Vraag & Antwoord

Beveiliging & privacy

hijackthis log en wat vragen

Anoniem
None
19 antwoorden
  • Hoi ik had laatst een boel virussen en andere troep op mijn pc nadat allemaal te hebben verwijderd met mbam en combifix - ccleaner - cleanup 40 en nog andere progjes werkte alles weer naar behoren. daarna wou ik mijn pc weer echt schoon hebben en heb ik HP-recovery uitgevoert zodat alles weer terug werd gesteld naar fabrieksinstellingen,maar naardat gedaan te hebben en alles weer herinstalleerd heb krijgt mijn pc een andere naam en zit ik nu dus met 3 mappen in document and settings (ALL Users - HP_Eigenaar - HP_Eigenaar.UW-4b58D8528…) voorheen had ik die laatste er niet bij nu is mijn vraag kan ik de map HP_Eigenaar verwijderen want volgens mij word alles wat in deze map zit niet meer gebruikt??

    Ook krijg ik als ik mijn pc opstart op het welkoms scherm mijn afbeelding tezien met mijn gebruikersnaam waar ik op moet klikken om verder op te starten, voorheen had ik dat niet en starte hij gelijk door zonder dat ik ergens op hoefde te klikken.en er zijn niet meer account aanwezig op deze pc. Hoe kan ik dat instellen dat ik dat weer zo krijg als voorheen, heb bij gebruikersaccounts al het één en ander geprobeert maar helpt niet.

    hier nog een vers Hijckthis log om te laten nakijken of het schoon is enof er eventueel nog wat regels uit verwijderd kunnen worden.

    Alvast bedankt
    Mvg. Ben


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:59:34, on 23-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\VM302Snap.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Eigenaar.UW-4B58D8528225\Mijn documenten\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM302Snap.exe
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232631259265
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 9079 bytes
  • Gewoon kiezen voor een schone installatie van het systeem. :o Dus geen recovery maar Vista opnieuw installeren. :o
  • [quote:5ee8ef2b7c="THE DRAGON"]Gewoon kiezen voor een schone installatie van het systeem. :o Dus geen recovery maar Vista opnieuw installeren. :o[/quote:5ee8ef2b7c] XP natuurlijk. :oops:
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:aa437d2aea] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:aa437d2aea]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:aa437d2aea] en sla het op je bureaublad op.
    Dubbelklik op [b:aa437d2aea]mbam-setup.exe[/b:aa437d2aea] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:aa437d2aea]
    [*:aa437d2aea]Update MalwareBytes' Anti-Malware
    [*:aa437d2aea]Start MalwareBytes' Anti-Malware
    [/list:u:aa437d2aea]Klik daarna op "[b:aa437d2aea]Voltooien[/b:aa437d2aea]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:aa437d2aea]
    [*:aa437d2aea]Zodra het programma gestart is, ga dan naar het tabblad "[b:aa437d2aea]Instellingen[/b:aa437d2aea]".
    [*:aa437d2aea]Vink hier aan: "[b:aa437d2aea]Sluit Internet Explorer tijdens verwijdering van malware[/b:aa437d2aea]".
    [*:aa437d2aea]Ga daarna naar het tabblad "[b:aa437d2aea]Scanner[/b:aa437d2aea]", kies hier voor "[b:aa437d2aea]Snelle Scan[/b:aa437d2aea]".
    [*:aa437d2aea]Druk vervolgens op "[b:aa437d2aea]Scannen[/b:aa437d2aea]" om de scan te starten.
    [*:aa437d2aea]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:aa437d2aea]Wanneer de scan voltooid is, klik op [b:aa437d2aea]OK[/b:aa437d2aea], daarna "[b:aa437d2aea]Bekijk Resultaten[/b:aa437d2aea]" om de resultaten te zien.
    [*:aa437d2aea]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:aa437d2aea]Verwijder geselecteerde[/b:aa437d2aea]".
    [*:aa437d2aea]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:aa437d2aea]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:aa437d2aea]Logs[/b:aa437d2aea]" tab te klikken in het programma.

    Plaats dit logje.

