Vraag & Antwoord

19 antwoorden

Wanneer je het uitvoerenscherm ziet moet je dit intypen:

[b:a60bbe54a3]Combofix /U[/b:a60bbe54a3]

Vervolgens moet je op enter drukken.

Anoniem 25 januari 2009 16:17

Oke stom van mij, is gelukt nu :wink:

Anoniem 25 januari 2009 16:29

Hoi ik had laatst een boel virussen en andere troep op mijn pc nadat allemaal te hebben verwijderd met mbam en combifix - ccleaner - cleanup 40 en nog andere progjes werkte alles weer naar behoren. daarna wou ik mijn pc weer echt schoon hebben en heb ik HP-recovery uitgevoert zodat alles weer terug werd gesteld naar fabrieksinstellingen,maar naardat gedaan te hebben en alles weer herinstalleerd heb krijgt mijn pc een andere naam en zit ik nu dus met 3 mappen in document and settings (ALL Users - HP_Eigenaar - HP_Eigenaar.UW-4b58D8528…) voorheen had ik die laatste er niet bij nu is mijn vraag kan ik de map HP_Eigenaar verwijderen want volgens mij word alles wat in deze map zit niet meer gebruikt??

Ook krijg ik als ik mijn pc opstart op het welkoms scherm mijn afbeelding tezien met mijn gebruikersnaam waar ik op moet klikken om verder op te starten, voorheen had ik dat niet en starte hij gelijk door zonder dat ik ergens op hoefde te klikken.en er zijn niet meer account aanwezig op deze pc. Hoe kan ik dat instellen dat ik dat weer zo krijg als voorheen, heb bij gebruikersaccounts al het één en ander geprobeert maar helpt niet.

hier nog een vers Hijckthis log om te laten nakijken of het schoon is enof er eventueel nog wat regels uit verwijderd kunnen worden.

Alvast bedankt
Mvg. Ben

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:34, on 23-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCWZRD.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM302Snap.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Eigenaar.UW-4B58D8528225\Mijn documenten\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM302Snap.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232631259265
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

–
End of file - 9079 bytes

Anoniem 23 januari 2009 09:36

Gewoon kiezen voor een schone installatie van het systeem. :o Dus geen recovery maar Vista opnieuw installeren. :o

Anoniem 23 januari 2009 10:46

[quote:5ee8ef2b7c="THE DRAGON"]Gewoon kiezen voor een schone installatie van het systeem. :o Dus geen recovery maar Vista opnieuw installeren. :o[/quote:5ee8ef2b7c] XP natuurlijk. :oops:

Anoniem 23 januari 2009 10:54

Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:aa437d2aea] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:aa437d2aea]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download [b:aa437d2aea] en sla het op je bureaublad op.
Dubbelklik op [b:aa437d2aea]mbam-setup.exe[/b:aa437d2aea] om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:[list:aa437d2aea]
[*:aa437d2aea]Update MalwareBytes' Anti-Malware
[*:aa437d2aea]Start MalwareBytes' Anti-Malware
[/list:u:aa437d2aea]Klik daarna op "[b:aa437d2aea]Voltooien[/b:aa437d2aea]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:aa437d2aea]
[*:aa437d2aea]Zodra het programma gestart is, ga dan naar het tabblad "[b:aa437d2aea]Instellingen[/b:aa437d2aea]".
[*:aa437d2aea]Vink hier aan: "[b:aa437d2aea]Sluit Internet Explorer tijdens verwijdering van malware[/b:aa437d2aea]".
[*:aa437d2aea]Ga daarna naar het tabblad "[b:aa437d2aea]Scanner[/b:aa437d2aea]", kies hier voor "[b:aa437d2aea]Snelle Scan[/b:aa437d2aea]".
[*:aa437d2aea]Druk vervolgens op "[b:aa437d2aea]Scannen[/b:aa437d2aea]" om de scan te starten.
[*:aa437d2aea]Het scannen kan een tijdje duren, dus wees geduldig.

