Vraag & Antwoord

Beveiliging & privacy

Windows beveiliging belet openen programmaatje

Anoniem
None
30 antwoorden
  • nee, tijdens Combofix is er niets anders gedaan. Inmiddels wel die trojan remover laten kijken. Dat is m.i. een te betalen programma. Vond bv. ook Crossloop dat met VNG werkt.Verder die eerder genoemde rogue, en nog 2 of 3 dingen die m.i. onschuldig waren. Kon ze dus niet verwijderen.
    En wat bedoel je met: "Ik vind namelijk in het Combofix-log deze vermelding: windows\tasks\$~$sys0$.job."?
  • Indien jouw dit onbekend is, laat dat even weten weten, dan maak ik een definitief fix bestand voor je!
  • dat is inderdaad onbekend terrein voor mij. Graag je hulp!
  • Hallo Franss, het volgende gaan dooen:

    open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
    kopieer en plak de volgende (vetgedrukte, blauwe tekst) in een leeg venster


    [b:47c58260a3]
  • er kwam een melding:
    [img:af1f916b60]http://i44.tinypic.com/208xov4.jpg[/img:af1f916b60]
    maar ik kon toch doorgaan. Hier het log:
    ComboFix 10-04-06.03 - Frans 07-04-2010 19:15:00.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.738 [GMT 2:00]
    Gestart vanuit: e:\documents and settings\Frans\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: e:\documents and settings\Frans\Bureaublad\CFscript.txt
    AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Aanwezig AV is actief


    FILE ::
    "e:\windows\unins000.dat"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    e:\documents and settings\All Users\Application Data\106d6b2
    e:\documents and settings\All Users\Application Data\106d6b2\38.mof
    e:\documents and settings\All Users\Application Data\106d6b2\CU106d.exe
    e:\documents and settings\All Users\Application Data\106d6b2\CUA.ico
    e:\documents and settings\All Users\Application Data\106d6b2\CUASys\vd952342.bd
    e:\documents and settings\All Users\Application Data\106d6b2\mozcrt19.dll
    e:\documents and settings\All Users\Application Data\106d6b2\sqlite3.dll
    e:\documents and settings\All Users\Application Data\CUPPBSYYA
    e:\documents and settings\All Users\Application Data\CUPPBSYYA\CUVCSDQXOXA.cfg
    e:\windows\unins000.dat

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-03-07 to 2010-04-07 ))))))))))))))))))))))))))))))
    .