    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje.
  • Hoi bedankt voor het in behandeling nemen van mijn probleem :wink:
    ik heb de regel verwijderd uit de hijackt log en heb beide scans nog maal uit gevoerd. hier zijn de resultaten.

    Mvg. Ben

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1688
    Windows 5.1.2600 Service Pack 3

    24-1-2009 18:48:07
    mbam-log-2009-01-24 (18-48-07).txt

    Scan type: Snelle Scan
    Objecten gescand: 54106
    Verstreken tijd: 5 minute(s), 18 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)




    en log 2 van combofix






    ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-24 18:49:17.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2059 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
    AV: Norton 360 *On-access scanning enabled* (Updated)
    FW: Norton 360 *enabled*
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
    2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
    2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
    2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
    2009-01-23 13:12 . 2009-01-24 18:48 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
    2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
    2009-01-23 09:16 . 2007-03-18 18:06 475,136 –a—— c:\windows\system32\drivers\vvftav302.sys
    2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
    2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
    2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
    2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
    2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
    2009-01-22 23:12 . 2009-01-22 23:12 1,152 –a—— c:\windows\system32\windrv.sys
    2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
    2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
    2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
    2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
    2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
    2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
    2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
    2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
    2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
    2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
    2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
    2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
    2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
    2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
    2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
    2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
    2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
    2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
    2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
    2009-01-22 19:07 . 2009-01-23 09:44 <DIR> dr-hs—- c:\windows\system32\dllcache
    2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
    2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
    2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
    2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
    2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
    2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
    2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
    2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
    2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
    2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
    2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
    2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
    2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
    2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
    2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
    2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
    2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
    2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
    2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
    2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
    2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
    2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-01-22 16:31 . 2009-01-22 16:31 16 –a—— c:\windows\system32\coh.cache
    2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
    2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
    2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
    2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
    2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
    2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
    2009-01-22 16:20 . 2009-01-24 18:39 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
    2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
    2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
    2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
    2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
    2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
    2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
    2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
    2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
    2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
    2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
    2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
    2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
    2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
    2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
    2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
    2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
    2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
    2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
    2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
    2009-01-22 14:15 . 2009-01-23 22:14 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
    2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
    2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
    2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
    2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
    2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
    2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
    2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 23:17 ——— d—–w c:\program files\Common Files\Symantec Shared
    2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
    2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
    2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
    2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
    2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
    2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
    2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-22 10:52 ——— d—–w c:\program files\HP
    2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
    2009-01-22 10:46 139,264 —-a-w c:\windows\system32\hpzjrd01.dll
    2009-01-22 10:39 ——— d—–w c:\program files\Java
    2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
    2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-23_13.20.49,75 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-12 14:06:42 295,606 —-a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A90000000001}\SC_Reader.exe
    + 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-01-23 12:45:58 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-23 01:25:52 72,058 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-23 23:53:11 72,058 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-23 01:25:52 92,228 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-23 23:53:11 92,228 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-23 01:25:52 442,662 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-23 23:53:11 442,662 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-23 01:25:52 510,946 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-23 23:53:11 510,946 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-24 17:37:23 16,384 —-atw c:\windows\temp\Perflib_Perfdata_94.dat
    + 2006-12-01 21:54:32 479,232 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-12-01 21:54:34 548,864 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2006-12-01 21:54:32 626,688 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
    R3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2009-01-23 475136]
    R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - COMHOST

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
    \Shell\Open\command - resycled\ntldr.com i:
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

    2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 18:51:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-01-24 18:53:08
    ComboFix-quarantined-files.txt 2009-01-24 17:53:05
    ComboFix2.txt 2009-01-23 23:50:30
    ComboFix3.txt 2009-01-23 12:21:49
    ComboFix4.txt 2009-01-23 01:49:06
    ComboFix5.txt 2009-01-24 17:48:53

    Pre-Run: 194.900.635.648 bytes beschikbaar
    Post-Run: 195,005,296,640 bytes beschikbaar

