Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hardnekkige spyware

None
13 antwoorden
  • Hallo,

    Ik heb erg last van moeilijk te verwijderen spyware. Ik heb hitmanpro eroplos gelaten maar die loopt vast. Spybot kon ook niet de spyware verwijderen. Zouden jullie me kunnen helpen?
    Ik heb een logje hijackthis. (Na moeite verkregen omdat het telkens vast liep)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:59:29, on 10-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\DriveCleaner Free\UDC.exe
    C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe
    C:\WINDOWS\TEMP\win5937.tmp.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\iFinger\iFinger.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {618A7E6F-ECD2-B05A-A640-9C2B559283BB} - C:\WINDOWS\system32\grsltzs.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner Free\UDC.exe" /min
    O4 - HKLM\..\Run: [WA6PM_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win5937.tmp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
    O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll
    O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll
    O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
    O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg



    Alvast bedankt!
  • Leuke verzameling :cry:

    Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:9c1b63cc2d]indien aanwezig[/b:9c1b63cc2d]:
    [b:9c1b63cc2d]
    DriveCleaner Free
    Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
    [/b:9c1b63cc2d]

    Herstart je computer.

    Download Combofix naar je Bureaublad.
    [list:9c1b63cc2d]
    Dubbelklik [b:9c1b63cc2d]Combofix.exe[/b:9c1b63cc2d]
    Volg de instructies, aanvaard de disclaimer door "[b:9c1b63cc2d]1[/b:9c1b63cc2d]" te typen en te bevestigen via "[b:9c1b63cc2d]Enter[/b:9c1b63cc2d]".
    Tijdens het runnen van de fix, [b:9c1b63cc2d]NIET[/b:9c1b63cc2d] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9c1b63cc2d]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:9c1b63cc2d]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:9c1b63cc2d]

    [b:9c1b63cc2d]Note:[/b:9c1b63cc2d] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.


    succes!
  • Drivecleaner kreeg ik niet verwijderd :(
    Hier heb je een logje van combofix

