Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

contriole na new install

Anoniem
None
9 antwoorden
  • Kreeg commentaar van PCtools, maar ga terug naar bekenden
    Hierbij log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:23:20, on 28-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20978)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\RTHDCPL.EXE
    F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    F:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    F:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    F:\PROGRA~1\MICROS~2\rapimgr.exe
    F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    f:\Program Files\RegCure\RegCure.exe
    F:\Program Files\Firefox\firefox.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Documents and Settings\az\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - f:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "F:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "F:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "F:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Startup: Logitech . Productregistratie.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Snelstart HP Image Zone.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235329214968
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 8959 bytes


    MBAM :

    Malwarebytes' Anti-Malware 1.34
    Database versie: 1812
    Windows 5.1.2600 Service Pack 3

    28-2-2009 14:34:10
    mbam-log-2009-02-28 (14-34-10).txt

    Scan type: Snelle Scan
    Objecten gescand: 64882
    Verstreken tijd: 51 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    gaarne check en comments, Anjo
  • Wat hield dat commentaar precies in dan?


    Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:7f6afad0f3]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [/b:7f6afad0f3]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:7f6afad0f3] en sla het op je bureaublad op.
    Dubbelklik op [b:7f6afad0f3]mbam-setup.exe[/b:7f6afad0f3] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:7f6afad0f3]
    [*:7f6afad0f3]Update MalwareBytes' Anti-Malware
    [*:7f6afad0f3]Start MalwareBytes' Anti-Malware
    [/list:u:7f6afad0f3]Klik daarna op "[b:7f6afad0f3]Voltooien[/b:7f6afad0f3]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:7f6afad0f3]
    [*:7f6afad0f3]Zodra het programma gestart is, ga dan naar het tabblad "[b:7f6afad0f3]Instellingen[/b:7f6afad0f3]".
    [*:7f6afad0f3]Vink hier aan: "[b:7f6afad0f3]Sluit Internet Explorer tijdens verwijdering van malware[/b:7f6afad0f3]".
    [*:7f6afad0f3]Ga daarna naar het tabblad "[b:7f6afad0f3]Scanner[/b:7f6afad0f3]", kies hier voor "[b:7f6afad0f3]Snelle Scan[/b:7f6afad0f3]".
    [*:7f6afad0f3]Druk vervolgens op "[b:7f6afad0f3]Scannen[/b:7f6afad0f3]" om de scan te starten.
    [*:7f6afad0f3]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:7f6afad0f3]Wanneer de scan voltooid is, klik op [b:7f6afad0f3]OK[/b:7f6afad0f3], daarna "[b:7f6afad0f3]Bekijk Resultaten[/b:7f6afad0f3]" om de resultaten te zien.
    [*:7f6afad0f3]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:7f6afad0f3]Verwijder geselecteerde[/b:7f6afad0f3]".
    [*:7f6afad0f3]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:7f6afad0f3]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:7f6afad0f3]Logs[/b:7f6afad0f3]" tab te klikken in het programma.

    Plaats dit logje



    Download [b:7f6afad0f3] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:7f6afad0f3]
  • Ga t uitvoeren ALS ik boven weer op Inet kan, router begaf t gister spontaan ga daar nu mee aan de slag.Ik hou me aanbevolen voor verder ondersteuning.
    Commentaar PCtools 3 infecties 134 registerfailures, maar ik moest betalen om dat op te lossen en ik heb een licentie voor Regcure.
  • Ten einde raad maar tijdelijk een draadje aan PC geknoopt, router staat in bestelling
    MBAM log :
    Malwarebytes' Anti-Malware 1.34
    Database versie: 1831
    Windows 5.1.2600 Service Pack 3

    10-3-2009 15:04:07
    mbam-log-2009-03-10 (15-04-07).txt

    Scan type: Snelle Scan
    Objecten gescand: 65175
    Verstreken tijd: 2 minute(s), 48 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Log combofix:
    ComboFix 09-03-06.02 - az 2009-03-10 15:08:06.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.3455.2584 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\az\Bureaublad\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))
    .

