Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Systeembeheerder error

Anoniem
None
12 antwoorden
  • hallo beste mensen,

    mijn probleem is net als een aantal anderen hier: ik schijn niet meer de systeembeheerder van mijn eigen pc te zijn.

    kan iemand mij even helpen?
    alvast bedankt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19:45, on 8-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin
    pjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin
    pjpi160_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Dani den Besten\Bureaublad\Games\Poker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Dani den Besten\Bureaublad\Games\Poker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dani den Besten\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.giskit.com/pub/mapguide/mgaxctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E39E273-2B96-4BF8-952B-6EB8877F4E29}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96BB9648-15BC-4581-B9AD-751EA826F5CD}: NameServer = 198.168.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C19310F-4413-468C-9B23-21A30A43EC2C}: NameServer = 192.168.2.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 9380 bytes

  • Start Hijackthis, kies voor [i:3aa52b918e]'Do a system scan only'[/i:3aa52b918e] en vink onderstaande regels aan:
    [b:3aa52b918e]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Dani den Besten\Bureaublad\Games\Poker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Dani den Besten\Bureaublad\Games\Poker\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab
    [/b:3aa52b918e]

    Sluit nu [u:3aa52b918e]alle[/u:3aa52b918e] openstaande vensters, behalve Hijackthis en klik op [b:3aa52b918e]Fix Checked[/b:3aa52b918e].

    Verwijder onderstaande map:
    C:\Documents and Settings\Dani den Besten\Bureaublad\Games\Poker\[b:3aa52b918e]PartyPoker[/b:3aa52b918e]

    Herstart je PC.

    Download Combofix naar je [b:3aa52b918e]bureaublad[/b:3aa52b918e]

    Dubbelklik op [u:3aa52b918e]combofix.exe[/u:3aa52b918e]
    Kies voor "Continue" door [b:3aa52b918e]1[/b:3aa52b918e] te typen gevolgd door [b:3aa52b918e]ENTER[/b:3aa52b918e].
    Tijdens het runnen van de fix, [b:3aa52b918e]NIET[/b:3aa52b918e] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:3aa52b918e]combofix.txt[/b:3aa52b918e] openen. Bewaar dit logje.

    [i:3aa52b918e]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:3aa52b918e]

    Plaats in je volgende antwoord het logje van combofix ([i:3aa52b918e]combofix.txt[/i:3aa52b918e]) tesamen met een vers Hijackthis log.


    Succes!

    Pim
  • beste Pim alvast bedankt voor het helpen!
    overigens was dat mapje van party poker na de hijack scan al weg…?

    Dit is het combofix txt bestand

    ComboFix 07-10-07.2 - Dani den Besten 2007-10-09 0:04:51.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.227 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Dani den Besten\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))
    .

    2007-10-09 00:04 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-09 00:04 <DIR> d——– C:\WINDOWS\LastGood
    2007-10-08 19:18 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-25 14:40 256,568 -r——- C:\WINDOWS\system32\drivers\windrvr6.sys
    2007-09-25 14:40 <DIR> d——– C:\Program Files\Philips
    2007-09-16 17:45 <DIR> d——– C:\Program Files\SurfRight
    2007-09-13 23:12 <DIR> dr-h—– C:\Documents and Settings\Admin\Onlangs geopend
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Mijn documenten
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Menu Start
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Favorieten
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Sjablonen
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Netwerkprinteromgeving
    2007-09-13 23:12 <DIR> d—s—- C:\Documents and Settings\Admin\UserData
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Bureaublad
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Real
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\InterTrust
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Help
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Cyberlink
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Ahead

