Vraag & Antwoord

Beveiliging & privacy

langzamer internet en pop-ups na spyware

23 antwoorden
  • Hallo, Vandaag werd ook ik slachtoffer van een Spyware-aanval. Inmiddels heb ik al verschillende infecties kunnen verwijderen, maar nog niet alles is weer helemaal goed. Firefox start zo nu en dan zomaar op om naar een website vol met reclame te gaan. Ook duurt het een eeuwigheid voordat een webpagina helemaal uitgeladen is. En als ik Thunderbird start en bijvoorbeeld een rss-bericht van het RTL Nieuws wil lezen, duurt het ook lang voordat dat geladen is (bericht met grafisch layout). Op het moment dat het bericht geladen is kan ik wel zonder problemen en met de gewone snelheid andere RTL Nieuws berichten bekijken. Maar als ik dan weer een bericht van iets anders wil lezen, duurt het weer lang. Wat kan ik doen om deze problemen te verhelpen? Willem [color=darkred:b1155cde60]Verplaatst naar B&P. [gh][/color:b1155cde60]
  • Begin maar eens met het plaatsen van een hijackthis log.
  • Hieronder de resultaten. Ik hoop dat u hier iets aan heeft. Internetten en mailen lukt nog wel, maar verschrikkelijk traag. Hopelijk vinden we snel een oplossing. Als journalist/schrijver kan ik niet zonder computer. En al helemaal niet zonder internet. Logfile of HijackThis v1.99.1 Scan saved at 16:30:10, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\V2lsbGVtIEJvc21h\command.exe C:\Program Files\Folding@Home\FAH502-Console.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Hitman Pro\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Folding@Home\FahCore_82.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\Mnppki32.exe C:\WINDOWS\system32\0GBEBFFC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe D:\Downloads\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\Iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\HITMAN~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\lvr4099qe.dll O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\jhfnebim.dll O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - C:\WINDOWS\system32\txwml32.dll O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - C:\WINDOWS\system32\txwml32.dll O21 - SSODL: mtklef - {21FC0DA6-81D9-4AE5-9BAF-CB1C7742B8AE} - (no file)
  • Download de trial versie van Spysweeper: http://www.webroot.com/consumer/products/spysweeper Kies bij de installatie voor "standaard installatie", en geef je emailadres in wanneer daar naar gevraagd wordt. Er zal gevraagd worden of je de nieuwste definities wil downloaden, sta dit dan toe (dit kan even duren). Download de L2Mfix: http://www.atribune.org/downloads/l2mfix.exe Plaats het bestand op je bureaublad. Klik op l2mfix.exe. Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install". Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Start Spysweeper Klik daarna op Options - Sweep Options en vink het volgende aan: Sweep all Folders on Selected drives en Local Disc C. Bij "What to Sweep", vink je alles aan. Klik dan op"Sweep" en laat het je systeem volledig scannen. Na afloop van de scan, klik je op "Remove", en vervolgens klik je op "Select All" en daarna "Next". Klik op "Results" en vervolgens op het tabblad "Session Log". klik dan op "Save to File" en bewaar het logje op je bureaublad. Sluit Spysweeper af. Herstart de computer in normale modus. Maak een nieuwe hijackthislog en post deze. Post ook het logje van Spywsweeper.
  • Is er een alternatief voor Spyware Sweeper? Ik heb het programma geinstalleerd, maar het is meteen verlopen, dus ik kan het niet gebruiken.
  • Momenteel niet. Post het logje van de L2M fix even en een nieuwe hijackthislog.