    2010-04-07 17:09 . 2010-04-07 15:39 ——– d—–w- E:\32788R22FWJFW
    2010-04-07 14:28 . 2010-04-07 16:20 ——– d–h–r- e:\documents and settings\Frans\Onlangs geopend
    2010-04-07 07:54 . 2010-04-07 07:54 5918776 —-a-w- e:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 14:24 . 2010-04-06 14:24 ——– d—–w- e:\documents and settings\All Users\Application Data\ArcSoft
    2010-04-06 14:23 . 2010-04-06 14:23 ——– d—–w- e:\program files\Common Files\InstallShield
    2010-04-06 14:12 . 2010-04-06 14:12 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\ArcSoft
    2010-04-06 14:11 . 2010-04-07 05:50 ——– d—–w- e:\documents and settings\Frans\Application Data\ArcSoft
    2010-04-06 14:10 . 2005-02-23 12:58 11776 —-a-w- e:\windows\system32\drivers\afc.sys
    2010-04-06 14:10 . 2010-04-07 05:48 ——– d—–w- e:\program files\Common Files\ArcSoft
    2010-04-06 14:09 . 2010-04-07 05:49 ——– d—–w- e:\program files\ArcSoft
    2010-04-06 11:28 . 2010-04-06 11:28 ——– d—–w- e:\documents and settings\Frans\Application Data\HD Tune Pro
    2010-04-06 11:28 . 2010-04-06 11:28 ——– d—–w- e:\program files\HD Tune Pro
    2010-04-05 16:51 . 2010-04-06 06:40 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Conduit
    2010-04-03 09:37 . 2007-10-12 13:14 3734536 —-a-w- e:\windows\system32\d3dx9_36.dll
    2010-04-03 09:31 . 2010-04-03 09:31 ——– d—–w- e:\program files\SiSoftware
    2010-04-02 11:43 . 2010-04-02 11:43 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\PassMark
    2010-04-02 11:43 . 2008-07-12 06:18 467984 —-a-w- e:\windows\system32\d3dx10_39.dll
    2010-04-02 11:43 . 2008-07-12 06:18 1493528 —-a-w- e:\windows\system32\D3DCompiler_39.dll
    2010-04-02 11:43 . 2008-07-12 06:18 3851784 —-a-w- e:\windows\system32\D3DX9_39.dll
    2010-04-02 11:43 . 2006-09-28 14:05 2414360 —-a-w- e:\windows\system32\d3dx9_31.dll
    2010-04-02 11:42 . 2010-04-02 11:42 ——– d—–w- e:\windows\Logs
    2010-04-02 11:42 . 2010-04-02 11:42 ——– d—–w- e:\documents and settings\All Users\Application Data\PassMark
    2010-04-01 15:01 . 2010-04-01 15:01 ——– d—–w- e:\program files\Java
    2010-04-01 14:34 . 2010-04-02 11:40 ——– d—–w- e:\program files\DiskCheckup
    2010-04-01 14:05 . 2010-04-01 14:05 ——– d—–w- e:\program files\Seagate
    2010-04-01 12:18 . 2010-04-01 12:31 ——– d—–w- e:\program files\CrystalDiskInfo
    2010-03-31 10:08 . 2010-03-31 10:58 ——– d—a-w- e:\documents and settings\All Users\Application Data\TEMP
    2010-03-30 10:25 . 2010-03-30 10:25 ——– d—–w- e:\program files\Lavalys
    2010-03-30 08:10 . 2010-03-30 08:10 ——– d—–w- e:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-03-30 07:43 . 2001-09-06 19:26 9728 -c–a-w- e:\windows\system32\dllcache\brcoinst.dll
    2010-03-30 07:43 . 2001-09-06 19:26 12800 -c–a-w- e:\windows\system32\dllcache\brevif.dll
    2010-03-30 07:43 . 2001-09-06 19:26 19456 -c–a-w- e:\windows\system32\dllcache\brbidiif.dll
    2010-03-30 07:43 . 2001-09-06 19:26 103936 -c–a-w- e:\windows\system32\dllcache\binlsvc.dll
    2010-03-30 07:41 . 2001-08-17 18:49 26624 -c–a-w- e:\windows\system32\dllcache\ativxbar.sys
    2010-03-30 07:40 . 2001-08-17 18:11 16969 -c–a-w- e:\windows\system32\dllcache\amb8002.sys
    2010-03-30 07:40 . 2001-08-17 19:51 5248 -c–a-w- e:\windows\system32\dllcache\aliide.sys
    2010-03-30 07:40 . 2001-08-17 19:49 26624 -c–a-w- e:\windows\system32\dllcache\alifir.sys
    2010-03-30 07:40 . 2001-08-17 18:11 27678 -c–a-w- e:\windows\system32\dllcache\ali5261.sys
    2010-03-30 07:40 . 2001-08-17 20:07 56960 -c–a-w- e:\windows\system32\dllcache\aic78xx.sys
    2010-03-30 07:40 . 2001-08-17 20:07 55168 -c–a-w- e:\windows\system32\dllcache\aic78u2.sys
    2010-03-30 07:40 . 2001-08-17 19:52 12800 -c–a-w- e:\windows\system32\dllcache\aha154x.sys