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 00:03 13440 –a—— C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-10-08 21:39 ——— d——– C:\Program Files\Incomplete
    2007-10-08 21:33 ——— d——– C:\Program Files\LimeWire
    2007-10-08 19:01 ——— d——– C:\Program Files\Hitman Pro
    2007-10-04 22:10 ——— d——– C:\Program Files\Papyrus Design Group, Inc
    2007-10-02 21:25 ——— d——– C:\Program Files\Microsoft Picture It! 9
    2007-09-29 20:51 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\Azureus
    2007-09-25 14:40 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-22 13:40 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\AdobeUM
    2007-09-17 19:43 ——— d——– C:\Program Files\Spyware Doctor
    2007-09-16 19:51 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-16 18:48 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-24 16:53 ——— d——– C:\Program Files\Google
    2007-08-13 15:04 ——— d——– C:\Program Files\TestEnDrive
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dit"="Dit.exe" [2003-12-30 00:33 C:\WINDOWS\Dit.exe]
    "CHotkey"="mHotkey.exe" [2004-02-05 14:45 C:\WINDOWS\mHotkey.exe]
    "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-12-12 19:55]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-02-23 13:32]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-02-19 11:09]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
    "Cmaudio"="cmicnfg.cpl" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 22:39]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 09:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "Hitman Pro SurfRight Helper"="C:\Program Files\Hitman Pro\srhelper.exe" [2005-06-28 19:07]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "SpecifyDefaultButtons"=0 (0x0)
    "Btn_Search"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\syste

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    R2 fxgpio;fxgpio;C:\WINDOWS\system32\drivers\fxgpio.sys
    R2 fxptl;fxptl;C:\WINDOWS\system32\drivers\fxptl.sys
    R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
    R3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
    S4 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 00:07:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 0:09:02
    .
    — E O F —




    Hijack txt scan #2 (dit is overigens een: system scan only)





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:14:18, on 9-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin
    pjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin
    pjpi160_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dani den Besten\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.giskit.com/pub/mapguide/mgaxctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E39E273-2B96-4BF8-952B-6EB8877F4E29}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96BB9648-15BC-4581-B9AD-751EA826F5CD}: NameServer = 198.168.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C19310F-4413-468C-9B23-21A30A43EC2C}: NameServer = 192.168.2.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 8521 bytes


  • Hoi,

    Probeer de volgende mogelijke manieren om New.net te verwijderen, in deze volgorde:

    1) Ga naar Configuratiescherm > Software. Kijk of [b:5c4b5e9e1e]New.net Domains[/b:5c4b5e9e1e] of [b:5c4b5e9e1e]New.net Application[/b:5c4b5e9e1e] in de softwarelijst staat en, zo ja, deïnstalleer dit.
    Staat het niet in de softwarelijst of lukt het deïnstalleren niet, ga dan naar 2).

    2) Kijk in de map C:\Program Files\NewDotNet of daarin een uninstaller staat. Die uninstaller heet [b:5c4b5e9e1e]uninstallX_XX.exe[/b:5c4b5e9e1e] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
    Lukt het op deze manier niet, ga dan naar 3).

    3) Kijk in de map C:\Windows of daarin een unistaller staat. Die uninstaller heet [b:5c4b5e9e1e]NDNuninstallx_xx.exe[/b:5c4b5e9e1e] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
    Lukt het op deze manier niet, ga dan naar 4).

    4) Download deze uninstaller, plaats het op je bureaublad. Dubbelklik op [b:5c4b5e9e1e]NNuninstall.exe[/b:5c4b5e9e1e], dat nu op je bureaublad staat, om New.net te verwijderen.

    Na het verwijderen van New.net, moet de pc opnieuw worden opgestart. Maak daarna een nieuw Combofix-log en plaats dat hier.

    Vertel dan ook gelijk even hoe het met je problemen is ;)

    Pim
  • heey hallo

    ik geloof dat ik inmiddels m'n pc weer aardig onder controle heb kan iig weer programma's installeren!

    Dit is het logbestand

    ComboFix 07-10-07.2 - Dani den Besten 2007-10-09 17:40:11.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.223 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Dani den Besten\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 00:04 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-08 19:18 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-25 14:40 256,568 -r——- C:\WINDOWS\system32\drivers\windrvr6.sys
    2007-09-25 14:40 <DIR> d——– C:\Program Files\Philips
    2007-09-16 17:45 <DIR> d——– C:\Program Files\SurfRight
    2007-09-13 23:12 <DIR> dr-h—– C:\Documents and Settings\Admin\Onlangs geopend
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Mijn documenten
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Menu Start
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Favorieten
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Sjablonen
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Netwerkprinteromgeving
    2007-09-13 23:12 <DIR> d—s—- C:\Documents and Settings\Admin\UserData
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Bureaublad
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Real
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\InterTrust
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Help
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Cyberlink
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Ahead