    263 — E O F — 2009-01-23 01:33:29
  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-24 19:54:43.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2002 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\CFScript.txt
    AV: Norton 360 *On-access scanning enabled* (Updated)
    FW: Norton 360 *enabled*
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system32\coh.cache
    c:\windows\system32\drivers\vvftav302.sys
    c:\windows\system32\windrv.sys
    c:\windows\temp\Perflib_Perfdata_94.dat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\coh.cache
    c:\windows\system32\drivers\vvftav302.sys
    c:\windows\system32\windrv.sys
    c:\windows\temp\Perflib_Perfdata_94.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_vvftav302


    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
    2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
    2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
    2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
    2009-01-23 13:12 . 2009-01-24 19:53 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
    2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
    2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
    2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
    2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
    2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
    2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
    2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
    2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
    2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
    2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
    2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
    2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
    2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
    2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
    2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
    2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
    2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
    2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
    2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
    2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
    2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
    2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
    2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
    2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
    2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
    2009-01-22 19:07 . 2009-01-23 09:44 <DIR> dr-hs—- c:\windows\system32\dllcache
    2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
    2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
    2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
    2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
    2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
    2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
    2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
    2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
    2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
    2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
    2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
    2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
    2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
    2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
    2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
    2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
    2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
    2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
    2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
    2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
    2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
    2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
    2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
    2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
    2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
    2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
    2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
    2009-01-22 16:20 . 2009-01-24 19:03 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
    2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
    2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
    2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
    2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
    2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
    2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
    2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
    2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
    2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
    2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
    2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
    2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
    2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
    2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
    2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
    2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
    2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
    2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
    2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
    2009-01-22 14:15 . 2009-01-23 22:14 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
    2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
    2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
    2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
    2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
    2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
    2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
    2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
    2009-01-22 12:03 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-01-22 12:03 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
    2009-01-22 12:03 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 23:17 ——— d—–w c:\program files\Common Files\Symantec Shared
    2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
    2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
    2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
    2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
    2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
    2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
    2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-22 10:52 ——— d—–w c:\program files\HP
    2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
    2009-01-22 10:39 ——— d—–w c:\program files\Java
    2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
    2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-23_13.20.49,75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-10-20 18:02:28 163,328 —-a-w c:\windows\erdnt\subs\ERDNT.EXE
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\erdnt\subs\ERDNT.EXE
    + 2007-12-12 14:06:42 295,606 —-a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A90000000001}\SC_Reader.exe
    + 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-23 12:45:58 16,384 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-01-23 12:45:58 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-23 01:25:52 72,058 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-23 23:53:11 72,058 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-23 01:25:52 92,228 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-23 23:53:11 92,228 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-23 01:25:52 442,662 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-23 23:53:11 442,662 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-23 01:25:52 510,946 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-23 23:53:11 510,946 —-a-w c:\windows\system32\perfh013.dat
    + 2006-12-01 21:54:32 479,232 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-12-01 21:54:34 548,864 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2006-12-01 21:54:32 626,688 —-a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
    R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - COMHOST

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
    \Shell\Open\command - resycled\ntldr.com i:
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

    2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 19:58:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-24 20:01:57 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-24 19:01:54
    ComboFix2.txt 2009-01-24 17:53:10
    ComboFix3.txt 2009-01-23 23:50:30
    ComboFix4.txt 2009-01-23 12:21:49
    ComboFix5.txt 2009-01-24 18:54:08

    Pre-Run: 194.930.728.960 bytes beschikbaar
    Post-Run: 194,950,778,880 bytes beschikbaar

    287 — E O F — 2009-01-23 01:33:29
  • Hoe staat het met de problemen?
  • Bedankt voor de hulp, volgens mij zijn er verder geen problemen meer aanwezig. Alleen de 2 vragen die ik in mijn eerste post heb gesteld zijn nog wel steeds van kracht als dat ook nog op te lossen valt ben ik weer helemaal happy :D

    Mvg. Ben
  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.
    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.





  • weet niet of ik het helemaal goed gedaan heb. maar heb eerst de tekst opgeslagen in het CFScript.txt bestand op mijn buroblad. daarna dat flash progje gedownload en laten lopen maar mijn scherm werd niet zwart wat het programma melde en was al ik 1 seconde klaar. daarna combofix weer laten scannen.