    2010-03-30 07:38 . 2001-08-17 20:07 101888 -c–a-w- e:\windows\system32\dllcache\adpu160m.sys
    2010-03-30 07:38 . 2001-08-17 18:11 46112 -c–a-w- e:\windows\system32\dllcache\adptsf50.sys
    2010-03-30 07:38 . 2008-04-13 20:06 10880 -c–a-w- e:\windows\system32\dllcache\admjoy.sys
    2010-03-30 07:38 . 2001-08-17 18:19 747392 -c–a-w- e:\windows\system32\dllcache\adm8830.sys
    2010-03-30 07:38 . 2001-08-17 18:19 553984 -c–a-w- e:\windows\system32\dllcache\adm8820.sys
    2010-03-30 07:38 . 2001-08-17 18:19 584448 -c–a-w- e:\windows\system32\dllcache\adm8810.sys
    2010-03-30 07:38 . 2001-08-17 18:11 20160 -c–a-w- e:\windows\system32\dllcache\adm8511.sys
    2010-03-30 06:56 . 2010-03-30 06:56 ——– d-sh–w- e:\documents and settings\Frans\IECompatCache
    2010-03-29 02:40 . 2010-03-29 02:40 ——– d—–w- e:\windows\Sun
    2010-03-28 19:05 . 2010-03-28 19:05 ——– d—–w- e:\documents and settings\Frans\Application Data\MSN6
    2010-03-28 19:05 . 2010-03-28 19:05 ——– d—–w- e:\documents and settings\All Users\Application Data\MSN6
    2010-03-28 16:05 . 2006-12-18 14:33 356352 —-a-w- e:\windows\system32\NVUNINST.EXE
    2010-03-28 07:41 . 2009-03-25 06:29 130432 —-a-w- e:\windows\system32\drivers\Rtnicxp.sys
    2010-03-28 07:41 . 2009-03-03 12:18 73728 —-a-w- e:\windows\system32\RtNicProp32.dll
    2010-03-28 07:41 . 2010-03-28 07:41 ——– d—–w- e:\program files\Realtek
    2010-03-28 07:41 . 2010-04-07 05:49 ——– d–h–w- e:\program files\InstallShield Installation Information
    2010-03-27 19:45 . 2010-03-27 19:45 ——– d—–w- e:\documents and settings\Frans\Application Data\DeviceDoctorSoftware
    2010-03-27 10:59 . 2010-03-27 11:00 ——– d—–w- e:\documents and settings\Frans\Application Data\UltraExplorer
    2010-03-27 10:59 . 2010-03-28 15:11 ——– d—–w- e:\program files\UltraExplorer
    2010-03-26 14:31 . 2010-03-26 14:31 ——– d—–w- e:\documents and settings\Frans\Application Data\Canneverbe Limited
    2010-03-26 14:31 . 2010-03-26 14:31 ——– d—–w- e:\documents and settings\All Users\Application Data\Canneverbe Limited
    2010-03-26 14:30 . 2009-11-12 12:48 7168 —-a-w- e:\windows\system32\drivers\StarOpen.sys
    2010-03-26 14:30 . 2010-03-26 14:30 ——– d—–w- e:\program files\CDBurnerXP
    2010-03-26 07:22 . 2008-04-14 21:32 136192 -c–a-w- e:\windows\system32\dllcache\aaclient.dll
    2010-03-26 07:21 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0411.dll
    2010-03-26 07:21 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0404.dll
    2010-03-26 07:20 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0804.dll
    2010-03-26 07:19 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0401.dll
    2010-03-26 07:18 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0412.dll
    2010-03-26 07:18 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt040d.dll
    2010-03-26 07:15 . 2008-04-14 21:32 159232 -c—-w- e:\windows\system32\dllcache\cewmdm.dll
    2010-03-26 07:15 . 2008-04-14 21:32 294912 -c—-w- e:\windows\system32\dllcache\dlimport.exe
    2010-03-26 07:15 . 2008-04-14 21:33 695808 -c—-w- e:\windows\system32\dllcache\drmv2clt.dll
    2010-03-26 07:15 . 2008-04-14 21:33 124416 -c—-w- e:\windows\system32\dllcache\mplay32.exe
    2010-03-26 07:15 . 2008-04-14 21:32 240640 -c—-w- e:\windows\system32\dllcache\mpg4dmod.dll
    2010-03-26 07:15 . 2008-04-14 21:33 259072 -c—-w- e:\windows\system32\dllcache\msnetobj.dll
    2010-03-26 07:15 . 2008-04-14 21:33 356352 -c—-w- e:\windows\system32\dllcache\msscp.dll
    2010-03-26 07:15 . 2008-04-14 21:32 201728 -c—-w- e:\windows\system32\dllcache\mspmsp.dll
    2010-03-26 07:15 . 2008-04-14 21:32 246272 -c—-w- e:\windows\system32\dllcache\mswmdm.dll
    2010-03-26 07:15 . 2008-04-14 21:33 226816 -c—-w- e:\windows\system32\dllcache\npdrmv2.dll