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 17:38 13440 –a—— C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-10-08 21:39 ——— d——– C:\Program Files\Incomplete
    2007-10-08 21:33 ——— d——– C:\Program Files\LimeWire
    2007-10-08 19:01 ——— d——– C:\Program Files\Hitman Pro
    2007-10-04 22:10 ——— d——– C:\Program Files\Papyrus Design Group, Inc
    2007-10-02 21:25 ——— d——– C:\Program Files\Microsoft Picture It! 9
    2007-09-29 20:51 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\Azureus
    2007-09-25 14:40 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-22 13:40 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\AdobeUM
    2007-09-17 19:43 ——— d——– C:\Program Files\Spyware Doctor
    2007-09-16 19:51 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-16 18:48 ——— d——– C:\Program Files\SpywareBlaster
    2007-08-24 16:53 ——— d——– C:\Program Files\Google
    2007-08-13 15:04 ——— d——– C:\Program Files\TestEnDrive
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_ 0.08.04,54 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 12,010 2007-10-09 15:29:58 C:\WINDOWS\SoftwareDistribution\EventCache\{3B7C119C-9C04-497B-BF7F-BE522252763A}.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dit"="Dit.exe" [2003-12-30 00:33 C:\WINDOWS\Dit.exe]
    "CHotkey"="mHotkey.exe" [2004-02-05 14:45 C:\WINDOWS\mHotkey.exe]
    "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-12-12 19:55]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-02-23 13:32]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-02-19 11:09]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
    "Cmaudio"="cmicnfg.cpl" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 22:39]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 09:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "Hitman Pro SurfRight Helper"="C:\Program Files\Hitman Pro\srhelper.exe" [2005-06-28 19:07]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "SpecifyDefaultButtons"=0 (0x0)
    "Btn_Search"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\syste

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    R2 fxgpio;fxgpio;C:\WINDOWS\system32\drivers\fxgpio.sys
    R2 fxptl;fxptl;C:\WINDOWS\system32\drivers\fxptl.sys
    R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
    R3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
    S4 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 17:42:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 17:43:29
    C:\ComboFix2.txt … 2007-10-09 00:09
    .
    — E O F —
  • Hmm, dat is raar, ik zie nog steeds sporen terug van de Newdotnet infectie :-?

    Download deze verwijder tool:
    http://www.new.net/support/NNuninstall.exe

    Dubbelklik op NNuninstall.exe en laat de tool zijn werk doen.
    Herstart de computer en post een nieuw Combofix log ter controle.

    Pim
  • hmm ik heb het nogmaals geprobeerd met die nnuninstal
    maar ik geloof dat die new.net er nog steeds tussen staat…


    ComboFix 07-10-07.2 - Dani den Besten 2007-10-10 14:25:56.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.241 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Dani den Besten\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))
    .

    2007-10-10 14:26 <DIR> d——– C:\WINDOWS\LastGood
    2007-10-09 18:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-10-09 00:04 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-08 19:18 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-25 14:40 256,568 -r——- C:\WINDOWS\system32\drivers\windrvr6.sys
    2007-09-25 14:40 <DIR> d——– C:\Program Files\Philips
    2007-09-16 17:45 <DIR> d——– C:\Program Files\SurfRight
    2007-09-13 23:12 <DIR> dr-h—– C:\Documents and Settings\Admin\Onlangs geopend
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Mijn documenten
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Menu Start
    2007-09-13 23:12 <DIR> dr——- C:\Documents and Settings\Admin\Favorieten
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Sjablonen
    2007-09-13 23:12 <DIR> d–h—– C:\Documents and Settings\Admin\Netwerkprinteromgeving
    2007-09-13 23:12 <DIR> d—s—- C:\Documents and Settings\Admin\UserData
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Bureaublad
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Real
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\InterTrust
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Help
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Cyberlink
    2007-09-13 23:12 <DIR> d——– C:\Documents and Settings\Admin\Application Data\Ahead