    ComboFix 09-01-21.04 - HP_Eigenaar 2009-01-25 11:50:39.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2559.2044 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Bureaublad\CFScript.txt
    AV: Norton 360 *On-access scanning enabled* (Updated)
    FW: Norton 360 *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
    .

    2009-01-25 01:31 . 2009-01-25 11:45 <DIR> dr-h—– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Onlangs geopend
    2009-01-24 00:26 . 2009-01-24 00:26 <DIR> dr–s—- C:\assembly
    2009-01-24 00:22 . 2009-01-24 00:22 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Codemonster
    2009-01-24 00:21 . 2009-01-24 00:21 15 –a—— c:\windows\WinPatchService
    2009-01-23 22:59 . 2009-01-23 23:00 <DIR> d——– c:\program files\Windows Live Safety Center
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\program files\NOS
    2009-01-23 13:45 . 2009-01-23 13:45 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 91,648 –a—— c:\windows\system32\dllcache\kswdmcap.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:03 61,952 –a—— c:\windows\system32\dllcache\kstvtune.ax
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:02 54,272 –a—— c:\windows\system32\dllcache\vfwwdm32.dll
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\ksxbar.ax
    2009-01-23 09:42 . 2008-04-14 18:03 43,008 –a—— c:\windows\system32\dllcache\ksxbar.ax
    2009-01-23 09:16 . 2007-08-08 10:59 1,472,896 –a—— c:\windows\system32\drivers\usbVM302.sys
    2009-01-23 09:16 . 2007-10-18 18:44 348,160 –a—— c:\windows\system32\VM302Prp.Ax
    2009-01-23 09:16 . 2007-04-05 09:50 106,496 –a—— c:\windows\system32\vvftprpav302.ax
    2009-01-23 09:16 . 2004-12-10 14:30 61,440 –a—— c:\windows\system32\VM302STI.dll
    2009-01-23 09:16 . 2007-03-02 13:22 46,592 –a—— c:\windows\system32\VvFtCtrl.dll
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\program files\Vimicro
    2009-01-23 09:15 . 2009-01-23 09:15 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InstallShield
    2009-01-23 04:31 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-01-23 04:31 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-01-23 02:16 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-23 02:15 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
    2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d——– c:\program files\Common Files\Download Manager
    2009-01-22 22:51 . 2009-01-22 22:51 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Ahead
    2009-01-22 21:03 . 2009-01-22 21:03 <DIR> d——– c:\program files\K-Lite Codec Pack
    2009-01-22 21:03 . 2007-05-02 20:04 3,596,288 –a—— c:\windows\system32\qt-dx331.dll
    2009-01-22 21:03 . 2007-01-20 21:26 1,565,480 –a—— c:\windows\system32\wmv9vcm.dll
    2009-01-22 21:03 . 2007-05-11 06:37 740,442 –a—— c:\windows\system32\divx.dll
    2009-01-22 21:03 . 2007-04-28 14:54 593,920 –a—— c:\windows\system32\xvidcore.dll
    2009-01-22 21:03 . 2004-01-25 18:18 217,088 –a—— c:\windows\system32\yv12vfw.dll
    2009-01-22 21:03 . 2006-11-01 14:54 180,224 –a—— c:\windows\system32\xvidvfw.dll
    2009-01-22 21:03 . 2006-05-13 23:16 118,784 –a—— c:\windows\system32\ac3acm.acm
    2009-01-22 21:03 . 2007-05-02 20:02 73,728 –a—— c:\windows\system32\dpl100.dll
    2009-01-22 21:03 . 2007-05-08 20:23 10,752 –a—— c:\windows\system32\ff_vfw.dll
    2009-01-22 21:03 . 2005-02-24 18:56 547 –a—— c:\windows\system32\ff_vfw.dll.manifest
    2009-01-22 20:34 . 2008-07-30 17:42 23,888 –a—— c:\windows\system32\drivers\COH_Mon.sys
    2009-01-22 20:34 . 2008-07-30 17:28 10,537 –a—— c:\windows\system32\drivers\COH_Mon.cat
    2009-01-22 20:34 . 2008-07-30 17:28 706 –a—— c:\windows\system32\drivers\COH_Mon.inf
    2009-01-22 19:51 . 2009-01-22 19:52 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-22 19:23 . 2009-01-22 19:25 <DIR> d——– c:\program files\MSN Messenger
    2009-01-22 19:11 . 2006-11-29 13:06 3,426,072 –a—— c:\windows\system32\d3dx9_32.dll
    2009-01-22 19:10 . 2009-01-22 19:10 <DIR> d——– c:\program files\Microsoft