    2009-03-10 14:58 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-10 14:58 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-03-02 22:09 . 2009-03-02 22:09 <DIR> d——– C:\CanonMP
    2009-03-02 17:57 . 2009-03-02 18:08 <DIR> d——– c:\windows\_ISTMP2.DIR
    2009-02-28 14:23 . 2009-02-28 14:23 <DIR> d——– c:\documents and settings\az\Application Data\Malwarebytes
    2009-02-28 14:23 . 2009-02-28 14:23 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-28 14:05 . 2009-02-28 14:08 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2009-02-28 10:53 . 2009-02-28 10:53 234 –a—— c:\windows\PrnHlpLogConfig.ini
    2009-02-28 10:49 . 2009-02-28 10:49 214 –a—— c:\windows\HP_InstantSHareJPG.ini
    2009-02-28 10:48 . 2009-02-28 10:48 217 –a—— c:\windows\HP_IZClosingDiscErrorPatch.ini
    2009-02-27 19:34 . 2009-02-27 19:34 221 –a—— c:\windows\HP_RedboxHprblog_HPSU.ini
    2009-02-27 12:37 . 2009-02-27 12:37 <DIR> d——– c:\windows\system32\XPSViewer
    2009-02-27 11:05 . 2009-02-27 11:05 <DIR> d——– c:\documents and settings\All Users\Application Data\TomTom
    2009-02-27 10:57 . 2008-04-13 23:26 30,592 –a—— c:\windows\system32\drivers\rndismpx.sys
    2009-02-27 10:57 . 2008-04-13 23:26 30,592 –a–c— c:\windows\system32\dllcache\rndismpx.sys
    2009-02-27 10:57 . 2008-04-13 23:26 12,800 –a—— c:\windows\system32\drivers\usb8023x.sys
    2009-02-27 10:57 . 2008-04-13 23:26 12,800 –a–c— c:\windows\system32\dllcache\usb8023x.sys
    2009-02-26 15:29 . 2009-02-26 15:29 4,767 –a—— c:\windows\Irremote.ini
    2009-02-26 15:27 . 2009-02-26 15:27 <DIR> d——– c:\program files\Windows Sidebar
    2009-02-26 15:17 . 2009-02-26 15:28 <DIR> d——– c:\program files\Nero
    2009-02-26 15:17 . 2009-02-26 15:23 <DIR> d——– c:\program files\Common Files\Nero
    2009-02-26 15:17 . 2009-02-26 15:23 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2009-02-26 13:14 . 2009-02-26 13:14 <DIR> d——– c:\documents and settings\All Users\Application Data\HP
    2009-02-26 13:08 . 2009-02-26 13:08 <DIR> d——– c:\documents and settings\All Users\Application Data\Sonic
    2009-02-26 13:04 . 2009-02-26 13:04 <DIR> d——– c:\program files\Common Files\Hewlett-Packard
    2009-02-26 13:04 . 2005-03-15 20:36 77,824 -ra—— c:\windows\system32\hpzids01.dll
    2009-02-26 13:04 . 2005-05-05 08:51 37,376 –a—— c:\windows\system32\hpz3l3xu.dll
    2009-02-26 13:03 . 2005-04-08 02:50 827,392 -ra—— c:\windows\system32\hpotiop2.dll
    2009-02-26 13:03 . 2005-04-08 02:50 278,528 -ra—— c:\windows\system32\hpowiamd.dll
    2009-02-26 13:03 . 2005-03-08 05:49 274,432 -ra—— c:\windows\system32\HPZc3212.dll
    2009-02-26 13:03 . 2005-04-08 02:50 258,122 -ra—— c:\windows\system32\hpovst09.dll
    2009-02-26 13:03 . 2001-09-06 19:47 6,912 –a—— c:\windows\system32\drivers\serscan.sys
    2009-02-26 13:03 . 2001-09-06 19:47 6,912 –a–c— c:\windows\system32\dllcache\serscan.sys
    2009-02-26 13:03 . 2009-02-26 13:03 168 –a—— c:\windows\system32\AddPort.ini
    2009-02-26 12:40 . 2009-02-26 13:03 737 –a—— c:\windows\hpntwksetup.ini
    2009-02-26 12:11 . 2009-02-26 13:03 <DIR> d——– C:\TEMP
    2009-02-26 11:25 . 2004-09-29 12:12 278,584 –a—— c:\windows\system32\HPZidr12.dll
    2009-02-26 11:25 . 2004-09-29 12:15 204,800 –a—— c:\windows\system32\HPZipr12.dll
    2009-02-26 11:25 . 2004-09-29 12:09 94,208 –a—— c:\windows\system32\HPZipt12.dll
    2009-02-26 11:25 . 2004-09-29 12:14 69,632 –a—— c:\windows\system32\HPZipm12.exe
    2009-02-26 11:25 . 2004-09-29 12:08 61,440 –a—— c:\windows\system32\HPZinw12.exe
    2009-02-26 11:25 . 2004-09-29 12:09 57,344 –a—— c:\windows\system32\HPZisn12.dll
    2009-02-26 11:18 . 2009-02-26 11:25 <DIR> d——– c:\program files\HP
    2009-02-26 11:07 . 2009-02-26 14:36 <DIR> d——– c:\documents and settings\az\Application Data\HP
    2009-02-26 11:01 . 2009-02-26 11:01 <DIR> d–h—– c:\documents and settings\All Users\Application Data\CanonBJ
    2009-02-26 11:01 . 2005-08-25 21:00 140,288 –a—— c:\windows\system32\CNMLM7L.DLL
    2009-02-26 11:01 . 2008-04-13 23:17 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2009-02-26 11:01 . 2008-04-13 23:17 25,856 –a–c— c:\windows\system32\dllcache\usbprint.sys
    2009-02-26 11:01 . 2005-08-25 21:00 8,704 –a—— c:\windows\system32\CNMVS7L.DLL
    2009-02-26 11:00 . 2008-04-13 23:15 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
    2009-02-26 11:00 . 2008-04-13 23:15 15,104 –a–c— c:\windows\system32\dllcache\usbscan.sys
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\az\Application Data\ScanSoft
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\All Users\Application Data\SSScanWizard
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\All Users\Application Data\SSScanAppDataDir
    2009-02-26 10:56 . 2009-02-26 10:56 532 –a—— c:\windows\MAXLINK.INI
    2009-02-26 10:55 . 2009-02-26 10:56 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
    2009-02-26 10:40 . 1995-08-01 04:44 212,480 –a—— c:\windows\PCDLIB32.DLL
    2009-02-26 10:04 . 2005-08-30 05:22 221,184 –a—— c:\windows\system32\CNCC500.DLL
    2009-02-26 10:04 . 2005-05-30 11:47 139,264 –a—— c:\windows\system32\CNCL500.DLL
    2009-02-26 10:04 . 2005-08-30 05:22 69,632 –a—— c:\windows\system32\CNCI500.DLL
    2009-02-26 10:04 . 2005-08-30 05:23 49,152 –a—— c:\windows\system32\cncisco.dll
    2009-02-26 10:03 . 2009-02-26 10:04 <DIR> d——– c:\program files\Canon
    2009-02-26 10:01 . 2009-02-26 10:02 <DIR> d——– c:\windows\_ISTMP1.DIR
    2009-02-26 09:55 . 1998-10-29 16:45 306,688 –a—— c:\windows\IsUninst.exe
    2009-02-25 12:42 . 2008-08-05 20:10 1,684,736 –a—— c:\windows\system32\drivers\Ambfilt.sys
    2009-02-25 12:42 . 2006-01-04 15:41 1,389,056 –a—— c:\windows\system32\drivers\Monfilt.sys
    2009-02-25 12:42 . 2008-10-23 17:42 290,816 –a—— c:\windows\vncutil.exe
    2009-02-25 12:42 . 2008-06-24 14:46 104,992 –a—— c:\windows\RtkAudioService.exe
    2009-02-25 12:42 . 2009-02-09 14:34 35,840 –a—— c:\windows\system32\RtkCoInstXP.dll
    2009-02-25 12:41 . 2008-07-16 22:35 9,728 –a—— c:\windows\system32\RtNicProp32.dll
    2009-02-25 10:08 . 2009-02-25 10:08 <DIR> d——– C:\DRIVERS
    2009-02-24 16:58 . 2007-09-02 20:56 1,686,016 –a—— c:\windows\system32\clinetsuitex6.ocx
    2009-02-24 16:58 . 2004-03-09 16:45 662,288 –a—— c:\windows\system32\MSCOMCT2.OCX
    2009-02-24 16:58 . 2004-06-14 14:56 427,864 –a—— c:\windows\system32\XceedZip.dll
    2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d——– c:\documents and settings\az\Application Data\DriverCure
    2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d——– c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-02-24 16:28 . 2009-02-24 16:31 <DIR> d——– c:\documents and settings\All Users\Application Data\DriverCure