    2010-03-26 07:11 . 2008-04-13 21:06 144384 ——w- e:\windows\system32\drivers\hdaudbus.sys
    2010-03-26 07:11 . 2008-04-13 23:10 10240 ——w- e:\windows\system32\drivers\sffp_mmc.sys
    2010-03-26 06:54 . 2009-10-21 05:40 75776 -c—-w- e:\windows\system32\dllcache\strmfilt.dll
    2010-03-26 06:54 . 2009-10-21 05:40 25088 -c—-w- e:\windows\system32\dllcache\httpapi.dll
    2010-03-26 06:54 . 2009-10-20 16:20 265728 -c—-w- e:\windows\system32\dllcache\http.sys
    2010-03-25 14:39 . 2010-03-25 14:39 ——– d–h–w- e:\windows\PIF
    2010-03-25 06:40 . 2010-03-25 06:40 ——– d—–w- e:\documents and settings\Frans\Application Data\Malwarebytes
    2010-03-25 06:40 . 2010-03-29 22:46 38224 —-a-w- e:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-25 06:40 . 2010-03-25 06:40 ——– d—–w- e:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-25 06:40 . 2010-03-29 22:45 20824 —-a-w- e:\windows\system32\drivers\mbam.sys
    2010-03-25 06:40 . 2010-04-07 07:54 ——– d—–w- e:\program files\Malwarebytes' Anti-Malware
    2010-03-24 18:39 . 2010-03-24 18:39 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\VS Revo Group
    2010-03-24 18:03 . 2010-03-24 18:03 ——– d—–w- e:\documents and settings\Frans\Application Data\Foxit
    2010-03-24 06:42 . 2010-03-24 06:42 ——– d—–w- e:\program files\GlobFX
    2010-03-23 13:57 . 2010-03-23 13:57 ——– d-sh–w- e:\documents and settings\Administrator\PrivacIE
    2010-03-23 13:56 . 2010-03-23 13:56 ——– d—–w- e:\documents and settings\Administrator\Local Settings\Application Data\Google
    2010-03-23 13:56 . 2010-03-23 13:56 ——– d-sh–w- e:\documents and settings\Administrator\IETldCache
    2010-03-23 11:18 . 2010-03-25 08:02 ——– d—–w- e:\program files\MSECACHE
    2010-03-23 10:41 . 2010-03-23 10:41 ——– d—–w- e:\windows\system32\XPSViewer
    2010-03-23 10:41 . 2010-03-23 10:41 ——– d—–w- e:\program files\MSBuild
    2010-03-23 10:40 . 2010-03-23 10:40 ——– d—–w- e:\program files\Reference Assemblies
    2010-03-23 10:40 . 2008-07-06 12:06 89088 —-a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-03-23 10:39 . 2008-07-06 12:06 89088 -c—-w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-03-23 10:39 . 2008-07-06 12:06 117760 ——w- e:\windows\system32\prntvpt.dll
    2010-03-23 10:39 . 2008-07-06 10:50 597504 -c—-w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-03-23 10:39 . 2008-07-06 10:50 597504 ——w- e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-03-23 10:39 . 2008-07-06 12:06 575488 -c—-w- e:\windows\system32\dllcache\xpsshhdr.dll
    2010-03-23 10:39 . 2008-07-06 12:06 575488 ——w- e:\windows\system32\xpsshhdr.dll
    2010-03-23 10:39 . 2008-07-06 12:06 1676288 -c—-w- e:\windows\system32\dllcache\xpssvcs.dll
    2010-03-23 10:39 . 2008-07-06 12:06 1676288 ——w- e:\windows\system32\xpssvcs.dll
    2010-03-23 08:06 . 2010-03-25 15:06 ——– d—–w- e:\documents and settings\Frans\Application Data\Canon
    2010-03-22 18:25 . 2010-03-22 18:28 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Temp
    2010-03-22 16:00 . 2010-03-22 16:00 ——– d—–w- e:\program files\filehippo.com
    2010-03-22 14:30 . 2010-03-22 14:30 ——– d—–w- e:\documents and settings\Frans\Application Data\FastStone
    2010-03-22 14:25 . 2010-03-22 18:25 ——– d—–w- e:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-03-22 14:23 . 2010-03-22 14:23 ——– d—–w- e:\program files\FastStone Photo Resizer
    2010-03-22 14:20 . 2010-03-22 18:47 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Google
    2010-03-22 14:19 . 2010-03-22 18:47 ——– d—–w- e:\program files\Google
    2010-03-22 14:19 . 2010-03-28 18:48 ——– d—–w- e:\program files\Picasa2
    2010-03-22 14:12 . 2010-03-22 14:12 ——– d—–w- e:\documents and settings\All Users\Application Data\FLEXnet
    2010-03-22 13:25 . 2001-08-04 15:50 454815 —-a-r- e:\windows\system32\drivers\CTXH51.sys