  • Spyware doctor vond 57 infecties, waarvan er nu 54 verwijderd zijn (de rest wil niet). Internet is nog steeds erg langzaam. Niet zozeer de verbindingssnelheid (want als de website begint te laden, komt alles nog wel vlot binnen), maar welke website ik ook bezoek, het duurt soms wel een minuut voor dat er 'contact' wordt gemaakt en de hele website is geladen. Ook wordt er soms zomaar ineens een nieuwe (reclame)website geopend. En in Thunderbird duurt het ophalen van de mail een eeuwigheid. Hieronder de logs van L2mfix: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\q0rq0a95ed.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-CI) DENY --C------- INGEBOUWD\Administrators (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{F7247B7C-D65B-BBD4-02B4-C0F87C105C71}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk" "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universele Plug en Play-apparaten" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{5E2121EE-0300-11D4-8D3B-444553540000}"="st" "{696C18F1-7D82-4885-B3E7-A11E4BC810DE}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\InprocServer32] @="C:\\WINDOWS\\system32\\kndusl.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ pncrt.dll Tue 1 Nov 2005 13:59:38 A.... 278.528 272,00 K pndx5016.dll Tue 1 Nov 2005 13:59:38 A.... 6.656 6,50 K pndx5032.dll Tue 1 Nov 2005 13:59:38 A.... 5.632 5,50 K rmoc3260.dll Tue 1 Nov 2005 13:59:46 A.... 176.167 172,04 K cdfview.dll Sat 3 Sep 2005 1:54:56 A.... 151.552 148,00 K cnmdlg32.dll Mon 14 Nov 2005 18:20:04 ..S.R 236.077 230,54 K gdi32.dll Thu 6 Oct 2005 4:19:02 A.... 280.064 273,50 K msrating.dll Sat 3 Sep 2005 1:55:02 A.... 146.432 143,00 K mshtml.dll Tue 4 Oct 2005 17:27:36 A.... 3.013.120 2,87 M wininet.dll Sat 3 Sep 2005 1:55:08 A.... 661.504 646,00 K mshtmled.dll Sat 3 Sep 2005 1:55:02 A.... 448.512 438,00 K clrviddc.dll Thu 3 Nov 2005 11:01:08 A.... 203.776 199,00 K dxtrans.dll Sat 3 Sep 2005 1:54:58 A.... 205.312 200,50 K ayiwrap.dll Mon 14 Nov 2005 18:25:46 ..S.R 233.976 228,49 K browseui.dll Sat 3 Sep 2005 1:54:56 A.... 1.020.416 996,50 K livesnth.dll Thu 3 Nov 2005 11:01:10 A.... 278.528 272,00 K danim.dll Sat 3 Sep 2005 1:54:58 A.... 1.056.768 1,01 M winsrv.dll Thu 1 Sep 2005 4:28:26 A.... 292.352 285,50 K cdosys.dll Sat 10 Sep 2005 3:55:38 A.... 2.067.968 1,97 M mstime.dll Sat 3 Sep 2005 1:55:04 A.... 530.432 518,00 K iepeers.dll Sat 3 Sep 2005 1:54:58 A.... 251.392 245,50 K umpnpmgr.dll Tue 23 Aug 2005 5:40:36 A.... 124.416 121,50 K quartz.dll Tue 30 Aug 2005 5:56:40 A.... 1.291.264 1,23 M shell32.dll Fri 23 Sep 2005 5:08:06 A.... 8.497.664 8,10 M linkinfo.dll Thu 1 Sep 2005 4:28:26 A.... 19.968 19,50 K netman.dll Mon 22 Aug 2005 20:36:16 A.... 197.632 193,00 K urlmon.dll Sat 3 Sep 2005 1:55:08 A.... 605.184 591,00 K shlwapi.dll Sat 3 Sep 2005 1:55:06 A.... 474.112 463,00 K shdocvw.dll Sat 3 Sep 2005 1:55:06 A.... 1.483.776 1,41 M pngfilt.dll Sat 3 Sep 2005 1:55:04 A.... 39.424 38,50 K inseng.dll Sat 3 Sep 2005 1:54:58 A.... 96.768 94,50 K extmgr.dll Sat 3 Sep 2005 1:54:58 ..... 55.808 54,50 K tevpxc~1.dll Thu 20 Oct 2005 16:33:58 A.... 39 0,04 K jhfnebim.dll Mon 14 Nov 2005 11:56:24 A.... 40.960 40,00 K ixssvcs.dll Mon 14 Nov 2005 18:17:52 ..S.R 233.976 228,49 K kvdlv.dll Mon 14 Nov 2005 18:47:38 ..S.R 236.625 231,08 K dfjlgijo.dll Mon 14 Nov 2005 11:57:00 A.... 36.864 36,00 K child.dll Mon 14 Nov 2005 11:57:00 A.... 14.336 14,00 K ahglgj32.dll Mon 14 Nov 2005 11:57:06 A.... 6.657 6,50 K appwiz.dll Mon 14 Nov 2005 11:57:06 A.... 65.252 63,72 K q0rq0a~1.dll Mon 14 Nov 2005 19:53:42 ..S.R 233.543 228,07 K en8ol1~1.dll Mon 14 Nov 2005 20:01:42 ..S.R 236.756 231,21 K kndusl.dll Mon 14 Nov 2005 20:02:32 ..S.R 233.543 228,07 K wrlogo~1.dll Mon 24 Oct 2005 12:19:50 A.... 492.544 481,00 K 44 items found: 44 files (7 H/S), 0 directories. Total of file sizes: 26.262.275 bytes 25,04 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: De volumenaam van station C is ACER Het volumenummer is 0614-15F2 Map van C:\WINDOWS\System32 14-11-2005 20:02 233.543 kndusl.dll 14-11-2005 20:01 236.756 en8ol1l31.dll 14-11-2005 19:53 233.543 q0rq0a95ed.dll 14-11-2005 18:47 236.625 kvdlv.dll 14-11-2005 18:25 233.976 ayiwrap.dll 14-11-2005 18:20 236.077 cnmdlg32.dll 14-11-2005 18:17 233.976 iXssvcs.dll 04-05-2005 16:17 5 AuxDrv32b_g.oxc 10-03-2005 00:11 5 AuxDrv32_g.dlx 11-06-2003 23:42 <DIR> Microsoft 11-06-2003 23:22 <DIR> dllcache 9 bestand(en) 1.644.506 bytes 2 map(pen) 5.726.126.080 bytes beschikbaar -------------------- en hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 20:05:50, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Folding@Home\FAH502-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Folding@Home\FahCore_82.