    2009-01-22 19:07 . 2009-01-24 20:17 <DIR> dr-hs—- c:\windows\system32\dllcache
    2009-01-22 19:07 . 2009-01-22 19:13 <DIR> dr——- c:\windows\system32\config\systemprofile\Menu Start
    2009-01-22 19:03 . 2009-01-22 19:03 <DIR> d——– c:\program files\Common Files\Windows Live
    2009-01-22 19:02 . 2009-01-23 19:56 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Contacts
    2009-01-22 18:24 . 2009-01-22 18:24 <DIR> d——– c:\program files\UnderCoverXP
    2009-01-22 18:22 . 2009-01-22 18:22 <DIR> d——– c:\program files\PIXresizer
    2009-01-22 18:22 . 2001-08-23 15:25 1,706,800 –a—— c:\windows\system32\gdiplus.dll
    2009-01-22 18:22 . 2000-12-05 23:00 209,608 –a—— c:\windows\system32\tabctl32.ocx
    2009-01-22 18:22 . 1996-01-12 00:00 200,704 –a—— c:\windows\system32\threed32.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 164,144 –a—— c:\windows\system32\comct232.ocx
    2009-01-22 18:22 . 1999-09-16 09:04 151,552 –a—— c:\windows\system32\ccrpfd6.ocx
    2009-01-22 18:22 . 1998-06-24 00:00 140,096 –a—— c:\windows\system32\comdlg32.ocx
    2009-01-22 18:22 . 2000-05-01 23:02 110,592 –a—— c:\windows\system32\ccrpbds6.dll
    2009-01-22 18:22 . 2000-07-09 18:15 106,496 –a—— c:\windows\system32\mbprgbar.ocx
    2009-01-22 18:22 . 2004-01-12 11:05 69,632 –a—— c:\windows\system32\imageviewer2.ocx
    2009-01-22 18:21 . 2009-01-22 18:21 <DIR> d——– c:\program files\PrintKey2000
    2009-01-22 18:18 . 2009-01-22 18:18 <DIR> d——– c:\program files\DVD Shrink
    2009-01-22 18:17 . 2009-01-22 18:17 <DIR> d——– c:\program files\SRSLabs
    2009-01-22 18:08 . 2009-01-22 18:08 23 –a—— c:\windows\system32\WinCustom_Info.dat
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-22 17:59 . 2009-01-22 17:59 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-22 17:44 . 2009-01-22 17:48 <DIR> d——– c:\program files\CCleaner
    2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d——– c:\program files\CleanUp!
    2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Malwarebytes
    2009-01-22 17:35 . 2009-01-22 17:51 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 17:35 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-22 17:35 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-22 17:07 . 2009-01-23 18:29 378 –a—— c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\wklnhst.dat
    2009-01-22 17:01 . 2009-01-22 17:01 <DIR> d——– c:\windows\ShellNew
    2009-01-22 16:53 . 2009-01-22 17:02 <DIR> d——– c:\program files\Microsoft Works
    2009-01-22 16:50 . 2009-01-22 16:50 <DIR> d——– c:\program files\Microsoft Works Suite 2005
    2009-01-22 16:36 . 2009-01-23 09:16 <DIR> d—-c— c:\windows\system32\DRVSTORE
    2009-01-22 16:23 . 2009-01-23 13:51 <DIR> d——– c:\program files\Norton 360
    2009-01-22 16:22 . 2009-01-22 16:37 124,464 –a—— c:\windows\system32\drivers\SYMEVENT.SYS
    2009-01-22 16:22 . 2009-01-22 16:37 60,808 –a—— c:\windows\system32\S32EVNT1.DLL
    2009-01-22 16:22 . 2009-01-22 16:37 10,635 –a—— c:\windows\system32\drivers\SYMEVENT.CAT
    2009-01-22 16:22 . 2009-01-22 16:37 806 –a—— c:\windows\system32\drivers\SYMEVENT.INF
    2009-01-22 16:21 . 2009-01-22 16:37 <DIR> d——– c:\program files\Symantec
    2009-01-22 16:20 . 2009-01-25 11:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Symantec
    2009-01-22 16:09 . 2009-01-22 16:09 <DIR> d——– c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-01-22 15:53 . 2001-07-09 10:50 155,648 –a—— c:\windows\system32\NeroCheck.exe
    2009-01-22 15:53 . 2001-03-08 18:30 24,064 ——— c:\windows\system32\msxml3a.dll
    2009-01-22 15:52 . 2009-01-22 15:54 <DIR> d——– c:\program files\Ahead
    2009-01-22 15:52 . 2009-01-22 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\Ahead
    2009-01-22 15:52 . 2004-07-26 16:16 1,568,768 ——— c:\windows\system32\ImagX7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 476,320 ——— c:\windows\system32\ImagXpr7.dll
    2009-01-22 15:52 . 2004-07-26 16:16 471,040 ——— c:\windows\system32\ImagXRA7.dll
    2009-01-22 15:52 . 2004-07-09 08:43 364,544 ——— c:\windows\system32\TwnLib4.dll
    2009-01-22 15:52 . 2004-07-26 16:16 262,144 ——— c:\windows\system32\ImagXR7.dll