    2010-03-22 12:27 . 2010-03-22 12:27 ——– d—–w- e:\documents and settings\Frans\Application Data\CheckPoint
    2010-03-22 12:27 . 2010-03-22 12:27 ——– d—–w- e:\program files\CheckPoint
    2010-03-22 12:27 . 2010-03-22 12:27 4212 —ha-w- e:\windows\system32\zllictbl.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-07 15:45 . 2010-03-22 16:13 2896479 —-a-w- e:\windows\Internet Logs\tvDebug.Zip
    2010-04-07 13:37 . 2002-02-10 00:00 72748 —-a-w- e:\windows\unins000.exe
    2010-04-07 10:34 . 2001-09-07 12:00 86182 —-a-w- e:\windows\system32\perfc013.dat
    2010-04-07 10:34 . 2001-09-07 12:00 499340 —-a-w- e:\windows\system32\perfh013.dat
    2010-04-03 09:33 . 2010-04-03 09:33 2316 —-a-w- e:\documents and settings\All Users\Application Data\xml1318.tmp
    2010-04-03 09:33 . 2010-04-03 09:33 13846 —-a-w- e:\documents and settings\All Users\Application Data\xml1316.tmp
    2010-04-03 09:33 . 2010-04-03 09:32 9036 —-a-w- e:\documents and settings\All Users\Application Data\xml1314.tmp
    2010-03-22 14:08 . 2010-03-22 14:08 ——– d—–w- e:\windows\Fonts\Fonts
    2010-03-22 14:04 . 2010-03-22 14:06 9336 ——w- e:\windows\system32\drivers\cdr4_xp.sys
    2010-03-22 14:04 . 2010-03-22 14:06 9464 ——w- e:\windows\system32\drivers\cdralw2k.sys
    2010-03-22 14:04 . 2010-03-22 14:06 129784 ——w- e:\windows\system32\pxafs.dll
    2010-03-22 14:04 . 2010-03-22 14:06 43528 ——w- e:\windows\system32\drivers\PxHelp20.sys
    2010-03-22 14:04 . 2010-03-22 14:06 116472 ——w- e:\windows\system32\pxcpyi64.exe
    2010-03-22 14:04 . 2010-03-22 14:06 118520 ——w- e:\windows\system32\pxinsi64.exe
    2010-03-21 18:25 . 2010-03-21 18:25 9 —-a-w- e:\documents and settings\Frans\Application Data\mdb.bin
    2010-03-21 10:56 . 2010-03-21 10:13 ——– d–h–w- e:\program files\CanonBJ
    2010-03-21 10:54 . 2010-03-21 10:54 0 —-a-w- e:\windows\nsreg.dat
    2010-03-21 10:14 . 2010-03-21 10:14 ——– d—–w- e:\program files\Common Files\CANON
    2010-03-21 10:13 . 2010-03-21 10:13 ——– d—–w- e:\documents and settings\All Users\Application Data\CanonBJ
    2010-03-21 09:09 . 2010-03-21 09:09 ——– d—–w- e:\program files\microsoft frontpage
    2010-03-21 09:05 . 2010-03-21 09:05 21748 —-a-w- e:\windows\system32\emptyregdb.dat
    2010-02-25 06:20 . 2001-09-07 12:00 916480 ——w- e:\windows\system32\wininet.dll
    2010-02-19 23:47 . 2010-02-19 23:47 3604480 —-a-w- e:\windows\system32\GPhotos.scr
    2010-02-04 08:01 . 2010-04-03 09:38 74072 —-a-w- e:\windows\system32\XAPOFX1_4.dll
    2010-02-04 08:01 . 2010-04-03 09:38 528216 —-a-w- e:\windows\system32\XAudio2_6.dll
    2010-02-04 08:01 . 2010-04-03 09:38 238936 —-a-w- e:\windows\system32\xactengine3_6.dll
    2010-02-04 08:01 . 2010-04-03 09:38 22360 —-a-w- e:\windows\system32\X3DAudio1_7.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="e:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="e:\program files\Eset\nod32kui.exe" [2010-03-21 949376]
    "ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
    "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    2002-10-15 17:00 1818624 —-a-w- e:\windows\mixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
    2010-03-03 13:31 155648 —-a-w- e:\program files\filehippo.com\UpdateChecker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 nod32drv;nod32drv;e:\windows\system32\drivers\nod32drv.sys [21-3-2010 14:21 15424]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 13:03 169312]
    R3 ham50;V9X HAM 1394V;e:\windows\system32\drivers\CTXH51.sys [22-3-2010 15:25 454815]
    S2 gupdate;Google Updateservice (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [22-3-2010 20:24 136176]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-03-25 e:\windows\Tasks\$~$Sys0$.job
    - e:\windows\System32\SchedSvc.dll [2010-03-21 21:32]