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-10 14:25 13440 –a—— C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-10-10 14:20 ——— d——– C:\Program Files\Hitman Pro
    2007-10-09 19:34 ——— d——– C:\Program Files\Spyware Doctor
    2007-10-09 18:32 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-09 18:02 ——— d——– C:\Program Files\SpywareBlaster
    2007-10-08 21:39 ——— d——– C:\Program Files\Incomplete
    2007-10-08 21:33 ——— d——– C:\Program Files\LimeWire
    2007-10-04 22:10 ——— d——– C:\Program Files\Papyrus Design Group, Inc
    2007-10-02 21:25 ——— d——– C:\Program Files\Microsoft Picture It! 9
    2007-09-29 20:51 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\Azureus
    2007-09-25 14:40 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-22 13:40 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\AdobeUM
    2007-08-24 16:53 ——— d——– C:\Program Files\Google
    2007-08-13 15:04 ——— d——– C:\Program Files\TestEnDrive
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_ 0.08.04,54 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 15,584 2005-10-12 23:20:05 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\spmsg.dll
    —-a-w 216,800 2005-10-12 23:20:06 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\spuninst.exe
    —-a-w 584,192 2007-07-09 13:11:51 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2GDR\rpcrt4.dll
    —-a-w 122,880 2007-06-12 21:53:16 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2GDR\spru0413.dll
    —-a-w 582,656 2007-07-09 13:20:52 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2QFE\rpcrt4.dll
    —-a-w 369,664 2007-06-18 22:24:36 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2QFE\spru0413.dll
    —-a-w 22,752 2005-10-12 23:20:04 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\spcustom.dll
    —-a-w 725,728 2005-10-12 23:20:09 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\update.exe
    —-a-w 389,856 2005-10-12 23:20:15 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\updspapi.dll
    —-a-w 12,708 2007-10-10 12:09:31 C:\WINDOWS\SoftwareDistribution\EventCache\{ABDB60FD-E52A-4523-8972-8812D99BB5A4}.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dit"="Dit.exe" [2003-12-30 00:33 C:\WINDOWS\Dit.exe]
    "CHotkey"="mHotkey.exe" [2004-02-05 14:45 C:\WINDOWS\mHotkey.exe]
    "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-12-12 19:55]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-02-23 13:32]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-02-19 11:09]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
    "Cmaudio"="cmicnfg.cpl" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 22:39]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 09:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "Hitman Pro SurfRight Helper"="C:\Program Files\Hitman Pro\srhelper.exe" [2007-10-09 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "SpecifyDefaultButtons"=0 (0x0)
    "Btn_Search"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\syste

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    R2 fxgpio;fxgpio;C:\WINDOWS\system32\drivers\fxgpio.sys
    R2 fxptl;fxptl;C:\WINDOWS\system32\drivers\fxptl.sys
    R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
    R3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
    S4 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-10 14:28:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-10 14:29:44
    C:\ComboFix2.txt … 2007-10-09 17:43
    C:\ComboFix3.txt … 2007-10-09 00:09
    .
    — E O F —
  • Excuus voor de late reactie, heb je topic even uit het oog verloren :oops:

    Kopieer onderstaande code in de codebox in een leeg kladblok venster:
    [i:63dd061235](vergeet REGEDIT4 niet mee te kopieeren!) [/i:63dd061235]

    [code:1:63dd061235]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    [/code:1:63dd061235]

    Sla deze op als [b:63dd061235]fixreg.reg[/b:63dd061235] en geef als type "[b:63dd061235]Alle bestanden[/b:63dd061235]"
    Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
    [img:63dd061235]http://users.telenet.be/bluepatchy/miekiemoes/images
    eg.gif[/img:63dd061235]

    Dubbelklik vervolgens op fixreg.reg.
    Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:63dd061235]Ja/Ok[/b:63dd061235]


    Hoe is het met je problemen?

    Pim
  • hallo,

    dat van die late reactie maakt niet uit ik had afgelopen dagen toch vrij druk met m'n werk, maar goed dit terzijde.

    inmiddels heb ik die fixreg.reg uitgevoerd en nu kan ik weer alles installeren en werkt m'n pc weer wat beter. zal ik nog ff een combofix log erop zetten voor de zekerheid?

    bedankt voor je hulp iig!

    gr. Daniel
  • Graag een nieuw Combofix logje ja! :D
  • ziehier een combofix log:

    ComboFix 07-10-07.2 - Dani den Besten 2007-10-15 0:00:07.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.151 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Dani den Besten\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))
    .