[*:aa437d2aea]Wanneer de scan voltooid is, klik op [b:aa437d2aea]OK[/b:aa437d2aea], daarna "[b:aa437d2aea]Bekijk Resultaten[/b:aa437d2aea]" om de resultaten te zien.
[*:aa437d2aea]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:aa437d2aea]Verwijder geselecteerde[/b:aa437d2aea]".
[*:aa437d2aea]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:aa437d2aea]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:aa437d2aea]Logs[/b:aa437d2aea]" tab te klikken in het programma.

Plaats dit logje.

Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

Anoniem 24 januari 2009 09:53

Hoi bedankt voor het in behandeling nemen van mijn probleem :wink:
ik heb de regel verwijderd uit de hijackt log en heb beide scans nog maal uit gevoerd. hier zijn de resultaten.

Mvg. Ben

Malwarebytes' Anti-Malware 1.33
Database versie: 1688
Windows 5.1.2600 Service Pack 3

24-1-2009 18:48:07
mbam-log-2009-01-24 (18-48-07).txt

Scan type: Snelle Scan
Objecten gescand: 54106
Verstreken tijd: 5 minute(s), 18 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

en log 2 van combofix

ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-24 18:49:17.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2059 [GMT 1:00]
Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
.

2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
2009-01-23 13:12 . 2009-01-24 18:48 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
2009-01-23 09:16 . 2007-03-18 18:06 475,136 –a—— c:\windows\system32\drivers\vvftav302.sys
2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
2009-01-22 23:12 . 2009-01-22 23:12 1,152 –a—— c:\windows\system32\windrv.sys
2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
2009-01-22 19:07 . 2009-01-23 09:44 <DIR> dr-hs—- c:\windows\system32\dllcache
2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
2009-01-22 16:31 . 2009-01-22 16:31 16 –a—— c:\windows\system32\coh.cache
2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
2009-01-22 16:20 . 2009-01-24 18:39 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
2009-01-22 14:15 . 2009-01-23 22:14 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 23:17 ——— d—–w c:\program files\Common Files\Symantec Shared
2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-22 10:52 ——— d—–w c:\program files\HP
2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
2009-01-22 10:46 139,264 —-a-w c:\windows\system32\hpzjrd01.dll
2009-01-22 10:39 ——— d—–w c:\program files\Java
2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-23_13.20.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 —-a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A90000000001}\SC_Reader.exe
+ 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-01-23 12:45:58 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-23 01:25:52 72,058 —-a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 23:53:11 72,058 —-a-w c:\windows\system32\perfc009.dat
- 2009-01-23 01:25:52 92,228 —-a-w c:\windows\system32\perfc013.dat
+ 2009-01-23 23:53:11 92,228 —-a-w c:\windows\system32\perfc013.dat
- 2009-01-23 01:25:52 442,662 —-a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 23:53:11 442,662 —-a-w c:\windows\system32\perfh009.dat
- 2009-01-23 01:25:52 510,946 —-a-w c:\windows\system32\perfh013.dat
+ 2009-01-23 23:53:11 510,946 —-a-w c:\windows\system32\perfh013.dat
+ 2009-01-24 17:37:23 16,384 —-atw c:\windows\temp\Perflib_Perfdata_94.dat
+ 2006-12-01 21:54:32 479,232 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
R3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2009-01-23 475136]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

— Andere Services/Drivers In Geheugen —

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
\Shell\Open\command - resycled\ntldr.com i:
.
Inhoud van de 'Gedeelde Taken' map

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
- c:\program files\Easy Internet signup\HPSdpApp.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 18:51:20
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-01-24 18:53:08
ComboFix-quarantined-files.txt 2009-01-24 17:53:05
ComboFix2.txt 2009-01-23 23:50:30
ComboFix3.txt 2009-01-23 12:21:49
ComboFix4.txt 2009-01-23 01:49:06
ComboFix5.txt 2009-01-24 17:48:53