    2010-03-22 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 18:24]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: e:\windows\System32\imon.dll
    FF - ProfilePath - e:\documents and settings\Frans\Application Data\Mozilla\Firefox\Profiles\gc7ngbp7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: e:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: e:\program files\Picasa2\npPicasa2.dll
    FF - plugin: e:\program files\Picasa2\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "";);
    e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 19:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MailWasher = e:\progra~1\MAILWA~1\MAILWA~1.EXE?

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–¤|ÿÿÿÿ¤•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2010-04-07 19:28:08
    ComboFix-quarantined-files.txt 2010-04-07 17:28
    ComboFix2.txt 2010-04-07 10:54

    Pre-Run: 19.946.426.368 bytes beschikbaar
    Post-Run: 19.880.370.176 bytes beschikbaar

    - - End Of File - - 3E0B12041798130B7928751B169C08FC

    ik zie nog iets met rootkit staan?
  • Hallo Frans, ik zie geen rootkit hoor!

    En dat bestand [b:37d7985101]hidec.exe[/b:37d7985101] - wat niet gevonden werd, dat is en bestand, dat zowel door goede- alsook malwareprogramma's gebruikt wordt!

    Maar …. hoe gaat het nu met jouw Windows?
  • het programmaatje waar het allemaal mee begon (GPSparse.exe) kan ik nog steeds niet openen.Dat was de aanleiding van deze post…. Absoluut niet belangrijk, en op zich ben ik - zeker op dit moment - tevreden. Ik weet dat er wat beschadigingen in de H.D. zitten, en nog zo wat meer van die dingen denk ik (register?windows?installatiefout?) en ik denk aan een schone installatie met een nieuwe H.D. er in. Probleem was wel dat het maken van een iso-bestand na 6% niet verder wilde. Ik zal dat nog eens proberen.In elk geval héél véél dank voor alle moeite en snelle adviezen. Maar ook het programma MBAM is een wondertje dat CleanupVirus of zo eruit gooide
  • Hallo Frans, MBAM is inderdaad een toptool!

    Wat betreft je HD, inderdad is het beter spoedig een nieuwe HD te installeren en dan een nieuwe, schone installatie van XP maken.

    Heb je XP weer helemaal ingericht, dan kan je vanaf de oude HD je documenten enz. via kopiëren overzetten!
  • nogmaals: véél dank voor alle moeite en snelle adviezen.
  • Graag gedaan hoor.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.