    2009-01-22 15:52 . 2000-06-26 10:45 106,496 –a—— c:\windows\system32\TwnLib20.dll
    2009-01-22 15:52 . 2001-06-26 07:15 38,912 ——— c:\windows\system32\picn20.dll
    2009-01-22 15:49 . 2004-08-16 21:00 116,736 –a—— c:\windows\system32\CNMLM6s.DLL
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:47 25,856 –a—— c:\windows\system32\dllcache\usbprint.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\drivers\usbscan.sys
    2009-01-22 15:49 . 2008-04-13 19:45 15,104 –a—— c:\windows\system32\dllcache\usbscan.sys
    2009-01-22 15:49 . 2004-08-16 21:00 7,680 –a—— c:\windows\system32\CNMVS6s.DLL
    2009-01-22 15:48 . 2009-01-22 15:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ScanSoft
    2009-01-22 15:43 . 2009-01-22 15:46 <DIR> d——– c:\program files\Canon
    2009-01-22 15:24 . 2009-01-22 19:25 <DIR> d——– c:\program files\Messenger Plus! Live
    2009-01-22 15:21 . 2009-01-22 19:16 <DIR> d——– c:\program files\Windows Live
    2009-01-22 14:51 . 2009-01-22 14:51 <DIR> d——– c:\program files\LSI SoftModem
    2009-01-22 14:49 . 2009-01-22 14:49 <DIR> d——– c:\windows\system32\LogFiles
    2009-01-22 14:49 . 2009-01-22 21:11 <DIR> d——– c:\windows\system32\drivers\UMDF
    2009-01-22 14:49 . 2007-08-28 01:59 124,376 –a—— c:\windows\system32\nvapps.nvb
    2009-01-22 14:15 . 2009-01-25 11:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\uTorrent
    2009-01-22 13:45 . 2009-01-22 13:45 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\AdobeUM
    2009-01-22 13:44 . 2009-01-22 13:44 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Leadertech
    2009-01-22 13:15 . 2009-01-22 22:48 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\Media Player Classic
    2009-01-22 12:58 . 2009-01-22 12:58 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\InterVideo
    2009-01-22 12:49 . 2009-01-22 12:49 <DIR> d——– c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Application Data\ArcSoft
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\nl
    2009-01-22 12:23 . 2009-01-22 12:23 <DIR> d——– c:\windows\system32\bits
    2009-01-22 12:03 . 2009-01-23 02:18 <DIR> d——– c:\windows\system32\nl-nl
    2009-01-22 12:03 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-01-22 12:03 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
    2009-01-22 12:03 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-01-22 12:03 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
    2009-01-22 12:03 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 23:42 ——— d—–w c:\program files\Common Files\Symantec Shared
    2009-01-23 01:51 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-22 17:07 ——— d—–w c:\program files\TweakNow PowerPack 2006
    2009-01-22 14:48 ——— d—–w c:\program files\Common Files\ScanSoft Shared
    2009-01-22 14:36 ——— d—–w c:\program files\uTorrent
    2009-01-22 13:31 ——— d—–w c:\program files\Common Files\Sonic Shared
    2009-01-22 13:30 ——— d—–w c:\program files\Common Files\InstallShield
    2009-01-22 13:07 ——— d—–w c:\program files\InterVideo
    2009-01-22 12:51 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-22 10:52 ——— d—–w c:\program files\HP
    2009-01-22 10:52 ——— d—–w c:\program files\Hewlett-Packard
    2009-01-22 10:46 139,264 —-a-w c:\windows\system32\hpzjrd01.dll
    2009-01-22 10:39 ——— d—–w c:\program files\Java
    2009-01-21 22:36 ——— d—–w c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-01-06 11:47 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-25 21:52 3,335,148 —-a-w c:\windows\Advanced.scr
    2008-11-25 21:52 230,818 —-a-w c:\windows\uninstall Advanced.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "BigDogPath"="c:\windows\VM302Snap.exe" [2007-10-25 57344]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 c:\windows\ALCWZRD.EXE]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-22 99376]
    R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-23 33752]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - COMHOST
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