    2009-02-24 15:42 . 2008-04-14 21:33 91,648 –a—— c:\windows\system32\kswdmcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 91,648 –a–c— c:\windows\system32\dllcache\kswdmcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 61,952 –a—— c:\windows\system32\kstvtune.ax
    2009-02-24 15:42 . 2008-04-14 21:33 61,952 –a–c— c:\windows\system32\dllcache\kstvtune.ax
    2009-02-24 15:42 . 2008-04-14 21:32 54,272 –a—— c:\windows\system32\vfwwdm32.dll
    2009-02-24 15:42 . 2008-04-14 21:32 54,272 –a–c— c:\windows\system32\dllcache\vfwwdm32.dll
    2009-02-24 15:42 . 2008-04-14 21:33 43,008 –a—— c:\windows\system32\ksxbar.ax
    2009-02-24 15:42 . 2008-04-14 21:33 43,008 –a–c— c:\windows\system32\dllcache\ksxbar.ax
    2009-02-24 15:42 . 2008-04-13 23:15 32,128 –a—— c:\windows\system32\drivers\usbccgp.sys
    2009-02-24 15:42 . 2008-04-13 23:15 32,128 –a–c— c:\windows\system32\dllcache\usbccgp.sys
    2009-02-24 15:42 . 2008-04-14 21:33 28,672 –a—— c:\windows\system32\vidcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 28,672 –a–c— c:\windows\system32\dllcache\vidcap.ax
    2009-02-24 12:27 . 2005-06-08 15:45 86,016 –a—— c:\windows\system32\vatee.ax
    2009-02-24 12:26 . 2005-05-27 10:23 2,180,096 –a—— c:\windows\system32\drivers\lvsvf2.sys
    2009-02-24 12:26 . 2005-05-27 10:32 1,317,152 –a—— c:\windows\system32\drivers\lvcm.sys
    2009-02-24 12:26 . 2005-05-27 10:36 372,736 –a—— c:\windows\system32\LVUI2RC.dll
    2009-02-24 12:26 . 2005-05-27 10:29 204,800 –a—— c:\windows\system32\LVUI2.dll
    2009-02-24 12:26 . 2005-05-27 10:26 204,800 –a—— c:\windows\system32\lvcodec2.dll
    2009-02-24 12:26 . 2005-05-27 10:19 106,496 –a—— c:\windows\system32\lvcoinst.dll
    2009-02-24 12:26 . 2005-07-19 17:31 53,248 -ra—— c:\windows\system32\InstMed.exe
    2009-02-24 12:26 . 2005-05-27 10:31 22,016 –a—— c:\windows\system32\drivers\LVUSBSta.sys
    2009-02-24 12:26 . 2005-05-27 10:10 9,255 –a—— c:\windows\system32\lvcoinst.ini
    2009-02-24 12:25 . 2009-02-24 12:25 <DIR> d——– c:\program files\Common Files\Logitech
    2009-02-24 11:55 . 2009-03-10 14:39 6,984 –a—— c:\windows\system32\OODBS.lor
    2009-02-24 11:23 . 2009-02-24 11:23 <DIR> d——– c:\documents and settings\az\Application Data\Leadertech
    2009-02-24 11:22 . 2009-02-24 12:11 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-02-24 11:22 . 2009-02-24 12:17 <DIR> d——– c:\program files\Common Files\LogiShrd
    2009-02-24 11:22 . 2009-02-24 11:22 <DIR> d——– c:\documents and settings\All Users\Application Data\Logitech
    2009-02-24 11:22 . 2009-02-24 12:17 <DIR> d——– c:\documents and settings\All Users\Application Data\Logishrd
    2009-02-23 18:16 . 2009-03-10 14:40 <DIR> d——– c:\documents and settings\az\Tracing
    2009-02-23 18:10 . 2009-02-23 18:10 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
    2009-02-23 18:10 . 2009-02-28 13:52 <DIR> d——– c:\program files\Microsoft
    2009-02-23 18:09 . 2009-02-23 18:11 <DIR> d——– c:\program files\Windows Live
    2009-02-23 18:07 . 2009-02-23 18:07 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-02-23 18:06 . 2009-02-23 18:06 <DIR> d——– c:\windows\ShellNew
    2009-02-23 18:06 . 2009-02-23 18:06 395 –a—— c:\windows\ODBC.INI
    2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d——– c:\documents and settings\az\Application Data\Talkback
    2009-02-23 17:51 . 2009-02-23 17:51 0 –a—— c:\windows
    sreg.dat
    2009-02-23 17:50 . 2009-02-23 17:51 3,139 –a—— c:\windows\mozver.dat
    2009-02-23 16:23 . 2009-02-23 16:23 <DIR> d——– c:\program files\FOXCONN
    2009-02-23 16:21 . 2009-02-23 16:21 <DIR> d——– c:\windows\OPTIONS
    2009-02-23 16:21 . 2009-02-23 16:21 <DIR> d——– c:\documents and settings\az\Application Data\InstallShield
    2009-02-23 16:21 . 2008-10-30 21:14 117,888 –a—— c:\windows\system32\drivers\Rtenicxp.sys
    2009-02-23 16:19 . 1998-11-13 14:08 308,224 –a—— c:\windows\IsUn0413.exe
    2009-02-22 20:02 . 2009-02-26 10:00 <DIR> d–h—– c:\windows\$hf_mig$
    2009-02-22 20:02 . 2009-02-22 20:02 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-22 20:02 . 2008-12-21 00:49 6,068,736 —–c— c:\windows\system32\dllcache\ieframe.dll
    2009-02-22 20:02 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 18:30 139,264 —-a-w c:\windows\system32\hpzjrd01.dll
    2009-02-26 12:13 ——— d—–w c:\program files\Microsoft Silverlight
    2009-02-21 15:24 ——— d—–w c:\program files\microsoft frontpage
    2009-02-21 15:22 ——— d—–w c:\program files\Reference Assemblies
    2009-02-21 15:22 ——— d—–w c:\program files\MSXML 6.0
    2009-02-21 15:22 ——— d—–w c:\program files\MSBuild
    2009-02-21 15:16 ——— d—–w c:\program files\Windows Media Connect 2
    2009-02-13 15:59 17,508,864 —-a-w c:\windows\RTHDCPL.EXE
    2009-02-13 15:49 5,029,376 —-a-w c:\windows\system32\drivers\RtkHDAud.sys
    2009-02-06 18:55 308,616 —-a-w c:\windows\WLXPGSS.SCR
    2009-02-06 17:52 49,504 —-a-w c:\windows\system32\sirenacm.dll
    2009-01-21 14:54 1,206,816 —-a-w c:\windows\RtlUpd.exe
    2008-12-20 23:49 827,904 —-a-w c:\windows\system32\wininet.dll
    2008-11-30 15:14 1,001,472 —-a-w c:\windows\inf\syssbck.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="f:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "OpwareSE2"="f:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "OPSE reminder"="f:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
    "TomTomHOME.exe"="f:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-13 c:\windows\RTHDCPL.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:963b9eb9b0]0[/u:963b9eb9b0]OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "f:\program files\Microsoft ActiveSync\rapimgr.exe"= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "f:\program files\Microsoft ActiveSync\wcescomm.exe"= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "f:\program files\Microsoft ActiveSync\WCESMgr.exe"= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\RpcAgentSrv.exe"=
    "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\WNt500x86\\RpcSandraSrv.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-02-25 1684736]
    S3 FXDrv32;FXDrv32;\??\k:\fxdrv32.sys –> k:\FXDrv32.sys [?]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe [2009-02-28 98488]
    S3 SliceDisk5;SliceDisk5;f:\program files\A-FF Find and Mount\slicedisk.sys [2009-02-27 10240]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-10 c:\windows\Tasks\RegCure Program Check.job
    - f:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