    ComboFix 07-10-11.5 - Administrator 2007-10-11 15:14:12.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.589 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free
    C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log
    C:\Documents and Settings\Administrator\Application Data\DriveCleaner Free\Logs\update.log
    C:\Documents and Settings\Administrator\Bureaublad\DriveCleaner Free.lnk
    C:\Documents and Settings\Administrator\err.log
    C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo
    C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Terms.lnk
    C:\Documents and Settings\Administrator\Menu Start\Programma's\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Administrator\ResErrors.log
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\Deinstallieren DriveCleaner.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Anleitung.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Online Hilfe.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner Startseite.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's.\DriveCleaner Free\DriveCleaner.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\Deinstallieren DriveCleaner.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Anleitung.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Online Hilfe.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner Startseite.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\DriveCleaner Free\DriveCleaner.lnk
    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\Common Files\drivecleaner free
    C:\Program Files\Common Files\drivecleaner free\udcwap.exe
    C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\DriveCleaner Free
    C:\Program Files\DriveCleaner Free\Activate.dat
    C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
    C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
    C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
    C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
    C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
    C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
    C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
    C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
    C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
    C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
    C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
    C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
    C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
    C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
    C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
    C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
    C:\Program Files\DriveCleaner Free\Appbase\Far.dat
    C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
    C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
    C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
    C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
    C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
    C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
    C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
    C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
    C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
    C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
    C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
    C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
    C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
    C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
    C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
    C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
    C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
    C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
    C:\Program Files\DriveCleaner Free\Appbase\LView.dat
    C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
    C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
    C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
    C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
    C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
    C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
    C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
    C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
    C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
    C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
    C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
    C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
    C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
    C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
    C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
    C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
    C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
    C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
    C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
    C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
    C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
    C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
    C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
    C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
    C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
    C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
    C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
    C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
    C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
    C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
    C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
    C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
    C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
    C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
    C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
    C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
    C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
    C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
    C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
    C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
    C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
    C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
    C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
    C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
    C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
    C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
    C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
    C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
    C:\Program Files\DriveCleaner Free\atl71.dll
    C:\Program Files\DriveCleaner Free\AV.dat
    C:\Program Files\DriveCleaner Free\bnlink.dat
    C:\Program Files\DriveCleaner Free\diagnosis.dat
    C:\Program Files\DriveCleaner Free\err.log
    C:\Program Files\DriveCleaner Free\InstHelp.exe
    C:\Program Files\DriveCleaner Free\lapv.dat
    C:\Program Files\DriveCleaner Free\license.rtf
    C:\Program Files\DriveCleaner Free\manual.url
    C:\Program Files\DriveCleaner Free\mfc71.dll
    C:\Program Files\DriveCleaner Free\msvcp71.dll
    C:\Program Files\DriveCleaner Free\msvcr71.dll
    C:\Program Files\DriveCleaner Free\pv.dat
    C:\Program Files\DriveCleaner Free\pv.exe
    C:\Program Files\DriveCleaner Free\readme.rtf
    C:\Program Files\DriveCleaner Free\remnag.dat
    C:\Program Files\DriveCleaner Free\ResErrors.log
    C:\Program Files\DriveCleaner Free\ScanReport.dat
    C:\Program Files\DriveCleaner Free\Schedule.dat
    C:\Program Files\DriveCleaner Free\sr.log
    C:\Program Files\DriveCleaner Free\support.url
    C:\Program Files\DriveCleaner Free\UDC.exe
    C:\Program Files\DriveCleaner Free\UDC.xml
    C:\Program Files\DriveCleaner Free\UDC6M.url
    C:\Program Files\DriveCleaner Free\UDCPChk.dll
    C:\Program Files\DriveCleaner Free\unins000.dat
    C:\Program Files\DriveCleaner Free\unins000.exe
    C:\Program Files\DriveCleaner Free\uninstall.ico
    C:\Program Files\DriveCleaner Free\up.dat
    C:\Program Files\DriveCleaner Free\updater.dat
    C:\Program Files\DriveCleaner Free\vbpv.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\Fonts\acrsec.fon
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS
    gd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\drivers\bg_bg.gif
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\close_ico.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\icon_warning_big.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\remove_spyware_header.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\spyware_detected.gif
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_ico.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\gln.dll
    C:\WINDOWS\system32\grsltzs.dll
    C:\WINDOWS\system32\gtv_sd.bin
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32
    usrmgr.exe
    C:\WINDOWS\system32\oembios32.dll
    C:\WINDOWS\system32\sstem3~1
    C:\WINDOWS\system32\sstem3~1\mmc.exe
    C:\WINDOWS\system32\stem32~1
    C:\WINDOWS\system32\stem32~1\?hkdsk.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wapiisv32.exe
    C:\WINDOWS\system32\winrnt32.dll
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Temp\.exe
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\winh32.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))
    .

    2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-08 09:20 4 –a—— C:\WINDOWS\system32\stfv.bin
    2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
    2007-10-08 09:17 32,512 –a—— C:\WINDOWS\system32\ace16win.dll
    2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
    2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
    2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
    2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
    2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
    2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
    2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
    2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
    2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
    2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
    2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
    2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
    2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
    2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
    2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
    2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
    2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
    1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
    2006-11-25 10:11:34 2,560 –sh–r C:\WINDOWS\system32\fooool.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]
    2007-06-19 22:05 70656 –a—— C:\WINDOWS\system32\d3dxim.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
    "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]
    "Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" []
    "Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
    Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{D1159422-16E3-462F-A93D-FB718E100408}"= C:\WINDOWS\system32\d3dxim.dll [2007-06-19 22:05 70656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\bccefdcedffb]
    C:\WINDOWS\system32\bccefdcedffb.dll 2007-10-09 16:18 93184 C:\WINDOWS\system32\bccefdcedffb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\wudb]
    C:\WINDOWS\system32\wudb.dll 2007-06-02 23:21 33792 C:\WINDOWS\system32\wudb.dll

    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
    R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
    S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-11 15:24:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-11 15:25:24 - machine was rebooted
    .
    — E O F —






    [b:9820b18bb6]Ik heb een nieuwe hijackthis scan + logje [/b:9820b18bb6]