    2007-10-14 22:32 <DIR> d——– C:\WINDOWS\LastGood
    2007-10-12 22:45 227,360 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-10-12 22:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-10-12 22:24 <DIR> d——– C:\Documents and Settings\Dani den Besten\Application Data\RegistrySmart
    2007-10-12 22:09 103 –a—— C:\Documents and Settings\Dani den Besten\fixreg.reg
    2007-10-09 18:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-10-09 00:04 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-08 19:18 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-25 14:40 256,568 -r——- C:\WINDOWS\system32\drivers\windrvr6.sys
    2007-09-25 14:40 <DIR> d——– C:\Program Files\Philips
    2007-09-16 17:45 <DIR> d——– C:\Program Files\SurfRight

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-14 23:57 ——— d——– C:\Program Files\Hitman Pro
    2007-10-14 22:30 13440 –a—— C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2007-10-13 21:59 3824 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-10-13 16:04 ——— d——– C:\Program Files\LimeWire
    2007-10-13 16:04 ——— d——– C:\Program Files\Incomplete
    2007-10-12 22:17 ——— d——– C:\Program Files\MSN Messenger
    2007-10-09 19:34 ——— d——– C:\Program Files\Spyware Doctor
    2007-10-09 18:32 ——— d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-09 18:02 ——— d——– C:\Program Files\SpywareBlaster
    2007-10-04 22:10 ——— d——– C:\Program Files\Papyrus Design Group, Inc
    2007-10-02 21:25 ——— d——– C:\Program Files\Microsoft Picture It! 9
    2007-09-29 20:51 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\Azureus
    2007-09-25 14:40 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-22 13:40 ——— d——– C:\Documents and Settings\Dani den Besten\Application Data\AdobeUM
    2007-09-06 16:14 75248 –a—— C:\WINDOWS\zllsputility.exe
    2007-09-06 16:14 1086952 –a—— C:\WINDOWS\system32\zpeng24.dll
    2007-08-24 16:53 ——— d——– C:\Program Files\Google
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_ 0.08.04,54 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-r 29,926 2007-10-12 20:16:57 C:\WINDOWS\Installer\{9816B8B8-4B53-4D3D-9235-AD931252001D}\MsblIco.Exe
    —-a-w 15,584 2005-10-12 23:20:05 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\spmsg.dll
    —-a-w 216,800 2005-10-12 23:20:06 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\spuninst.exe
    —-a-w 584,192 2007-07-09 13:11:51 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2GDR\rpcrt4.dll
    —-a-w 122,880 2007-06-12 21:53:16 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2GDR\spru0413.dll
    —-a-w 582,656 2007-07-09 13:20:52 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2QFE\rpcrt4.dll
    —-a-w 369,664 2007-06-18 22:24:36 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\SP2QFE\spru0413.dll
    —-a-w 22,752 2005-10-12 23:20:04 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\spcustom.dll
    —-a-w 725,728 2005-10-12 23:20:09 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\update.exe
    —-a-w 389,856 2005-10-12 23:20:15 C:\WINDOWS\SoftwareDistribution\Download\884c97e4892c28e282b7cfc6cc18997b\update\updspapi.dll
    —-a-w 12,708 2007-10-13 19:59:37 C:\WINDOWS\SoftwareDistribution\EventCache\{B7B1E279-1C79-4A3F-B7B4-86583D582F98}.bin
    —-a-w 135,168 2007-09-24 20:30:28 C:\WINDOWS\system32\java.exe
    —-a-w 135,168 2007-09-24 20:30:30 C:\WINDOWS\system32\javaw.exe
    —-a-w 139,264 2007-09-24 21:31:42 C:\WINDOWS\system32\javaws.exe
    —-a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
    —-a-w 51,056 2007-01-19 10:53:04 C:\WINDOWS\system32\sirenacm.dll
    —-a-w 83,432 2007-09-06 14:14:04 C:\WINDOWS\system32\vsdata.dll
    —-a-w 395,080 2007-09-06 14:14:28 C:\WINDOWS\system32\vsdatant.sys
    —-a-w 157,160 2007-09-06 14:14:04 C:\WINDOWS\system32\vsinit.dll
    —-a-w 103,912 2007-09-06 14:14:04 C:\WINDOWS\system32\vsmonapi.dll
    —-a-w 275,944 2007-09-06 14:14:04 C:\WINDOWS\system32\vspubapi.dll
    —-a-w 71,144 2007-09-06 14:14:04 C:\WINDOWS\system32\vsregexp.dll
    —-a-w 472,552 2007-09-06 14:14:06 C:\WINDOWS\system32\vsutil.dll