    2009-03-10 c:\windows\Tasks\RegCure.job
    - f:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-PrintServer Diagnostic - f:\program files\Print Server\PTP\PSDiagnostic.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = www.google.nl
    IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    FF - ProfilePath - c:\documents and settings\az\Application Data\Mozilla\Firefox\Profiles\yk9nnulk.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-10 15:09:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="D1DAF2CFD0A395F70108C050516A739BDC125B8D368BC721E48123844202C10F2248088986F8CF51CBE71E9103DA71A36F63C6485EAE28D33805D7FA2C406BD4B27367D0C6A03A1CB2179A513071B053C04808BF8B8034D896DD29C3A6B62C8F2F7861DA09D05380E32E8BABA2EF07C99D781E18FAF2BA620F7EDFA47DA3EE25092626B54C35BCB6D0F92BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C8E5B58EDA11C4C7E052E814C3D60A546E1F61A04B2EDED71D0E1104E24F1620128688D9C2598482C249E669A1575D2B8EF24EBD3D7675157FB918BD7CC1CBD9A2807B4F2A81F87F73A3A9AFE10773FD9A925BD3A88D405C336B64AAEBD4FD3004D9B44340A36106B4B9503745EEEEEBD785FFC08EE60A970EB2768A0337605B5AC0FA4C43AAB1FF2AD49F316C7A91C5718BD8DB3C3F9957E5FBCF61CFE4160A329CA32AC3F0EA1608F72B72926B832839AAC45DA5753D17126D8F8B60422B09681C03F9832B2BDE9ED318C91E6F15101639DEF3A8C619B2FA9DAE5A63AD0EC3E42630F5BC0B0CA279E2925588EEC4FEF2C87CC355BDE658429ACAB49AEC8462FCDA95D68AB65D118C80528AD3188B35981628DD24F4BD220B436A89D02481D62DB10D35947F0159B67F0AC62F9E53B2543ACDBBD86E5BF95336731C7E75389B37797966AFDB687F84C1C436C2768D624A868CF453438B85D5EB28E102930D4E37F41B87D4D5ECE58983DEC658AB9AA87B79AF9DC218AFE50420EF961A16AFD18269543164656C848460B208B0C488EE54ECC5D9926E988AFC37627CC41D039D67122B4DD0D4B833920C34740A3448F399D8D7037B52BFD9F16E737050D77698D3DF3FCA2DC35C38046A63F8AE0236FDFA9EE1F16D0E23E2544E6C3E29CB4AC8D38A00153814A8058ABF95A13661E211DCC84C7B60F6BD92EABF7D7E11D24500965BE9A86DC85645D98065F28E9B14E96B1E9BC429CE216877EA8F3234E25551B1B69967364294F112A16083DB420D2D65A3B470138ABED6741858C6804D9743E83C1357920B856594DFB81E5A76E3F4C1B9B20E4B46B8D63CF21881AA6AA97D39F6BAC962FFB3F7FC80C6F5DB26457C99D2F77FD7A8CD676D513C44633415C9EBF8CA472C17E0630331FE680DC8F9506DCA0708583BDDE025676121AB98E16C88B523B541D135BFE7711F1D2C042251A2B1E2155DF71F0C72668B26BDE45CADEFCEA81A91BCA215ED5C30F780C91E5842E58156CB2DB88EF700D5F315A5B36CF658BFB83A8FEEFA9E29B2FBC02556EA95B054B6DB279D885B1894586770CC5F0E46B2316C64C121D0680390D772C064E82DD379FAC8646F7BD0A032D97D71CFA7345E4BA8B"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(824)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-03-10 15:11:11
    ComboFix-quarantined-files.txt 2009-03-10 14:11:07