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:29:02, on 11-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
    O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O20 - Winlogon Notify: bccefdcedffb - C:\WINDOWS\system32\bccefdcedffb.dll
    O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
    O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg


    End of file - 11010 bytes



    Kan je me hiermee helpen?
  • 1. Ga naar start –> configuratiescherm –> software en verwijder daar:
    [b:0dcb70500c]
    Need2Find
    [/b:0dcb70500c]

    2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:0dcb70500c]
    File::
    C:\WINDOWS\system32\d3dxim.dll
    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\fooool.exe
    C:\WINDOWS\system32\??stem32\?hkdsk.exe
    C:\WINDOWS\system32\SSTEM3~1\mmc.exe
    C:\WINDOWS\system32\bccefdcedffb.dll
    C:\WINDOWS\system32\wudb.dll
    C:\WINDOWS\system32\bccefdcedffb.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\bccefdcedffb]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\wudb]

    Dirlook::
    C:\WINDOWS\system32\SSTEM3~1
    C:\WINDOWS\system32\??stem32

    Folder::
    C:\Program Files\Need2Find
    [/b:0dcb70500c]

    Sla dit op op je Bureaublad als [b:0dcb70500c]CFScript.txt[/b:0dcb70500c]

    Sleep [b:0dcb70500c]CFScript.txt[/b:0dcb70500c] in [b:0dcb70500c]ComboFix.exe[/b:0dcb70500c] zoals getoond in onderstaand voorbeeld :
    [img:0dcb70500c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0dcb70500c]

    Dit zal [b:0dcb70500c]ComboFix[/b:0dcb70500c] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Hier de combofix log:

    ComboFix 07-10-11.5 - Administrator 2007-10-12 15:47:14.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.587 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE::
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\bccefdcedffb.dll
    C:\WINDOWS\system32\d3dxim.dll
    C:\WINDOWS\system32\fooool.exe
    C:\WINDOWS\system32\SSTEM3~1\mmc.exe
    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\system32\wudb.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Need2Find
    C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
    C:\Program Files\Need2Find\bar\History\search
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\bccefdcedffb.dll
    C:\WINDOWS\system32\d3dxim.dll
    C:\WINDOWS\system32\fooool.exe
    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\system32\wudb.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))
    .

    2007-10-12 15:35 233,472 –a—— C:\Program Files\Uninstall Need2Find Bar.dll
    2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
    2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
    2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
    2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
    2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
    2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
    2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
    2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
    2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
    2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
    2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
    2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
    2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
    2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
    2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
    2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
    2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
    2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
    1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    —- Directory of C:\WINDOWS\system32\??stem32 —-

    C:\WINDOWS\system32\??stem32\

    —- Directory of C:\WINDOWS\system32\SSTEM3~1 —-

    C:\WINDOWS\system32\SSTEM3~1\


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
    "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]
    "Cact"="C:\WINDOWS\system32\SSTEM3~1\mmc.exe" []
    "Qtobie"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
    Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]

    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
    R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
    S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-12 15:51:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-12 15:52:43 - machine was rebooted
    C:\ComboFix2.txt … 2007-10-11 15:25
    .
    — E O F —





    Hier hijackthis log





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:54:23, on 12-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
    O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg


    End of file - 8876 bytes



    Alvast bedankt!
  • 1. Schakel NOD32 van HitmanPro uit of verwijder deze via start –> configuratiescherm –> software omdat
    deze anders ruzie gaat maken met je MCafee.

    2. Start Hijackthis, Kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:23a9d6b0d9]
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [Cact] "C:\WINDOWS\system32\SSTEM3~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [Qtobie] C:\WINDOWS\system32\??stem32\?hkdsk.exe
    O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O16 - DPF: {31032508-5443-11D2-8150-0060080BE220} (NATBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATBrowser.ocx
    O16 - DPF: {9FFCDEC6-3906-11D2-8131-0060080BE220} (Three Ships FileIO Control) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileIO.ocx
    O16 - DPF: {A792BC36-6B4E-11D3-97B1-00500460FA55} (NATGrid) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NATGrid.ocx
    O16 - DPF: {B08126A6-3BFF-11D2-8133-0060080BE220} (ThreeShips FileBrowser) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThreeShipsFileBrowser.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    [/b:23a9d6b0d9]

