42 . 2009-10-03 07:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 08:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-11-02 08:29 . 2009-11-02 08:29 -------- d-----w- c:\program files\Microsoft.NET
2009-11-02 08:27 . 2009-11-02 08:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-31 21:04 . 2009-08-10 13:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-29 21:32 . 2009-10-29 18:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\program files\Symantec
2009-10-29 18:57 . 2009-10-29 18:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-29 18:57 . 2009-10-29 18:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-29 18:57 . 2009-10-29 18:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\program files\Norton Internet Security
2009-10-29 18:56 . 2009-10-29 18:56 -------- d-----w- c:\programdata\NortonInstaller
2009-10-29 18:56 . 2009-10-29 18:56 -------- d-----w- c:\program files\NortonInstaller
2009-10-29 09:17 . 2009-11-25 12:20 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 02:31 . 2009-10-29 18:58 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-10-28 22:37 . 2009-11-11 20:47 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-10-28 22:37 . 2009-11-11 20:47 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-11-11 20:47 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-10-28 22:37 . 2009-11-11 20:47 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-10-28 22:37 . 2009-11-11 20:47 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091107.001\IDSviA64.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-27 20:39 . 2009-10-27 20:39 -------- d-----w- c:\program files\DynamicPhotoHDR4
2009-10-25 15:48 . 2009-08-10 18:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 15:48 . 2009-08-10 18:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 15:48 . 2009-08-10 18:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-21 21:33 . 2009-12-25 10:48 55328 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-10-21 21:33 . 2009-12-25 10:48 1407520 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-10-21 21:33 . 2009-12-25 10:48 338464 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-10-21 21:33 . 2009-12-25 10:48 2791968 ----a-w- c:\windows\system32\RtkAPO.dll
2009-10-21 21:26 . 2009-12-25 10:48 2782560 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-10-15 18:40 . 2009-12-25 10:48 281600 ----a-w- c:\windows\system32\FMAPO.dll
2009-10-13 18:00 . 2009-10-25 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-11 03:17 . 2009-08-11 19:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-12-12 09:51 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-12 09:51 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-12 09:51 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-12-12 09:51 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-12-12 09:51 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-12 09:51 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-12 09:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 11:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]

c:\users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2009-11-30 18120680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-02-19 13:23 202064 ----a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,51,4a,5e,8e,1d,ca,01

R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1101000.013\SymDS.sys [12/11/2009 22:58 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1101000.013\SymEFA.sys [12/11/2009 22:58 171056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/08/2009 19:22 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/08/2009 19:22 360584]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [5/12/2009 5:54 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1101000.013\cchpx86.sys [12/11/2009 22:58 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys [18/12/2009 22:42 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1101000.013\Ironx86.sys [12/11/2009 22:58 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1101000.013\symtdiv.sys [12/11/2009 22:58 339504]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [13/01/2006 14:00 15872]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [18/09/2009 4:54 169312]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/10/2009 16:48 285392]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [30/11/2009 13:13 312592]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [12/11/2009 22:58 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27/09/2009 16:48 240232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/12/2009 18:11 102448]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [22/09/2008 2:20 43520]
R3 SNXPCARD;Golden Series Multiport Adapter Driver;c:\windows\System32\drivers\snxpcard.sys [30/01/2008 8:07 17536]
R3 SNXPPALX;Golden Parallel Port Driver;c:\windows\System32\drivers\snxppalx.sys [30/01/2008 8:07 78848]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3:21 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [6/10/2009 17:02 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.michel.geeraert.be/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
FF - ProfilePath - c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.michel-geeraert.be/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\9sdqjbdm.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}\components\daff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Michel\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 10:34
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe = c:\windows\ehome\ehTray.exe?????????c:\windows\ehome\e

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\IObit\IObit Security 360\IS360mon.dll
.
Voltooingstijd: 2009-12-26 10:37:24
ComboFix-quarantined-files.txt 2009-12-26 09:37

Pre-Run: 198.508.544.000 bytes beschikbaar
Post-Run: 198.519.136.256 bytes beschikbaar

- - End Of File - - E425A18C1D0FC792D8B6CA8E5C261EFA

gast99 · 26 dec 2009

Nog problemen nu?

danita · 26 dec 2009

Hallo Rosty,

momenteel loopt het allemaal weer zoals voorheen
heel hartelijk dank voor de geboden hulp
kan je heel kort misschien zeggen wat er mis was

er is echter 1 dingetje dat me nu opvalt en dat is dat ik het geluidsicoontje rechtsonder in de balk kwijt ben
kan dus mijn geluid niet meer bijregelen
hoe kan ik dat daar terug zetten?

gast99 · 26 dec 2009

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /Uninstall klik op OK of toets Enter.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Normaal zou je geluidsicoontje er nu terug moeten staan!

danita · 26 dec 2009

heb dus combofix verwijderd , systeem melde combofix is van je systeem verwijderd en startte opnieuw op maar mijn icoontje is niet terug ?

danita · 26 dec 2009

probeerde trayicons.reg maar deze haalde ook niets uit dus nog steeds zonder geluidsicoon

danita · 27 dec 2009

hallo Rosty,

ik probeerde een andere versie van trayicons.reg en ik heb alle icons terug staan
nogmaals hartelijk dank voor de geboden hulp
alles is opgelost
slot mag erop

gast99 · 27 dec 2009

Graag gedaan hoor!