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\q0rq0a95ed.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\jhfnebim.dll O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - (no file) O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - (no file) O21 - SSODL: mtklef - {21FC0DA6-81D9-4AE5-9BAF-CB1C7742B8AE} - (no file)
  • Volg de instructies nauwkeurig op zoals ze hier staan. Download Killbox: http://www.bleepingcomputer.com/files/killbox.php Plaats killbox.exe op je bureaublad. Dubbelklik op killbox.exe om het programma te starten. Selecteer de optie “Standaard File kill”. Kopieer onderstaande bestanden in een kladblokbestand. [code:1:668d1a641c] C:\WINDOWS\System32\kndusl.dll C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\en8ol1l31.dll C:\WINDOWS\System32\q0rq0a95ed.dll C:\WINDOWS\System32\kvdlv.dll C:\WINDOWS\System32\ayiwrap.dll C:\WINDOWS\System32\cnmdlg32.dll C:\WINDOWS\System32\iXssvcs.dll [/code:1:668d1a641c] Je ziet een vakje met [system process] en een pijltje er naast. Klik op de pijl en je krijgt een lijstje met alle actieve processen op je computer. Selecteer in het lijstje dat verschijnt [b:668d1a641c]rundll32.exe[/b:668d1a641c]. Klik op het gele driehoekje om het proces te beëindigen. Wacht een 30 tal seconden en klik opnieuw op het pijltje. Controleer of rundll32.exe nog aanwezig is. Indien dit zo is beëindig je dit proces opnieuw door op het gele driehoekje te klikken. Herhaal deze procedure tot rundll32.exe niet meer in het lijstje van de lopende processen voorkomt. Zorg dat je "Standaard file kill" geselecteerd hebt in killbox. Als rundll32.exe niet meer terugkomt kopieer je onderstaande bestanden: selecteer deze bestanden en druk dan op CTRL+C om ze te kopiëren. [code:1:668d1a641c] C:\WINDOWS\System32\kndusl.dll C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\en8ol1l31.dll C:\WINDOWS\System32\q0rq0a95ed.dll C:\WINDOWS\System32\kvdlv.dll C:\WINDOWS\System32\ayiwrap.dll C:\WINDOWS\System32\cnmdlg32.dll C:\WINDOWS\System32\iXssvcs.dll [/code:1:668d1a641c] Kies in het menu "File" voor "Paste from Clipboard". In het veld "Full path of file tot delete" zie je het eerste bestand van deze lijst verschijnen. Klik je op de pijl daar naast dan zie je de rest van de bestanden. Controleer dat c:\windows\system32\guard.tmp aanwezig is in deze lijst. Klik op de rode knop met het witte kruis om de bestanden te verwijderen. Een aantal bestanden zul je niet kunnen verwijderen. Selecteer dan de "Delete a file on reboot". Wanneer je de melding krijgt “All listed files will be deleted on next reboot”, klik je op Yes. In het scherm “files will be removed on reboot, do you want to reboot now?” klik je op Yes. Als Killbox deze vraag niet stelt, of als je een foutmelding krijgt, herstart je de computer zelf. Als de computer opnieuw gestart is, sluit je alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:668d1a641c]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) R3 - URLSearchHook: (no name) - - (no file) O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\q0rq0a95ed.dll O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\jhfnebim.dll O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - (no file) O21 - SSODL: mtklefap - {436BBDAF-464B-4950-2CAF-7B85240FA5C0} - (no file) O21 - SSODL: mtklef - {21FC0DA6-81D9-4AE5-9BAF-CB1C7742B8AE} - (no file)[/b:668d1a641c] Klik daarna op "Fix checked" en sluit HijackThis af. Start HijackThis opnieuw, maak een nieuwe log en post deze. Op je bureaublad open je de map l2mfix. Klik op l2fix.bat. Klik op "1" om optie te 1 selecteren: Run Find Log. Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend. Kopieer en plak de inhoud van dit bestand ook in je volgende post. Let op: Optie 2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!
  • Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:17:43, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Folding@Home\FAH502-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Folding@Home\FahCore_82.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe D:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\f02mlaf11d2.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file) O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: FAH@C:+Program Files+Folding@Home+FAH502-Console.exe - Stanford University - C:\Program Files\Folding@Home\FAH502-Console.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe ------------------------ l2mfix: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\f02mlaf11d2.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-CI) DENY --C------- INGEBOUWD\Administrators (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{F7247B7C-D65B-BBD4-02B4-C0F87C105C71}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk" "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universele Plug en Play-apparaten" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{5E2121EE-0300-11D4-8D3B-444553540000}"="st" "{696C18F1-7D82-4885-B3E7-A11E4BC810DE}"="" "{2CB492FA-ACD7-4B58-AD6F-26D002720024}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\InprocServer32] @="C:\\WINDOWS\\system32\\kndusl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\InprocServer32] @="C:\\WINDOWS\\system32\\kgdit142.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ pncrt.dll Tue 1 Nov 2005 13:59:38 A.... 278.528 272,00 K pndx5016.dll Tue 1 Nov 2005 13:59:38 A.... 6.656 6,50 K pndx5032.dll Tue 1 Nov 2005 13:59:38 A.... 5.632 5,50 K rmoc3260.dll Tue 1 Nov 2005 13:59:46 A.... 176.167 172,04 K cdfview.dll Sat 3 Sep 2005 1:54:56 A.... 151.552 148,00 K kgdit142.dll Mon 14 Nov 2005 21:11:46 ..S.R 233.808 228,33 K gdi32.dll Thu 6 Oct 2005 4:19:02 A.... 280.064 273,50 K msrating.dll Sat 3 Sep 2005 1:55:02 A.... 146.432 143,00 K mshtml.dll Tue 4 Oct 2005 17:27:36 A.... 3.013.120 2,87 M wininet.dll Sat 3 Sep 2005 1:55:08 A.... 661.504 646,00 K mshtmled.dll Sat 3 Sep 2005 1:55:02 A.... 448.512 438,00 K clrviddc.dll Thu 3 Nov 2005 11:01:08 A.... 203.776 199,00 K dxtrans.dll Sat 3 Sep 2005 1:54:58 A.... 205.312 200,50 K browseui.dll Sat 3 Sep 2005 1:54:56 A.... 1.020.416 996,50 K livesnth.dll Thu 3 Nov 2005 11:01:10 A.... 278.528 272,00 K danim.dll Sat 3 Sep 2005 1:54:58 A.... 1.056.768 1,01 M winsrv.dll Thu 1 Sep 2005 4:28:26 A.... 292.352 285,50 K cdosys.dll Sat 10 Sep 2005 3:55:38 A.... 2.067.968 1,97 M mstime.dll Sat 3 Sep 2005 1:55:04 A.... 530.432 518,00 K iepeers.dll Sat 3 Sep 2005 1:54:58 A.... 251.392 245,50 K umpnpmgr.dll Tue 23 Aug 2005 5:40:36 A.... 124.416 121,50 K quartz.dll Tue 30 Aug 2005 5:56:40 A.... 1.291.264 1,23 M shell32.dll Fri 23 Sep 2005 5:08:06 A.... 8.497.664 8,10 M linkinfo.dll Thu 1 Sep 2005 4:28:26 A.... 19.968 19,50 K netman.dll Mon 22 Aug 2005 20:36:16 A.... 197.632 193,00 K urlmon.dll Sat 3 Sep 2005 1:55:08 A.... 605.184 591,00 K shlwapi.dll Sat 3 Sep 2005 1:55:06 A.... 474.112 463,00 K shdocvw.dll Sat 3 Sep 2005 1:55:06 A.... 1.483.776 1,41 M pngfilt.dll Sat 3 Sep 2005 1:55:04 A.... 39.424 38,50 K inseng.dll Sat 3 Sep 2005 1:54:58 A.... 96.768 94,50 K extmgr.dll Sat 3 Sep 2005 1:54:58 ..... 