    —-a-w 46,568 2007-09-06 14:14:06 C:\WINDOWS\system32\vswmi.dll
    —-a-w 99,816 2007-09-06 14:14:06 C:\WINDOWS\system32\vsxml.dll
    —-a-w 83,432 2007-09-06 14:14:06 C:\WINDOWS\system32\zlcomm.dll
    —-a-w 71,144 2007-09-06 14:14:08 C:\WINDOWS\system32\zlcommdb.dll
    —h–w 4,212 2007-10-12 20:46:05 C:\WINDOWS\system32\zllictbl.dat
    —-a-w 127,768 2007-07-19 13:10:28 C:\WINDOWS\system32\drivers\klif.sys
    —-a-w 370,208 2007-09-06 14:13:56 C:\WINDOWS\system32\ZoneLabs\av.dll
    —-a-w 99,816 2007-09-06 14:13:56 C:\WINDOWS\system32\ZoneLabs\camupd.dll
    —-a-w 813,568 2004-01-30 10:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
    —-a-w 128,480 2007-09-06 14:13:58 C:\WINDOWS\system32\ZoneLabs\fbl.dll
    —-a-w 38,376 2007-09-06 14:13:58 C:\WINDOWS\system32\ZoneLabs\featuremap.dll
    —-a-w 321,016 2007-09-06 14:13:58 C:\WINDOWS\system32\ZoneLabs\imsecure.dll
    —-a-w 714,208 2007-08-15 13:45:42 C:\WINDOWS\system32\ZoneLabs\qrbase.dll
    —-a-w 787,936 2007-08-15 13:45:44 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
    —-a-w 173,544 2007-09-06 14:14:00 C:\WINDOWS\system32\ZoneLabs\scheduler.dll
    —-a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat
    —-a-w 1,500,640 2007-08-15 13:45:44 C:\WINDOWS\system32\ZoneLabs\srescan.dll
    —-a-w 50,416 2007-06-11 10:44:10 C:\WINDOWS\system32\ZoneLabs\srescan.sys
    —-a-w 456,168 2007-09-06 14:14:02 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
    —-a-w 833,248 2007-08-01 04:30:04 C:\WINDOWS\system32\ZoneLabs\updating.dll
    —-a-w 149,032 2007-09-06 14:14:18 C:\WINDOWS\system32\ZoneLabs\updclient.exe
    —-a-w 286,787 2007-01-11 15:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
    —-a-w 503,875 2006-09-04 18:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll
    —-a-w 108,008 2007-09-06 14:14:04 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
    —-a-w 79,336 2007-09-06 14:14:04 C:\WINDOWS\system32\ZoneLabs\vsdb.dll
    —-a-w 75,304 2007-09-06 14:14:18 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    —-a-w 2,024,936 2007-09-06 14:14:04 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
    —-a-w 1,345,000 2007-09-06 14:14:06 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
    —-a-w 239,080 2007-09-06 14:14:06 C:\WINDOWS\system32\ZoneLabs\vsvault.dll
    —-a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
    —-a-w 177,640 2007-09-06 14:14:08 C:\WINDOWS\system32\ZoneLabs\zlparser.dll
    —-a-w 79,344 2007-09-06 14:14:08 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
    —-a-w 382,440 2007-09-06 14:14:08 C:\WINDOWS\system32\ZoneLabs\zlsre.dll
    —-a-w 120,296 2007-09-06 14:14:08 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
    —-a-w 77,824 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
    —-a-w 110,592 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
    —-a-w 331,776 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
    —-a-w 38,400 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
    —-a-w 208,960 2006-09-19 21:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
    —-a-w 274,432 2007-08-24 17:31:48 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
    —-a-w 1,093,632 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
    —-a-w 548,864 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
    —-a-w 626,688 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
    —-a-w 184,320 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
    —-a-w 90,112 2007-05-30 22:03:22 C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
    —-a-w 135,168 2007-08-24 17:31:48 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    —-a-w 200,704 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
    —-a-w 65,248 2007-05-30 22:03:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
    —-a-w 21,568 2006-06-30 12:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
    —-a-w 110,360 2007-07-19 13:10:32 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
    —-a-w 186,128 2007-07-19 13:10:32 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