    2009-01-23 c:\windows\Tasks\Easy Onderhoud.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2009-01-22 c:\windows\Tasks\Eenvoudige Internetaanmelding.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q305&bd=pavilion&pf=desktop
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-25 11:53:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-01-25 11:55:33
    ComboFix-quarantined-files.txt 2009-01-25 10:55:30
    ComboFix2.txt 2009-01-24 19:01:58
    ComboFix3.txt 2009-01-24 17:53:10
    ComboFix4.txt 2009-01-23 23:50:30
    ComboFix5.txt 2009-01-25 10:50:00

    Pre-Run: 187.219.550.208 bytes beschikbaar
    Post-Run: 188,458,176,512 bytes beschikbaar

    241 — E O F — 2009-01-23 01:33:29
  • Je moet wel al je usb sticks en externe harde schijfen er insteken waneer je Flash Disinfector gebruikt.
  • [quote:c0cf321f84="Othuroyo"]Je moet wel al je usb sticks en externe harde schijfen er insteken waneer je Flash Disinfector gebruikt.[/quote:c0cf321f84]

    dat heb ik ook gedaan, in 2 poorten zit een USB stick in 1 poort een MP3 speler aan de achterzijde 2 externe harde schijven die ook aan staan.
    De pc herstart ook niet uit zich zelf naar het gebruik van Flash Disinfector.
  • Dat lijkt me geen groot probleem, volgens mij start die alleen opnieuw op als een van de usb's geïnfecteerd is.

    Heb je (naast de vragen) nog problemen?
  • Nee verder zijn er verder geen problemen wat mij opvalt buiten mijn vragen om dan. Wel valt mij op dat de koelers heel vaak volle poelen gaan draaien tewijl ik de pc nauwelijks belast, heb hem wel al schoon en stofvrij gemaakt van binnen maar dit helpt niet. Is overigens al een jaar zo ongeveer. weet ook niet waarom die dat doet misschien komt het door de leeftijd ofzo?

    Mvg. Ben
  • Doe nog even dit:

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt


    Voor dat soort dingen moet je topic dan naar een andere sectie waar je verder geholpen kan worden.
  • Ik heb ATF cleaner gebruikt en alle tools verwijderd op combofix na.

    (Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)

    Wat bedoel je met U typen?

    wordt mijn topic nu verplaatst of moet ik zelf een nieuw topic starten in een ander gedeelte? zo ja waar kan ik die dan het beste posten voor mijn andere problemen?

    Heel erg bedankt voor alle tijd en moeite die je er voor mij hebt in gestoken.

    Mvg. Ben
  • Wanneer je het uitvoerenscherm ziet moet je dit intypen:

    [b:a60bbe54a3]Combofix /U[/b:a60bbe54a3]

    Vervolgens moet je op enter drukken.
  • Oke stom van mij, is gelukt nu :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.