55.808 54,50 K tevpxc~1.dll Thu 20 Oct 2005 16:33:58 A.... 39 0,04 K jhfnebim.dll Mon 14 Nov 2005 11:56:24 A.... 40.960 40,00 K ltl027~1.dll Mon 14 Nov 2005 21:11:46 ..S.R 235.845 230,32 K dfjlgijo.dll Mon 14 Nov 2005 11:57:00 A.... 36.864 36,00 K child.dll Mon 14 Nov 2005 11:57:00 A.... 14.336 14,00 K ahglgj32.dll Mon 14 Nov 2005 11:57:06 A.... 6.657 6,50 K appwiz.dll Mon 14 Nov 2005 11:57:06 A.... 65.252 63,72 K f02mla~1.dll Mon 14 Nov 2005 21:03:18 ..S.R 233.808 228,33 K wrlogo~1.dll Mon 24 Oct 2005 12:19:50 A.... 492.544 481,00 K 40 items found: 40 files (3 H/S), 0 directories. Total of file sizes: 25.321.240 bytes 24,14 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: De volumenaam van station C is ACER Het volumenummer is 0614-15F2 Map van C:\WINDOWS\System32 14-11-2005 21:11 233.808 kgdit142.dll 14-11-2005 21:11 235.845 ltl0273mg.dll 14-11-2005 21:03 233.808 f02mlaf11d2.dll 04-05-2005 16:17 5 AuxDrv32b_g.oxc 10-03-2005 00:11 5 AuxDrv32_g.dlx 11-06-2003 23:42 <DIR> Microsoft 11-06-2003 23:22 <DIR> dllcache 5 bestand(en) 703.471 bytes 2 map(pen) 5.728.059.392 bytes beschikbaar
  • We proberen opnieuw. Je moet het verhaal van de rundll32.exe en de guard.tmp zeker doen, anders lukt het niet hoor. Dubbelklik op killbox.exe om het programma te starten. Selecteer de optie “Standaard File kill”. Kopieer onderstaande bestanden in een kladblokbestand. [code:1:327582ca6a] C:\WINDOWS\System32\kgdit142.dll C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\ltl0273mg.dll C:\WINDOWS\System32\f02mlaf11d2.dll C:\WINDOWS\System32\guard.tmp [/code:1:327582ca6a] Je ziet een vakje met [system process] en een pijltje er naast. Klik op de pijl en je krijgt een lijstje met alle actieve processen op je computer. Selecteer in het lijstje dat verschijnt [b]rundll32.exe[b]. Klik op het gele driehoekje om het proces te beëindigen. Wacht een 30 tal seconden en klik opnieuw op het pijltje. Controleer of rundll32.exe nog aanwezig is. Indien dit zo is beëindig je dit proces opnieuw door op het gele driehoekje te klikken. Herhaal deze procedure tot rundll32.exe niet meer in het lijstje van de lopende processen voorkomt. Zorg dat je "Standaard file kill" geselecteerd hebt in killbox. Als rundll32.exe niet meer terugkomt kopieer je onderstaande bestanden: selecteer deze bestanden en druk dan op CTRL+C om ze te kopiëren. [code:1:327582ca6a] C:\WINDOWS\System32\kgdit142.dll C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\ltl0273mg.dll C:\WINDOWS\System32\f02mlaf11d2.dll C:\WINDOWS\System32\guard.tmp [/code:1:327582ca6a] Kies in het menu "File" voor "Paste from Clipboard". In het veld "Full path of file tot delete" zie je het eerste bestand van deze lijst verschijnen. Klik je op de pijl daar naast dan zie je de rest van de bestanden. Controleer dat c:\windows\system32\guard.tmp aanwezig is in deze lijst. Klik op de rode knop met het witte kruis om de bestanden te verwijderen. Een aantal bestanden zul je niet kunnen verwijderen. Selecteer dan de "Delete a file on reboot". Wanneer je de melding krijgt “All listed files will be deleted on next reboot”, klik je op Yes. In het scherm “files will be removed on reboot, do you want to reboot now?” klik je op Yes. Als Killbox deze vraag niet stelt, of als je een foutmelding krijgt, herstart je de computer zelf. Nieuw logje van L2Mfix en van hijackthis.