    Pre-Run: 64.815.091.712 bytes beschikbaar
    Post-Run: 67,877,928,960 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    261 — E O F — 2009-02-26 09:00:42
  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-03-10.03 - az 2009-03-12 16:29:32.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.3455.2592 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\az\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\az\Bureaublad\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_FXDRV32
    ——-\Service_FXDrv32


    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))
    .

    2009-03-10 14:58 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-10 14:58 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-03-02 22:09 . 2009-03-02 22:09 <DIR> d——– C:\CanonMP
    2009-03-02 17:57 . 2009-03-02 18:08 <DIR> d——– c:\windows\_ISTMP2.DIR
    2009-02-28 14:23 . 2009-02-28 14:23 <DIR> d——– c:\documents and settings\az\Application Data\Malwarebytes
    2009-02-28 14:23 . 2009-02-28 14:23 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-28 14:05 . 2009-02-28 14:08 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2009-02-28 10:53 . 2009-02-28 10:53 234 –a—— c:\windows\PrnHlpLogConfig.ini
    2009-02-28 10:49 . 2009-02-28 10:49 214 –a—— c:\windows\HP_InstantSHareJPG.ini
    2009-02-28 10:48 . 2009-02-28 10:48 217 –a—— c:\windows\HP_IZClosingDiscErrorPatch.ini
    2009-02-27 19:34 . 2009-02-27 19:34 221 –a—— c:\windows\HP_RedboxHprblog_HPSU.ini
    2009-02-27 12:37 . 2009-02-27 12:37 <DIR> d——– c:\windows\system32\XPSViewer
    2009-02-27 11:05 . 2009-02-27 11:05 <DIR> d——– c:\documents and settings\All Users\Application Data\TomTom
    2009-02-27 10:57 . 2008-04-13 23:26 30,592 –a—— c:\windows\system32\drivers\rndismpx.sys
    2009-02-27 10:57 . 2008-04-13 23:26 30,592 –a–c— c:\windows\system32\dllcache\rndismpx.sys
    2009-02-27 10:57 . 2008-04-13 23:26 12,800 –a—— c:\windows\system32\drivers\usb8023x.sys
    2009-02-27 10:57 . 2008-04-13 23:26 12,800 –a–c— c:\windows\system32\dllcache\usb8023x.sys
    2009-02-26 15:29 . 2009-02-26 15:29 4,767 –a—— c:\windows\Irremote.ini
    2009-02-26 15:27 . 2009-02-26 15:27 <DIR> d——– c:\program files\Windows Sidebar
    2009-02-26 15:17 . 2009-02-26 15:28 <DIR> d——– c:\program files\Nero
    2009-02-26 15:17 . 2009-02-26 15:23 <DIR> d——– c:\program files\Common Files\Nero
    2009-02-26 15:17 . 2009-02-26 15:23 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero
    2009-02-26 13:14 . 2009-02-26 13:14 <DIR> d——– c:\documents and settings\All Users\Application Data\HP
    2009-02-26 13:08 . 2009-02-26 13:08 <DIR> d——– c:\documents and settings\All Users\Application Data\Sonic
    2009-02-26 13:04 . 2009-02-26 13:04 <DIR> d——– c:\program files\Common Files\Hewlett-Packard
    2009-02-26 13:04 . 2005-03-15 20:36 77,824 -ra—— c:\windows\system32\hpzids01.dll
    2009-02-26 13:04 . 2005-05-05 08:51 37,376 –a—— c:\windows\system32\hpz3l3xu.dll
    2009-02-26 13:03 . 2005-04-08 02:50 827,392 -ra—— c:\windows\system32\hpotiop2.dll
    2009-02-26 13:03 . 2005-04-08 02:50 278,528 -ra—— c:\windows\system32\hpowiamd.dll
    2009-02-26 13:03 . 2005-03-08 05:49 274,432 -ra—— c:\windows\system32\HPZc3212.dll
    2009-02-26 13:03 . 2005-04-08 02:50 258,122 -ra—— c:\windows\system32\hpovst09.dll
    2009-02-26 13:03 . 2001-09-06 19:47 6,912 –a—— c:\windows\system32\drivers\serscan.sys
    2009-02-26 13:03 . 2001-09-06 19:47 6,912 –a–c— c:\windows\system32\dllcache\serscan.sys
    2009-02-26 13:03 . 2009-02-26 13:03 168 –a—— c:\windows\system32\AddPort.ini
    2009-02-26 12:40 . 2009-02-26 13:03 737 –a—— c:\windows\hpntwksetup.ini
    2009-02-26 12:11 . 2009-02-26 13:03 <DIR> d——– C:\TEMP
    2009-02-26 11:25 . 2004-09-29 12:12 278,584 –a—— c:\windows\system32\HPZidr12.dll
    2009-02-26 11:25 . 2004-09-29 12:15 204,800 –a—— c:\windows\system32\HPZipr12.dll
    2009-02-26 11:25 . 2004-09-29 12:09 94,208 –a—— c:\windows\system32\HPZipt12.dll
    2009-02-26 11:25 . 2004-09-29 12:14 69,632 –a—— c:\windows\system32\HPZipm12.exe
    2009-02-26 11:25 . 2004-09-29 12:08 61,440 –a—— c:\windows\system32\HPZinw12.exe
    2009-02-26 11:25 . 2004-09-29 12:09 57,344 –a—— c:\windows\system32\HPZisn12.dll
    2009-02-26 11:18 . 2009-02-26 11:25 <DIR> d——– c:\program files\HP
    2009-02-26 11:07 . 2009-02-26 14:36 <DIR> d——– c:\documents and settings\az\Application Data\HP
    2009-02-26 11:01 . 2009-02-26 11:01 <DIR> d–h—– c:\documents and settings\All Users\Application Data\CanonBJ
    2009-02-26 11:01 . 2005-08-25 21:00 140,288 –a—— c:\windows\system32\CNMLM7L.DLL
    2009-02-26 11:01 . 2008-04-13 23:17 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2009-02-26 11:01 . 2008-04-13 23:17 25,856 –a–c— c:\windows\system32\dllcache\usbprint.sys
    2009-02-26 11:01 . 2005-08-25 21:00 8,704 –a—— c:\windows\system32\CNMVS7L.DLL
    2009-02-26 11:00 . 2008-04-13 23:15 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
    2009-02-26 11:00 . 2008-04-13 23:15 15,104 –a–c— c:\windows\system32\dllcache\usbscan.sys
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\az\Application Data\ScanSoft