    —-a-w 110,360 2007-05-30 22:03:48 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
    —-a-w 127,768 2007-07-19 13:10:28 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
    —-a-w 45,056 2007-05-30 22:03:50 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
    —-a-w 288,144 2007-09-06 14:14:30 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
    —-a-w 152,976 2007-09-06 14:14:30 C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
    —-a-w 26,000 2007-09-06 14:14:30 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
    —-a-w 1,361,296 2007-09-06 14:14:32 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
    —-a-w 71,056 2007-09-06 14:14:32 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
    —-a-w 30,184 2007-09-06 14:15:50 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
    —-a-w 30,216 2007-09-06 14:15:52 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
    —-a-w 214,528 2007-09-06 14:15:52 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
    —-a-w 3,266,040 2007-09-06 14:15:54 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
    .
    —-a-w 135,168 2007-07-11 23:22:00 C:\WINDOWS\system32\java.exe
    —-a-w 135,168 2007-07-11 23:22:04 C:\WINDOWS\system32\javaw.exe
    —-a-w 139,264 2007-07-12 00:22:38 C:\WINDOWS\system32\javaws.exe
    —-a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
    —-a-w 48,936 2006-07-29 17:32:50 C:\WINDOWS\system32\sirenacm.dll
    ——w 83,696 2007-03-08 23:01:24 C:\WINDOWS\system32\vsdata.dll
    ——w 157,424 2007-03-08 23:01:24 C:\WINDOWS\system32\vsinit.dll
    ——w 104,176 2007-03-08 23:01:26 C:\WINDOWS\system32\vsmonapi.dll
    —-a-w 276,208 2007-03-08 23:01:26 C:\WINDOWS\system32\vspubapi.dll
    —-a-w 71,408 2007-03-08 23:01:26 C:\WINDOWS\system32\vsregexp.dll
    ——w 472,816 2007-03-08 23:01:28 C:\WINDOWS\system32\vsutil.dll
    ——w 46,832 2007-03-08 23:01:30 C:\WINDOWS\system32\vswmi.dll
    —-a-w 100,080 2007-03-08 23:01:30 C:\WINDOWS\system32\vsxml.dll
    ——w 83,696 2007-03-08 23:01:30 C:\WINDOWS\system32\zlcomm.dll
    ——w 71,408 2007-03-08 23:01:32 C:\WINDOWS\system32\zlcommdb.dll
    —h–w 4,212 2007-04-08 14:39:37 C:\WINDOWS\system32\zllictbl.dat
    —-a-w 362,280 2007-03-08 23:01:10 C:\WINDOWS\system32\ZoneLabs\av.dll
    —-a-w 100,080 2007-03-08 23:01:10 C:\WINDOWS\system32\ZoneLabs\camupd.dll
    —-a-w 813,568 2004-01-30 11:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
    —-a-w 128,744 2007-03-08 23:01:14 C:\WINDOWS\system32\ZoneLabs\fbl.dll
    —-a-w 321,280 2007-03-08 23:01:14 C:\WINDOWS\system32\ZoneLabs\imsecure.dll
    —-a-w 714,472 2007-01-18 04:39:16 C:\WINDOWS\system32\ZoneLabs\qrbase.dll
    -c–a-w 677,608 2007-01-18 04:39:16 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
    —-a-w 173,808 2007-03-08 23:01:20 C:\WINDOWS\system32\ZoneLabs\scheduler.dll
    -c–a-w 2,432,259 2007-01-11 10:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat
    —-a-w 1,369,832 2007-01-18 04:39:18 C:\WINDOWS\system32\ZoneLabs\srescan.dll
    —-a-w 50,416 2007-01-18 04:39:20 C:\WINDOWS\system32\ZoneLabs\srescan.sys
    —-a-w 456,432 2007-03-08 23:01:20 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
    —-a-w 833,248 2007-06-13 18:33:45 C:\WINDOWS\system32\ZoneLabs\updating.dll
    —-a-w 141,104 2007-03-08 23:01:58 C:\WINDOWS\system32\ZoneLabs\updclient.exe
    -c–a-w 286,787 2007-01-11 16:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
    -c–a-w 503,875 2006-09-04 19:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll
    —-a-w 108,272 2007-03-08 23:01:24 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
    —-a-w 79,600 2007-03-08 23:01:24 C:\WINDOWS\system32\ZoneLabs\vsdb.dll
    —-a-w 75,568 2007-03-08 23:01:58 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    —-a-w 2,025,200 2007-03-08 23:01:26 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
    —-a-w 1,345,264 2007-03-08 23:01:28 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
    —-a-w 243,440 2007-03-08 23:01:28 C:\WINDOWS\system32\ZoneLabs\vsvault.dll
    -c–a-w 2,432,259 2007-01-11 10:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