  • Dat is het probleem. Ik heb alles volgens het stappenplan gedaan. Overigens geheel zonder foutmeldingen. Daarna nieuwe logs gemaakt. Na voor de tweede keer het stappenplan te hebben doorlopen, zijn de volgende logs aangemaakt: Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:55:49, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Folding@Home\FAH502-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Folding@Home\FahCore_82.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe D:\Downloads\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ltl0273mg.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file) O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: FAH@C:+Program Files+Folding@Home+FAH502-Console.exe - Stanford University - C:\Program Files\Folding@Home\FAH502-Console.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe ------------------------- L2mfix: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ltl0273mg.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-CI) DENY --C------- INGEBOUWD\Administrators (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{F7247B7C-D65B-BBD4-02B4-C0F87C105C71}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk" "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universele Plug en Play-apparaten" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{5E2121EE-0300-11D4-8D3B-444553540000}"="st" "{696C18F1-7D82-4885-B3E7-A11E4BC810DE}"="" "{2CB492FA-ACD7-4B58-AD6F-26D002720024}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{696C18F1-7D82-4885-B3E7-A11E4BC810DE}\InprocServer32] @="C:\\WINDOWS\\system32\\kndusl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2CB492FA-ACD7-4B58-AD6F-26D002720024}\InprocServer32] @="C:\\WINDOWS\\system32\\kgdit142.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ pncrt.dll Tue 1 Nov 2005 13:59:38 A.... 278.528 272,00 K pndx5016.dll Tue 1 Nov 2005 13:59:38 A.... 6.656 6,50 K pndx5032.dll Tue 1 Nov 2005 13:59:38 A.... 5.632 5,50 K rmoc3260.dll Tue 1 Nov 2005 13:59:46 A.... 176.167 172,04 K cdfview.dll Sat 3 Sep 2005 1:54:56 A.... 151.552 148,00 K gdi32.dll Thu 6 Oct 2005 4:19:02 A.... 280.064 273,50 K msrating.dll Sat 3 Sep 2005 1:55:02 A.... 146.432 143,00 K mshtml.dll Tue 4 Oct 2005 17:27:36 A.... 3.013.120 2,87 M wininet.dll Sat 3 Sep 2005 1:55:08 A.... 661.504 646,00 K mshtmled.dll Sat 3 Sep 2005 1:55:02 A.... 448.512 438,00 K clrviddc.dll Thu 3 Nov 2005 11:01:08 A.... 203.776 199,00 K dxtrans.dll Sat 3 Sep 2005 1:54:58 A.... 205.312 200,50 K browseui.dll Sat 3 Sep 2005 1:54:56 A.... 1.020.416 996,50 K livesnth.dll Thu 3 Nov 2005 11:01:10 A.... 278.528 272,00 K danim.dll Sat 3 Sep 2005 1:54:58 A.... 1.056.768 1,01 M winsrv.dll Thu 1 Sep 2005 4:28:26 A.... 292.352 285,50 K cdosys.dll Sat 10 Sep 2005 3:55:38 A.... 2.067.968 1,97 M mstime.dll Sat 3 Sep 2005 1:55:04 A.... 530.432 518,00 K iepeers.dll Sat 3 Sep 2005 1:54:58 A.... 251.392 245,50 K umpnpmgr.dll Tue 23 Aug 2005 5:40:36 A.... 124.416 121,50 K quartz.dll Tue 30 Aug 2005 5:56:40 A.... 1.291.264 1,23 M shell32.dll Fri 23 Sep 2005 5:08:06 A.... 8.497.664 8,10 M linkinfo.dll Thu 1 Sep 2005 4:28:26 A.... 19.968 19,50 K netman.dll Mon 22 Aug 2005 20:36:16 A.... 197.632 193,00 K urlmon.dll Sat 3 Sep 2005 1:55:08 A.... 605.184 591,00 K shlwapi.dll Sat 3 Sep 2005 1:55:06 A.... 474.112 463,00 K shdocvw.dll Sat 3 Sep 2005 1:55:06 A.... 1.483.776 1,41 M pngfilt.dll Sat 3 Sep 2005 1:55:04 A.... 39.424 38,50 K inseng.dll Sat 3 Sep 2005 1:54:58 A.... 96.768 94,50 K extmgr.dll Sat 3 Sep 2005 1:54:58 ..... 55.808 54,50 K tevpxc~1.dll Thu 20 Oct 2005 16:33:58 A.... 39 0,04 K jhfnebim.dll Mon 14 Nov 2005 11:56:24 A.... 40.960 40,00 K dfjlgijo.dll Mon 14 Nov 2005 11:57:00 A.... 36.864 36,00 K child.dll Mon 14 Nov 2005 11:57:00 A.... 14.336 14,00 K ahglgj32.dll Mon 14 Nov 2005 11:57:06 A.... 6.657 6,50 K appwiz.dll Mon 14 Nov 2005 11:57:06 A.... 65.252 63,72 K wrlogo~1.dll Mon 24 Oct 2005 12:19:50 A.... 492.544 481,00 K 37 items found: 37 files, 0 directories. Total of file sizes: 24.617.779 bytes 23,48 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: De volumenaam van station C is ACER Het volumenummer is 0614-15F2 Map van C:\WINDOWS\System32 04-05-2005 16:17 5 AuxDrv32b_g.oxc 10-03-2005 00:11 5 AuxDrv32_g.dlx 11-06-2003 23:42 <DIR> Microsoft 11-06-2003 23:22 <DIR> dllcache 2 bestand(en) 10 bytes 2 map(pen) 5.730.156.544 bytes beschikbaar
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:4ec9c46288]O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ltl0273mg.dll (file missing) O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file) O21 - SSODL: mtkle - {DF0FCCF8-ECB8-482D-3783-7EFCA08B8C14} - (no file)[/b:4ec9c46288] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Start HijackThis opnieuw, maak een nieuwe log en post deze. Vertel me even hoe de situatie nu is?