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\All Users\Application Data\SSScanWizard
    2009-02-26 10:56 . 2009-02-26 10:56 <DIR> d——– c:\documents and settings\All Users\Application Data\SSScanAppDataDir
    2009-02-26 10:56 . 2009-02-26 10:56 532 –a—— c:\windows\MAXLINK.INI
    2009-02-26 10:55 . 2009-02-26 10:56 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
    2009-02-26 10:40 . 1995-08-01 04:44 212,480 –a—— c:\windows\PCDLIB32.DLL
    2009-02-26 10:04 . 2005-08-30 05:22 221,184 –a—— c:\windows\system32\CNCC500.DLL
    2009-02-26 10:04 . 2005-05-30 11:47 139,264 –a—— c:\windows\system32\CNCL500.DLL
    2009-02-26 10:04 . 2005-08-30 05:22 69,632 –a—— c:\windows\system32\CNCI500.DLL
    2009-02-26 10:04 . 2005-08-30 05:23 49,152 –a—— c:\windows\system32\cncisco.dll
    2009-02-26 10:03 . 2009-02-26 10:04 <DIR> d——– c:\program files\Canon
    2009-02-26 10:01 . 2009-02-26 10:02 <DIR> d——– c:\windows\_ISTMP1.DIR
    2009-02-26 09:55 . 1998-10-29 16:45 306,688 –a—— c:\windows\IsUninst.exe
    2009-02-25 12:42 . 2008-08-05 20:10 1,684,736 –a—— c:\windows\system32\drivers\Ambfilt.sys
    2009-02-25 12:42 . 2006-01-04 15:41 1,389,056 –a—— c:\windows\system32\drivers\Monfilt.sys
    2009-02-25 12:42 . 2008-10-23 17:42 290,816 –a—— c:\windows\vncutil.exe
    2009-02-25 12:42 . 2008-06-24 14:46 104,992 –a—— c:\windows\RtkAudioService.exe
    2009-02-25 12:42 . 2009-02-09 14:34 35,840 –a—— c:\windows\system32\RtkCoInstXP.dll
    2009-02-25 12:41 . 2008-07-16 22:35 9,728 –a—— c:\windows\system32\RtNicProp32.dll
    2009-02-25 10:08 . 2009-02-25 10:08 <DIR> d——– C:\DRIVERS
    2009-02-24 16:58 . 2007-09-02 20:56 1,686,016 –a—— c:\windows\system32\clinetsuitex6.ocx
    2009-02-24 16:58 . 2004-03-09 16:45 662,288 –a—— c:\windows\system32\MSCOMCT2.OCX
    2009-02-24 16:58 . 2004-06-14 14:56 427,864 –a—— c:\windows\system32\XceedZip.dll
    2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d——– c:\documents and settings\az\Application Data\DriverCure
    2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d——– c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-02-24 16:28 . 2009-02-24 16:31 <DIR> d——– c:\documents and settings\All Users\Application Data\DriverCure
    2009-02-24 15:42 . 2008-04-14 21:33 91,648 –a—— c:\windows\system32\kswdmcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 91,648 –a–c— c:\windows\system32\dllcache\kswdmcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 61,952 –a—— c:\windows\system32\kstvtune.ax
    2009-02-24 15:42 . 2008-04-14 21:33 61,952 –a–c— c:\windows\system32\dllcache\kstvtune.ax
    2009-02-24 15:42 . 2008-04-14 21:32 54,272 –a—— c:\windows\system32\vfwwdm32.dll
    2009-02-24 15:42 . 2008-04-14 21:32 54,272 –a–c— c:\windows\system32\dllcache\vfwwdm32.dll
    2009-02-24 15:42 . 2008-04-14 21:33 43,008 –a—— c:\windows\system32\ksxbar.ax
    2009-02-24 15:42 . 2008-04-14 21:33 43,008 –a–c— c:\windows\system32\dllcache\ksxbar.ax
    2009-02-24 15:42 . 2008-04-13 23:15 32,128 –a—— c:\windows\system32\drivers\usbccgp.sys
    2009-02-24 15:42 . 2008-04-13 23:15 32,128 –a–c— c:\windows\system32\dllcache\usbccgp.sys
    2009-02-24 15:42 . 2008-04-14 21:33 28,672 –a—— c:\windows\system32\vidcap.ax
    2009-02-24 15:42 . 2008-04-14 21:33 28,672 –a–c— c:\windows\system32\dllcache\vidcap.ax
    2009-02-24 12:27 . 2005-06-08 15:45 86,016 –a—— c:\windows\system32\vatee.ax
    2009-02-24 12:26 . 2005-05-27 10:23 2,180,096 –a—— c:\windows\system32\drivers\lvsvf2.sys
    2009-02-24 12:26 . 2005-05-27 10:32 1,317,152 –a—— c:\windows\system32\drivers\lvcm.sys
    2009-02-24 12:26 . 2005-05-27 10:36 372,736 –a—— c:\windows\system32\LVUI2RC.dll
    2009-02-24 12:26 . 2005-05-27 10:29 204,800 –a—— c:\windows\system32\LVUI2.dll
    2009-02-24 12:26 . 2005-05-27 10:26 204,800 –a—— c:\windows\system32\lvcodec2.dll
    2009-02-24 12:26 . 2005-05-27 10:19 106,496 –a—— c:\windows\system32\lvcoinst.dll
    2009-02-24 12:26 . 2005-07-19 17:31 53,248 -ra—— c:\windows\system32\InstMed.exe
    2009-02-24 12:26 . 2005-05-27 10:31 22,016 –a—— c:\windows\system32\drivers\LVUSBSta.sys
    2009-02-24 12:26 . 2005-05-27 10:10 9,255 –a—— c:\windows\system32\lvcoinst.ini
    2009-02-24 12:25 . 2009-02-24 12:25 <DIR> d——– c:\program files\Common Files\Logitech
    2009-02-24 11:55 . 2009-03-12 16:32 8,439 –a—— c:\windows\system32\OODBS.lor
    2009-02-24 11:23 . 2009-02-24 11:23 <DIR> d——– c:\documents and settings\az\Application Data\Leadertech
    2009-02-24 11:22 . 2009-02-24 12:11 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-02-24 11:22 . 2009-02-24 12:17 <DIR> d——– c:\program files\Common Files\LogiShrd
    2009-02-24 11:22 . 2009-02-24 11:22 <DIR> d——– c:\documents and settings\All Users\Application Data\Logitech
    2009-02-24 11:22 . 2009-02-24 12:17 <DIR> d——– c:\documents and settings\All Users\Application Data\Logishrd
    2009-02-23 18:16 . 2009-03-12 16:33 <DIR> d——– c:\documents and settings\az\Tracing
    2009-02-23 18:10 . 2009-02-23 18:10 <DIR> d——– c:\program files\Microsoft SQL Server Compact Edition
    2009-02-23 18:10 . 2009-02-28 13:52 <DIR> d——– c:\program files\Microsoft