    —-a-w 177,904 2007-03-08 23:01:32 C:\WINDOWS\system32\ZoneLabs\zlparser.dll
    —-a-w 79,608 2007-03-08 23:01:32 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
    —-a-w 378,608 2007-03-08 23:01:34 C:\WINDOWS\system32\ZoneLabs\zlsre.dll
    —-a-w 120,560 2007-03-08 23:01:34 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
    —-a-w 61,565 2006-12-19 17:13:50 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
    -c–a-w 114,813 2006-12-19 17:13:50 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
    -c–a-w 307,323 2006-12-19 17:13:50 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
    -c–a-w 36,923 2006-11-29 21:02:26 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
    -c–a-w 208,960 2006-09-19 22:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
    -c–a-w 274,514 2007-01-11 16:31:04 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
    -c–a-w 1,093,632 2006-12-19 17:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
    -c–a-w 184,445 2006-11-29 21:02:26 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
    -c–a-w 94,313 2006-12-19 17:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    —-a-w 200,704 2006-12-19 17:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
    —-a-w 21,568 2006-06-30 13:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
    —-a-w 288,408 2007-03-08 23:02:12 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
    —-a-w 153,240 2007-03-08 23:02:12 C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
    —-a-w 26,264 2007-03-08 23:02:14 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
    —-a-w 1,361,560 2007-03-08 23:02:14 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
    —-a-w 71,320 2007-03-08 23:02:14 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
    —-a-w 30,448 2007-03-08 23:04:42 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
    —-a-w 30,480 2007-03-08 23:04:44 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
    —-a-w 210,696 2007-03-08 23:04:44 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
    —-a-w 3,229,440 2007-03-08 23:04:46 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dit"="Dit.exe" [2003-12-30 00:33 C:\WINDOWS\Dit.exe]
    "CHotkey"="mHotkey.exe" [2004-02-05 14:45 C:\WINDOWS\mHotkey.exe]
    "PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2003-12-12 19:55]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-02-23 13:32]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-02-19 11:09]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
    "Cmaudio"="cmicnfg.cpl" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 22:39]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 09:43]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-06 15:57]
    "Hitman Pro SurfRight Helper"="C:\Program Files\Hitman Pro\srhelper.exe" [2007-10-09 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "SpecifyDefaultButtons"=0 (0x0)
    "Btn_Search"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\syste

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    R2 fxgpio;fxgpio;C:\WINDOWS\system32\drivers\fxgpio.sys
    R2 fxptl;fxptl;C:\WINDOWS\system32\drivers\fxptl.sys
    R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
    R3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
    S4 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-12 20:24:23 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-15 00:03:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-15 0:05:06
    C:\ComboFix2.txt … 2007-10-10 14:29
    C:\ComboFix3.txt … 2007-10-09 17:43
    .
    — E O F —
  • Dat ziet er weer goed uit!

    Download ATF Cleaner ( van Atribune)

    Dubbelklik op [b:bd2ce23390]ATF cleaner[/b:bd2ce23390] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:bd2ce23390]Firefox[/b:bd2ce23390] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:bd2ce23390]Opera[/b:bd2ce23390] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop [b:bd2ce23390]Exit[/b:bd2ce23390] om het programma af te sluiten.


    Hoe is het met je problemen?

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.