Pre-Run: 194.900.635.648 bytes beschikbaar
Post-Run: 195,005,296,640 bytes beschikbaar

263 — E O F — 2009-01-23 01:33:29

Anoniem 24 januari 2009 17:59

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Anoniem 24 januari 2009 18:35

ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-24 19:54:43.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2002 [GMT 1:00]
Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\system32\coh.cache
c:\windows\system32\drivers\vvftav302.sys
c:\windows\system32\windrv.sys
c:\windows\temp\Perflib_Perfdata_94.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\coh.cache
c:\windows\system32\drivers\vvftav302.sys
c:\windows\system32\windrv.sys
c:\windows\temp\Perflib_Perfdata_94.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

——-\Service_vvftav302

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
.

2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
2009-01-23 13:12 . 2009-01-24 19:53 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
2009-01-22 19:07 . 2009-01-23 09:44 <DIR> dr-hs—- c:\windows\system32\dllcache
2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
2009-01-22 16:20 . 2009-01-24 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
2009-01-22 14:15 . 2009-01-23 22:14 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
2009-01-22 12:03 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-22 12:03 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
2009-01-22 12:03 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 23:17 ——— d—–w c:\program files\Common Files\Symantec Shared
2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-22 10:52 ——— d—–w c:\program files\HP
2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
2009-01-22 10:39 ——— d—–w c:\program files\Java
2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-23_13.20.49,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 —-a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 —-a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2007-12-12 14:06:42 295,606 —-a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A90000000001}\SC_Reader.exe
+ 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-01-23 12:45:58 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-23 01:25:52 72,058 —-a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 23:53:11 72,058 —-a-w c:\windows\system32\perfc009.dat
- 2009-01-23 01:25:52 92,228 —-a-w c:\windows\system32\perfc013.dat
+ 2009-01-23 23:53:11 92,228 —-a-w c:\windows\system32\perfc013.dat
- 2009-01-23 01:25:52 442,662 —-a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 23:53:11 442,662 —-a-w c:\windows\system32\perfh009.dat
- 2009-01-23 01:25:52 510,946 —-a-w c:\windows\system32\perfh013.dat
+ 2009-01-23 23:53:11 510,946 —-a-w c:\windows\system32\perfh013.dat
+ 2006-12-01 21:54:32 479,232 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

— Andere Services/Drivers In Geheugen —

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
\Shell\Open\command - resycled\ntldr.com i:
.
Inhoud van de 'Gedeelde Taken' map

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
- c:\program files\Easy Internet signup\HPSdpApp.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 19:58:30
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-24 20:01:57 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-24 19:01:54
ComboFix2.txt 2009-01-24 17:53:10
ComboFix3.txt 2009-01-23 23:50:30
ComboFix4.txt 2009-01-23 12:21:49
ComboFix5.txt 2009-01-24 18:54:08

Pre-Run: 194.930.728.960 bytes beschikbaar
Post-Run: 194,950,778,880 bytes beschikbaar

287 — E O F — 2009-01-23 01:33:29

Anoniem 24 januari 2009 19:03

Hoe staat het met de problemen?

Anoniem 24 januari 2009 19:20

Bedankt voor de hulp, volgens mij zijn er verder geen problemen meer aanwezig. Alleen de 2 vragen die ik in mijn eerste post heb gesteld zijn nog wel steeds van kracht als dat ook nog op te lossen valt ben ik weer helemaal happy

Mvg. Ben

Anoniem 24 januari 2009 23:18

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
Dubbelklik op Flash_Disinfector.exe om de tool te starten.
Als de tool klaar is, zal de computer opnieuw starten.

Anoniem 25 januari 2009 08:39

weet niet of ik het helemaal goed gedaan heb. maar heb eerst de tekst opgeslagen in het CFScript.txt bestand op mijn buroblad. daarna dat flash progje gedownload en laten lopen maar mijn scherm werd niet zwart wat het programma melde en was al ik 1 seconde klaar. daarna combofix weer laten scannen.

ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-25 11:50:39.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2044 [GMT 1:00]
Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
.

2009-01-25 01:31 . 2009-01-25 11:45 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
2009-01-22 19:07 . 2009-01-24 20:17 <DIR> dr-hs—- c:\windows\system32\dllcache
2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
2009-01-22 16:20 . 2009-01-25 11:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
2009-01-22 14:15 . 2009-01-25 11:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
2009-01-22 12:03 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-22 12:03 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
2009-01-22 12:03 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 23:42 ——— d—–w c:\program files\Common Files\Symantec Shared
2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-22 10:52 ——— d—–w c:\program files\HP
2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
2009-01-22 10:46 139,264 —-a-w c:\windows\system32\hpzjrd01.dll
2009-01-22 10:39 ——— d—–w c:\program files\Java
2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

— Andere Services/Drivers In Geheugen —

*NewlyCreated* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
- c:\program files\Easy Internet signup\HPSdpApp.exe []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 11:53:41
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-01-25 11:55:33
ComboFix-quarantined-files.txt 2009-01-25 10:55:30
ComboFix2.txt 2009-01-24 19:01:58
ComboFix3.txt 2009-01-24 17:53:10
ComboFix4.txt 2009-01-23 23:50:30
ComboFix5.txt 2009-01-25 10:50:00

Pre-Run: 187.219.550.208 bytes beschikbaar
Post-Run: 188,458,176,512 bytes beschikbaar

241 — E O F — 2009-01-23 01:33:29

Anoniem 25 januari 2009 11:00

Je moet wel al je usb sticks en externe harde schijfen er insteken waneer je Flash Disinfector gebruikt.

Anoniem 25 januari 2009 11:56

[quote:c0cf321f84="Othuroyo"]Je moet wel al je usb sticks en externe harde schijfen er insteken waneer je Flash Disinfector gebruikt.[/quote:c0cf321f84]

dat heb ik ook gedaan, in 2 poorten zit een USB stick in 1 poort een MP3 speler aan de achterzijde 2 externe harde schijven die ook aan staan.
De pc herstart ook niet uit zich zelf naar het gebruik van Flash Disinfector.

Anoniem 25 januari 2009 12:10

Dat lijkt me geen groot probleem, volgens mij start die alleen opnieuw op als een van de usb's geïnfecteerd is.

Heb je (naast de vragen) nog problemen?

Anoniem 25 januari 2009 13:32

Nee verder zijn er verder geen problemen wat mij opvalt buiten mijn vragen om dan. Wel valt mij op dat de koelers heel vaak volle poelen gaan draaien tewijl ik de pc nauwelijks belast, heb hem wel al schoon en stofvrij gemaakt van binnen maar dit helpt niet. Is overigens al een jaar zo ongeveer. weet ook niet waarom die dat doet misschien komt het door de leeftijd ofzo?

Mvg. Ben

Anoniem 25 januari 2009 14:45

Doe nog even dit:

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op

ATF cleaner om het programma te starten.
Op het tabblad Main, plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:

Klik op tabblad Firefox, plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
(dit haalt het vinkje weer weg bij Firefox saved passwords)
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:

Klik op tabblad Opera, plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
Klik op de knop Empty Selected.
Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt

Voor dat soort dingen moet je topic dan naar een andere sectie waar je verder geholpen kan worden.

Anoniem 25 januari 2009 15:25

Ik heb ATF cleaner gebruikt en alle tools verwijderd op combofix na.

(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)

Wat bedoel je met U typen?

wordt mijn topic nu verplaatst of moet ik zelf een nieuw topic starten in een ander gedeelte? zo ja waar kan ik die dan het beste posten voor mijn andere problemen?

Heel erg bedankt voor alle tijd en moeite die je er voor mij hebt in gestoken.

Mvg. Ben

Anoniem 25 januari 2009 16:09

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

hijackthis log en wat vragen

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!