    2009-02-23 18:09 . 2009-02-23 18:11 <DIR> d——– c:\program files\Windows Live
    2009-02-23 18:07 . 2009-02-23 18:07 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-02-23 18:06 . 2009-02-23 18:06 <DIR> d——– c:\windows\ShellNew
    2009-02-23 18:06 . 2009-02-23 18:06 395 –a—— c:\windows\ODBC.INI
    2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d——– c:\documents and settings\az\Application Data\Talkback
    2009-02-23 17:51 . 2009-02-23 17:51 0 –a—— c:\windows
    sreg.dat
    2009-02-23 17:50 . 2009-02-23 17:51 3,139 –a—— c:\windows\mozver.dat
    2009-02-23 16:23 . 2009-02-23 16:23 <DIR> d——– c:\program files\FOXCONN
    2009-02-23 16:21 . 2009-02-23 16:21 <DIR> d——– c:\windows\OPTIONS
    2009-02-23 16:21 . 2009-02-23 16:21 <DIR> d——– c:\documents and settings\az\Application Data\InstallShield
    2009-02-23 16:21 . 2008-10-30 21:14 117,888 –a—— c:\windows\system32\drivers\Rtenicxp.sys
    2009-02-23 16:19 . 1998-11-13 14:08 308,224 –a—— c:\windows\IsUn0413.exe
    2009-02-22 20:02 . 2009-03-11 10:00 <DIR> d–h—– c:\windows\$hf_mig$
    2009-02-22 20:02 . 2009-02-22 20:02 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-22 20:02 . 2008-12-21 00:49 6,068,736 —–c— c:\windows\system32\dllcache\ieframe.dll
    2009-02-22 20:02 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-26 12:13 ——— d—–w c:\program files\Microsoft Silverlight
    2009-02-21 15:24 ——— d—–w c:\program files\microsoft frontpage
    2009-02-21 15:22 ——— d—–w c:\program files\Reference Assemblies
    2009-02-21 15:22 ——— d—–w c:\program files\MSXML 6.0
    2009-02-21 15:22 ——— d—–w c:\program files\MSBuild
    2009-02-21 15:16 ——— d—–w c:\program files\Windows Media Connect 2
    2009-02-13 15:59 17,508,864 —-a-w c:\windows\RTHDCPL.EXE
    2009-02-13 15:49 5,029,376 —-a-w c:\windows\system32\drivers\RtkHDAud.sys
    2009-02-06 18:55 308,616 —-a-w c:\windows\WLXPGSS.SCR
    2009-01-21 14:54 1,206,816 —-a-w c:\windows\RtlUpd.exe
    2008-11-30 15:14 1,001,472 —-a-w c:\windows\inf\syssbck.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-10_15.10.15,37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2008-04-15 11:00:00 144,384 -c–a-w c:\windows\system32\dllcache\schannel.dll
    + 2008-12-05 06:58:53 144,896 -c–a-w c:\windows\system32\dllcache\schannel.dll
    - 2008-11-30 15:12:51 1,847,040 -c–a-w c:\windows\system32\dllcache\win32k.sys
    + 2009-02-09 14:02:14 1,847,680 -c–a-w c:\windows\system32\dllcache\win32k.sys
    - 2009-03-10 11:35:43 118,152 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-03-11 09:07:54 118,152 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2009-02-11 19:56:18 21,244,872 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-25 20:54:59 24,768,960 —-a-w c:\windows\system32\MRT.exe
    - 2009-03-10 13:47:47 71,002 —-a-w c:\windows\system32\perfc009.dat
    + 2009-03-11 11:24:45 71,002 —-a-w c:\windows\system32\perfc009.dat
    - 2009-03-10 13:47:47 90,642 —-a-w c:\windows\system32\perfc013.dat
    + 2009-03-11 11:24:45 90,642 —-a-w c:\windows\system32\perfc013.dat
    - 2009-03-10 13:47:47 440,684 —-a-w c:\windows\system32\perfh009.dat
    + 2009-03-11 11:24:45 440,684 —-a-w c:\windows\system32\perfh009.dat
    - 2009-03-10 13:47:47 508,570 —-a-w c:\windows\system32\perfh013.dat
    + 2009-03-11 11:24:45 508,570 —-a-w c:\windows\system32\perfh013.dat
    - 2008-04-15 11:00:00 144,384 —-a-w c:\windows\system32\schannel.dll
    + 2008-12-05 06:58:53 144,896 —-a-w c:\windows\system32\schannel.dll
    - 2007-07-27 08:41:40 16,760 ——w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:43 18,808 ——w c:\windows\system32\spmsg.dll
    - 2008-11-30 15:12:51 1,847,040 —-a-w c:\windows\system32\win32k.sys
    + 2009-02-09 14:02:14 1,847,680 —-a-w c:\windows\system32\win32k.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="f:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
    "TomTomHOME.exe"="f:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "OpwareSE2"="f:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "OPSE reminder"="f:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-13 c:\windows\RTHDCPL.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:2ea0ed8e75]0[/u:2ea0ed8e75]OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "f:\program files\Microsoft ActiveSync\rapimgr.exe"= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "f:\program files\Microsoft ActiveSync\wcescomm.exe"= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "f:\program files\Microsoft ActiveSync\WCESMgr.exe"= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\RpcAgentSrv.exe"=
    "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\WNt500x86\\RpcSandraSrv.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-02-25 1684736]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe [2009-02-28 98488]
    S3 SliceDisk5;SliceDisk5;f:\program files\A-FF Find and Mount\slicedisk.sys [2009-02-27 10240]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-12 c:\windows\Tasks\RegCure Program Check.job
    - f:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