  • De situatie is nu zover dat niets meer van spyware zomaar zichtbaar is. Maar zodra ik iets wil gaan doen, bijvoorbeeld een website bezoeken of inloggen op dit forum, dan duurt het nog erg lang. Het is vreemd: ik typ een url in, druk op enter en pas na vele seconden zie ik dataverkeer. De website laadt dan redelijk snel, maar de afbeeldingen weer niet. Update: het plaatsen van dit bericht duurde 21 seconden. De log van hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:16:40, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Folding@Home\FAH502-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Folding@Home\FahCore_82.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: FAH@C:+Program Files+Folding@Home+FAH502-Console.exe - Stanford University - C:\Program Files\Folding@Home\FAH502-Console.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  • Logje ziet er al goed uit. Sluit alle openstaande programma's. Dubbelklik op l2mfix.bat. Klik op "2" om optie 2 te selecteren: Run Fix. Druk op Enter. Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt. Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal). L2mfix gaat je computer scannen. Wanneer het klaar is wordt er een nieuw kladblokbestand geopend. Post de inhoud van dit bestand. Maak een nieuwe Hijackthislog en post deze ook. Let op: Gebruik GEEN andere bestanden uit de map l2mfix!
  • Ik heb precies gedaan wat je zei, maar op een gegeven moment hield de computer op en ging hij niet verder dan het tonen van de wallpaper. Wel kon ik via de taakmanager programma's starten, maar een log van l2mfix heeft hij niet gemaakt. Eerder kreeg ik in het dosvenster wel de melding dat: backregs\696c18f1-7d82-4885-b3e7-a11e4bc810de.reg en backregs\2cb492fa-acd7-ab58-ad6g-26d002720024.reg niet aanwezig waren. Internet is overigens nog steeds traag. Sorry dat ik je zo lang ophou met dit probleem. Je zult ook wel eens willen gaan slapen denk ik zo. Hieronder de log van hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:43:44, on 14-11-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Folding@Home\FAH502-Console.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Folding@Home\FahCore_82.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\Launch Manager\CtrlVol.exe C:\Progra~1\Launch Manager\HotkeyApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\HDTUNE~1\HDTune.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe D:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKLM\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKLM\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LManager] C:\Progra~1\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe O4 - Global Startup: Adobe Gamma Loader.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: @C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\msmsgs.exe (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: FAH@C:+Program Files+Folding@Home+FAH502-Console.exe - Stanford University - C:\Program Files\Folding@Home\FAH502-Console.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  • Start optie 1 van de L2M fix nog een keer.