    3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:23a9d6b0d9]
    File::
    C:\Program Files\Uninstall Need2Find Bar.dll
    C:\WINDOWS\system32\SSTEM3~1\mmc.exe
    C:\WINDOWS\system32\??stem32\?hkdsk.exe
    [/b:23a9d6b0d9]

    Sla dit op op je Bureaublad als [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9]

    Sleep [b:23a9d6b0d9]CFScript.txt[/b:23a9d6b0d9] in [b:23a9d6b0d9]ComboFix.exe[/b:23a9d6b0d9] zoals getoond in onderstaand voorbeeld :
    [img:23a9d6b0d9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:23a9d6b0d9]

    Dit zal [b:23a9d6b0d9]ComboFix[/b:23a9d6b0d9] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Wat ik moest aanvinken heb ik verwijderd
  • [quote:4d1cba22ec="pimvandenderen"]Leuke verzameling :cry:

    Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:4d1cba22ec]indien aanwezig[/b:4d1cba22ec]:
    [b:4d1cba22ec]
    DriveCleaner Free
    Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
    [/b:4d1cba22ec]

    Herstart je computer.

    Download Combofix naar je Bureaublad.
    [list:4d1cba22ec]
    Dubbelklik [b:4d1cba22ec]Combofix.exe[/b:4d1cba22ec]
    Volg de instructies, aanvaard de disclaimer door "[b:4d1cba22ec]1[/b:4d1cba22ec]" te typen en te bevestigen via "[b:4d1cba22ec]Enter[/b:4d1cba22ec]".
    Tijdens het runnen van de fix, [b:4d1cba22ec]NIET[/b:4d1cba22ec] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4d1cba22ec]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:4d1cba22ec]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:4d1cba22ec]

    [b:4d1cba22ec]Note:[/b:4d1cba22ec] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.


    succes![/quote:4d1cba22ec]

    wta ik niet snap
    waarom hitmanpro verwijderen??
    is toch een goeie programma met goeie scanners enzo.
    off is het wat anders
    tell me pleasss
    kan ik t ook verwijderen
  • [quote:90137d4309="pimvandenderen"]Leuke verzameling :cry:

    Ga naar start –> configuratiescherm –> software en verwijder daar de volgende programma's, [b:90137d4309]indien aanwezig[/b:90137d4309]:
    [b:90137d4309]
    DriveCleaner Free
    Hitman Pro inclusief al zijn componenten, nod32, spyware doctor etc.
    [/b:90137d4309]

    Herstart je computer.

    Download Combofix naar je Bureaublad.
    [list:90137d4309]
    Dubbelklik [b:90137d4309]Combofix.exe[/b:90137d4309]
    Volg de instructies, aanvaard de disclaimer door "[b:90137d4309]1[/b:90137d4309]" te typen en te bevestigen via "[b:90137d4309]Enter[/b:90137d4309]".
    Tijdens het runnen van de fix, [b:90137d4309]NIET[/b:90137d4309] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:90137d4309]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:90137d4309]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:90137d4309]

    [b:90137d4309]Note:[/b:90137d4309] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.


    succes![/quote:90137d4309]

    wat ik niet snap
    waarom hitmanpro verwijderen??
    is toch een goeie programma met goeie scanners enzo.
    of is het wat anders
    tell me pleasss
    dan kan ik t ook verwjderen
  • Combofix logje:


    ComboFix 07-10-11.5 - Administrator 2007-10-12 18:52:10.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.626 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE::
    C:\Program Files\Uninstall Need2Find Bar.dll
    C:\WINDOWS\system32\SSTEM3~1\mmc.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))
    .