    2009-03-12 c:\windows\Tasks\RegCure.job
    - f:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = www.google.nl
    IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    FF - ProfilePath - c:\documents and settings\az\Application Data\Mozilla\Firefox\Profiles\yk9nnulk.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-12 16:33:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="D1DAF2CFD0A395F70108C050516A739BDC125B8D368BC721E48123844202C10F2248088986F8CF51CBE71E9103DA71A36F63C6485EAE28D33805D7FA2C406BD4B27367D0C6A03A1CB2179A513071B053C04808BF8B8034D896DD29C3A6B62C8F2F7861DA09D05380E32E8BABA2EF07C99D781E18FAF2BA620F7EDFA47DA3EE25092626B54C35BCB6D0F92BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C8E5B58EDA11C4C7E052E814C3D60A546E1F61A04B2EDED71D0E1104E24F1620128688D9C2598482C249E669A1575D2B8EF24EBD3D7675157FB918BD7CC1CBD9A2807B4F2A81F87F73A3A9AFE10773FD9A925BD3A88D405C336B64AAEBD4FD3004D9B44340A36106B4B9503745EEEEEBD785FFC08EE60A970EB2768A0337605B5AC0FA4C43AAB1FF2AD49F316C7A91C5718BD8DB3C3F9957E5FBCF61CFE4160A329CA32AC3F0EA1608F72B72926B832839AAC45DA5753D17126D8F8B60422B09681C03F9832B2BDE9ED318C91E6F15101639DEF3A8C619B2FA9DAE5A63AD0EC3E42630F5BC0B0CA279E2925588EEC4FEF2C87CC355BDE658429ACAB49AEC8462FCDA95D68AB65D118C80528AD3188B35981628DD24F4BD220B436A89D02481D62DB10D35947F0159B67F0AC62F9E53B2543ACDBBD86E5BF95336731C7E75389B37797966AFDB687F84C1C436C2768D624A868CF453438B85D5EB28E102930D4E37F41B87D4D5ECE58983DEC658AB9AA87B79AF9DC218AFE50420EF961A16AFD18269543164656C848460B208B0C488EE54ECC5D9926E988AFC37627CC41D039D67122B4DD0D4B833920C34740A3448F399D8D7037B52BFD9F16E737050D77698D3DF3FCA2DC35C38046A63F8AE0236FDFA9EE1F16D0E23E2544E6C3E29CB4AC8D38A00153814A8058ABF95A13661E211DCC84C7B60F6BD92EABF7D7E11D24500965BE9A86DC85645D98065F28E9B14E96B1E9BC429CE216877EA8F3234E25551B1B69967364294F112A16083DB420D2D65A3B470138ABED6741858C6804D9743E83C1357920B856594DFB81E5A76E3F4C1B9B20E4B46B8D63CF21881AA6AA97D39F6BAC962FFB3F7FC80C6F5DB26457C99D2F77FD7A8CD676D513C44633415C9EBF8CA472C17E0630331FE680DC8F9506DCA0708583BDDE025676121AB98E16C88B523B541D135BFE7711F1D2C042251A2B1E2155DF71F0C72668B26BDE45CADEFCEA81A91BCA215ED5C30F780C91E5842E58156CB2DB88EF700D5F315A5B36CF658BFB83A8FEEFA9E29B2FBC02556EA95B054B6DB279D885B1894586770CC5F0E46B2316C64C121D0680390D772C064E82DD379FAC8646F7BD0A032D97D71CFA7345E4BA8B"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(808)
    c:\windows\system32\Ati2evxx.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\windows\system32\CBA\pds.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32\oodag.exe
    c:\windows\system32\HPZipm12.exe
    f:\progra~1\MICROS~2\rapimgr.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-03-12 16:34:57 - machine werd herstart [az]
    ComboFix-quarantined-files.txt 2009-03-12 15:34:54
    ComboFix2.txt 2009-03-10 14:11:14

    Pre-Run: 67.835.359.232 bytes beschikbaar
    Post-Run: 67,765,149,696 bytes beschikbaar

    304 — E O F — 2009-03-11 09:00:25

    Ik hoor t weel weer
    Anjo
  • Zijn er nog problemen?
  • Zo te merken niet
    Alweer 1000-maal dank
    Anjo
  • Graag gedaan,


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:5617ab09ba]ComboFix /U[/b:5617ab09ba] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.