  • Ik ben in ieder geval af van die websites die zomaar ineens opduiken. Nu de snelheid van internet nog terughalen. Kan het zijn dat een spyware-programma elders in XP ook iets veranderd heeft, bijvoorbeeld bij de instellingen voor internet? L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access MAKER EIGENAAR ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk" "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universele Plug en Play-apparaten" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension" "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler" "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler" "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer" "{5E2121EE-0300-11D4-8D3B-444553540000}"="st" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ pncrt.dll Tue 1 Nov 2005 13:59:38 A.... 278.528 272,00 K pndx5016.dll Tue 1 Nov 2005 13:59:38 A.... 6.656 6,50 K pndx5032.dll Tue 1 Nov 2005 13:59:38 A.... 5.632 5,50 K rmoc3260.dll Tue 1 Nov 2005 13:59:46 A.... 176.167 172,04 K cdfview.dll Sat 3 Sep 2005 1:54:56 A.... 151.552 148,00 K gdi32.dll Thu 6 Oct 2005 4:19:02 A.... 280.064 273,50 K msrating.dll Sat 3 Sep 2005 1:55:02 A.... 146.432 143,00 K mshtml.dll Tue 4 Oct 2005 17:27:36 A.... 3.013.120 2,87 M wininet.dll Sat 3 Sep 2005 1:55:08 A.... 661.504 646,00 K mshtmled.dll Sat 3 Sep 2005 1:55:02 A.... 448.512 438,00 K clrviddc.dll Thu 3 Nov 2005 11:01:08 A.... 203.776 199,00 K dxtrans.dll Sat 3 Sep 2005 1:54:58 A.... 205.312 200,50 K browseui.dll Sat 3 Sep 2005 1:54:56 A.... 1.020.416 996,50 K livesnth.dll Thu 3 Nov 2005 11:01:10 A.... 278.528 272,00 K danim.dll Sat 3 Sep 2005 1:54:58 A.... 1.056.768 1,01 M winsrv.dll Thu 1 Sep 2005 4:28:26 A.... 292.352 285,50 K cdosys.dll Sat 10 Sep 2005 3:55:38 A.... 2.067.968 1,97 M mstime.dll Sat 3 Sep 2005 1:55:04 A.... 530.432 518,00 K iepeers.dll Sat 3 Sep 2005 1:54:58 A.... 251.392 245,50 K umpnpmgr.dll Tue 23 Aug 2005 5:40:36 A.... 124.416 121,50 K quartz.dll Tue 30 Aug 2005 5:56:40 A.... 1.291.264 1,23 M shell32.dll Fri 23 Sep 2005 5:08:06 A.... 8.497.664 8,10 M linkinfo.dll Thu 1 Sep 2005 4:28:26 A.... 19.968 19,50 K netman.dll Mon 22 Aug 2005 20:36:16 A.... 197.632 193,00 K urlmon.dll Sat 3 Sep 2005 1:55:08 A.... 605.184 591,00 K shlwapi.dll Sat 3 Sep 2005 1:55:06 A.... 474.112 463,00 K shdocvw.dll Sat 3 Sep 2005 1:55:06 A.... 1.483.776 1,41 M pngfilt.dll Sat 3 Sep 2005 1:55:04 A.... 39.424 38,50 K inseng.dll Sat 3 Sep 2005 1:54:58 A.... 96.768 94,50 K extmgr.dll Sat 3 Sep 2005 1:54:58 ..... 55.808 54,50 K tevpxc~1.dll Thu 20 Oct 2005 16:33:58 A.... 39 0,04 K jhfnebim.dll Mon 14 Nov 2005 11:56:24 A.... 40.960 40,00 K dfjlgijo.dll Mon 14 Nov 2005 11:57:00 A.... 36.864 36,00 K child.dll Mon 14 Nov 2005 11:57:00 A.... 14.336 14,00 K ahglgj32.dll Mon 14 Nov 2005 11:57:06 A.... 6.657 6,50 K appwiz.dll Mon 14 Nov 2005 11:57:06 A.... 65.252 63,72 K wrlogo~1.dll Mon 24 Oct 2005 12:19:50 A.... 492.544 481,00 K 37 items found: 37 files, 0 directories. Total of file sizes: 24.617.779 bytes 23,48 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: De volumenaam van station C is ACER Het volumenummer is 0614-15F2 Map van C:\WINDOWS\System32 04-05-2005 16:17 5 AuxDrv32b_g.oxc 10-03-2005 00:11 5 AuxDrv32_g.dlx 11-06-2003 23:42 <DIR> Microsoft 11-06-2003 23:22 <DIR> dllcache 2 bestand(en) 10 bytes 2 map(pen) 5.722.898.432 bytes beschikbaar
  • lijkt me toch ok hoor. Het kan inderdaad zijn dat er links en rechts wat wijzigingen gebeurd zijn. Je map met tijdelijke internetbestanden wordt geleegd door CCleaner neem ik aan? Heb je het probleem bij alle websites of enkel hier op C!T?
  • Bij alle internetverkeer. Welke website ik ook bezoek, alles begint pas na een groot aantal seconden. Ook het ophalen van e-mail met Thunderbird duurt een eeuwigheid. Niet meteen na het opstarten van het programma wordt alles opgehaald, maar veel seconden daarna pas. Tijdelijke mappen worden inderdaad door CCleaner opgeschoond. Laten we het hier maar even bij laten voor nu. Kunnen we er morgen weer naar kijken? Een goede nacht. Dank voor alle hulp tot nu toe! Willem
  • Scan eerst eens met een anti-spyware scanner: Ad-Aware SE, Spybot Search & Destroy, en kijk of deze wat vinden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.