    2007-10-11 15:12 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-10 13:50 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-08 09:17 <DIR> d——– C:\WINDOWS\system32\acespy
    2007-10-06 16:31 560 –a—— C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2007-10-06 16:30 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
    2007-10-06 16:30 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
    2007-10-06 16:26 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
    2007-10-06 16:26 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall\CCRP5 Integrated Development Environment
    2007-09-23 13:09 <DIR> d——– C:\WINDOWS\uninstall
    2007-09-23 13:09 <DIR> d——– C:\Program Files\CCRP5
    2007-09-23 13:07 <DIR> d——– C:\Program Files\ROBOTER
    2007-09-23 13:07 112,128 –a—— C:\WINDOWS\system32\CmCtlDE.dll
    2007-09-23 13:07 33,792 –a—— C:\WINDOWS\system32\CmDlgDE.dll
    2007-09-23 13:07 13,824 –a—— C:\WINDOWS\system32\MSComDE.dll
    2007-09-23 13:07 10,752 –a—— C:\WINDOWS\system32\FlxGdDE.dll
    2007-09-13 21:46 49,536 -ra—— C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-12 16:51 ——— d—–w C:\Program Files\Virtools Web Player 2.1
    2007-10-11 13:00 ——— d—–w C:\Program Files\iFinger
    2007-10-11 13:00 ——— d—–w C:\Program Files\Hitman Pro
    2007-10-11 12:59 ——— d—–w C:\Program Files\Webroot
    2007-10-11 12:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-11 12:57 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Lavasoft
    2007-09-28 13:18 ——— d—–w C:\Program Files\EA SPORTS
    2007-09-10 19:07 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Canon
    2007-09-04 16:01 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-04 16:01 ——— d—–w C:\Program Files\Kazaa
    2007-09-04 15:50 1,761 —-a-w C:\WINDOWS\Fonts\acrsecB.fon
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    1999-04-06 16:19 99,840 —-a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 01:53 70,144 —-a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 01:53 48,640 —-a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 01:53 31,744 —-a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 01:53 186,368 —-a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 01:53 17,920 —-a-w C:\Program Files\Common Files\IRASRIAL.DLL
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-11_15.24.48.95 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-04 08:03:23 417,792 -c–a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2004-08-04 08:03:23 178,176 -c–a-w C:\WINDOWS\system32\dllcache\wbemdisp.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-23 13:27 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-24 12:06 C:\WINDOWS\ALCWZRD.EXE]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 15:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
    "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-13 07:39]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-02-18 12:45:24]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-02-18 12:45:16]
    Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-04-06 18:20:18]

    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
    R3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
    S3 hwdatacard;HUAWEI Multimedia USB Driver Disk;C:\WINDOWS\system32\DRIVERS\hwusbmdm.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-03 20:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-12 18:54:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-12 18:54:33
    C:\ComboFix2.txt … 2007-10-12 15:52
    C:\ComboFix3.txt … 2007-10-11 15:25
    .
    — E O F —




    [b:a39e2f8962]Hijackthis logje[/b:a39e2f8962]



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:55:50, on 12-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O24 - Desktop Component 0: (no name) - http://jufroos.waarbenjij.nu/files/waarbenjij.nu/j/jufroos/457b19b67ed34306398488/file95584694.jpg


    End of file - 7561 bytes
  • Hitman Pro heeft een aantal trail versies erin zitten van 30 dagen,
    deze werken in het begin leuk maar daarna vertragen ze het systeem
    alleen maar: http://www.vragenforum.nl/bv2.php?article=30

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
    Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c].

    Het volgende doen als je ook [u:21e7a4685c]FireFox[/u:21e7a4685c] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:21e7a4685c]Empty Selected.[/b:21e7a4685c]

    Het volgende doen als je ook [u:21e7a4685c]Opera[/u:21e7a4685c] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:21e7a4685c]Select All[/b:21e7a4685c].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:21e7a4685c]Empty Selected[/b:21e7a4685c].
    Ga naar het tabblad "Main" en klik op de knop [b:21e7a4685c]Exit[/b:21e7a4685c] om het programma af te sluiten.

    Download Dr.Web Cureit naar je bureaublad.
    [list:21e7a4685c]
    * Dubbelklik [b:21e7a4685c]drweb-cureit.exe[/b:21e7a4685c] en sta het toe om de express scan te starten.
    * Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
    * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:21e7a4685c]Yes to all[/b:21e7a4685c] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    * Kies bovenaan in het menu voor [b:21e7a4685c]Language/Taal[/b:21e7a4685c] en wijzig deze naar [b:21e7a4685c]Dutch (Nederlands)[/b:21e7a4685c] indien deze bij jou anders staat ingesteld.
    * Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Acties[/b:21e7a4685c] en stel daar het volgende in onder [b:21e7a4685c]Malware[/b:21e7a4685c] :
    o Adware: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
    Dialers: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
    Jokes: [b:21e7a4685c]Rapportage[/b:21e7a4685c]
    Riskware: [b:21e7a4685c]Rapportage[/b:21e7a4685c]
    Hacktools: [b:21e7a4685c]Verplaats[/b:21e7a4685c]
    Haal dan het [b:21e7a4685c]vinkje weg bij "Prompt bij actie"[/b:21e7a4685c].
    Druk dan op [b:21e7a4685c]OK[/b:21e7a4685c].
    * Druk op [b:21e7a4685c]F9[/b:21e7a4685c] en kies daarna voor [b:21e7a4685c]Scan[/b:21e7a4685c] en verwijder het vinkje bij [b:21e7a4685c]Heuristische analyse[/b:21e7a4685c] en klik op [b:21e7a4685c]OK[/b:21e7a4685c].
    * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
    * Selecteer hier [b:21e7a4685c]alle stations[/b:21e7a4685c]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    * Klik daarna de groene pijl[/color:21e7a4685c] rechts om de scan te starten.
    * Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is.
    * Nadat de scan gedaan is, in het menu bovenaan, klik [b:21e7a4685c]Bestand[/b:21e7a4685c] en kies [b:21e7a4685c]Rapportage lijst opslaan[/b:21e7a4685c]. Bewaar het op je Bureaublad.
    * Sluit daarna Dr.Web Cureit.
    * [b:21e7a4685c]Herstart[/b:21e7a4685c] je computer!! [i:21e7a4685c]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.[/i:21e7a4685c]
    * Na het herstarten, [b:21e7a4685c]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.[/b:21e7a4685c]
    [/list:u:21e7a4685c]

    Succes!

    Pim
  • Alle spyware is er al vanaf :D En de pc doet gewoon weer normaal thx!!

    Is het dan nog persé nodig dat ik hetgene nog doe wat je in je laatste post hebt staan?
  • Graag gedaan alvast :wink:

    Die Drweb scan wou ik voor de zekerheid even laten uitvoeren, omdat er toch aardig wat spyware opzat. Opzich hoef je deze niet te doen, maar ter controle is het opzich wel handig! Het is je eigen keus natuurlijk :wink:

    Wel moet je dringend je Java even updaten:

    De Java software op je computer is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
    Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
    * Download Java Runtime Environment (JRE) 6u3

    * Scroll omlaag naar : "Java Runtime Environment (JRE) 6u3".
    * Klik op de "[b:39e5f2f1d2]Download[/b:39e5f2f1d2]" knop aan de rechterkant.
    * Vink aan: "[b:39e5f2f1d2]Accept[/b:39e5f2f1d2] License Agreement".
    * De pagina zal herladen.
    * Klik op de link om Windows [b:39e5f2f1d2]Offline[/b:39e5f2f1d2] Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    * Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    * Ga dan naar [b:39e5f2f1d2]Start > Configuratiescherm > Software[/b:39e5f2f1d2] en verwijder alle oudere versies van Java uit de Softwarelijst.
    * Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    * Klik dan op [b:39e5f2f1d2]Verwijderen[/b:39e5f2f1d2] of op de [b:39e5f2f1d2]Wijzig/Verwijder[/b:39e5f2f1d2] knop.
    * Herhaal dit tot alle oudere versies verdwenen zijn.
    * Na het verwijderen van alle oudere versies, [b:39e5f2f1d2]herstart[/b:39e5f2f1d2] je pc.
    * Dubbelklik vervolgens op [b:39e5f2f1d2]jre-6u3-windows-i586-p.exe[/b:39e5f2f1d2] op je Bureaublad om de nieuwste versie van Java te installeren.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.