Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Computer heeft last van talloze trojans + HJT-log.

Endor
27 antwoorden
  • Hallo iedereen!

    Gisteren ging mijn pc zo tergend langzaam, dat ik met Avira een volledige scan heb gedaan. Je zal verschieten, maar er waren rond de 25 trojans en nog andere virussen gevonden.
    Sommige trojans zaten in foto's van 2002 die bij mijn weten toch onschadelijk zijn :? .
    Pc is ook zeer traag en crasht graag.
    Hierbij dan een HJT-log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:40, on 17/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://86.81.0.69:1024/activex/AMC.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 6525 bytes

    In hoeverre ik er iets van ken, lijkt me die log toch schoon hoor.
    Er zitten vast nog talloze virussen erop, ben ik zeker van.

    Bedankt voor ernaar te kijken!

    Endor.
  • Je logje is zo clean als wat. Moet je eens wat dieper kijken door Malwarebytes Anti Malware te downloaden en een logje hiervan te plaatsen.
  • Hallo Kape!
    Bedankt voor je snelle antwoord.
    Hier de log van Mbam:

    Malwarebytes' Anti-Malware 1.20
    Database versie: 960
    Windows 5.1.2600 Service Pack 2

    12:54:02 17/07/2008
    mbam-log-7-17-2008 (12-54-02).txt

    Scan type: Volledige Scan (C:\|)
    Objecten gescand: 130734
    Verstreken tijd: 1 hour(s), 14 minute(s), 37 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Helemaal niets gevonden

    Nieuw HJT-log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:06, on 17/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://86.81.0.69:1024/activex/AMC.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 6525 bytes

    IDD, als een HJT-log niets vertoond, wilt het niet voor 100 % zeggen dat er niets mis is, maar is wel duidelijk iets mis.

    Combofix dan maar, ken ik niet zo heel goed, hoe doe ik dat, + die recovery console installeren?
  • Hier - http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden - alles over Combofix.
  • Bedankt KAPE!
    Zodra combofix gedraait heeft zal ik de log posten!
  • Combofix heeft gedraaid, maar tot mijn verbazing niet lang :o .
    Zoals je ziet is het gedraaid op gebruikersnaam Lennart, moet ik combofix ook draaien op andere gebruikersnamen?
    Hier is de log:


    ComboFix 08-07-17.3 - lennart 2008-07-18 10:56:59.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.242 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\lennart\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    [b:a1dfa7451d]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:a1dfa7451d][/color:a1dfa7451d]
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com
    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com\Spyware Remover\Live Update.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com\Spyware Remover\Popup Watch.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com\Spyware Remover\Spy Add Remove.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com\Spyware Remover\Spy Watch.lnk
    C:\Documents and Settings\All Users\Menu Start\Programma's\BulletProofSoft.com\Spyware Remover\Spyware Remover.lnk
    C:\Program Files\BulletProofSoft.com
    C:\Program Files\BulletProofSoft.com\SpywareRemover\AddRemove.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\BM.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\errorlog.txt
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\about-icon.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\about.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\auto-remove-files-opt.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\backup-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\backup-window-small.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\check-mark.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\clear-log.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\configuration.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\desktop-icon.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\exit.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\help-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\help-icon.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\help.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\home-icon.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\ignore-list-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\ignore-list.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\launch-spyware.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\live-update-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\LSPHelp.htm
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\monitor-on.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\ok-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\options1.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\options1a.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\options2a.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\options3a.JPG
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\popup-watch-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\popup-watch-window.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\remove-auto-opt.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\remove-selection-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\save-log-auto-opt.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\save-log.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-1.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-2.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-folder-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-folder.JPG
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-log-window.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-on-start-option.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\scan-sections.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\select-all-spyware-components-option.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\settings-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\shop-icon.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spy-uninstaller-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spy-uninstaller-window.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spy-watch-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spyware1.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-auto-pop.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-autostart.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-force.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-lauch.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-options-small.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-remove-bad.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch-time-interval.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\spywatch.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\stop-scan-button.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\Thumbs.db
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\view-current-process.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Ini\update.ref
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\arabic.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Chinese.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Dutch.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\English.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Francais.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\German.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano1.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Italiano1.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Japanese.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Korean.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\portugues.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Slovenian.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Spanish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Swedish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Lang\Turkish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\License.rtf
    C:\Program Files\BulletProofSoft.com\SpywareRemover\License.txt
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.cli
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LiveUpdate.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPFix.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\Arabic.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\Arabic.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\English.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\English.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\Thumbs.db
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\Images\advanced-window-options.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\Images\main-small.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\Images\main-window-options.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\Images\menu.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Help\Images\tray-menu-options.jpg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\arabic.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Dutch.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\English.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Français.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\German.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Italiano1.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\português.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\português.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Slovenian.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Spanish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Swedish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.bmp
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Lang\Turkish.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound1.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound10.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound11.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound12.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound13.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound14.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound15.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound16.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound17.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound18.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound19.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound2.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound20.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound21.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound22.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound23.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound24.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound25.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound26.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound27.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound28.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound3.wav
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound4.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound5.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound6.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound7.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound8.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\Sounds\Sound9.WAV
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Readme.txt
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Remove.reg
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Setting.ini
    C:\Program Files\BulletProofSoft.com\SpywareRemover\SM.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyLog27-09-04-91916.txt
    C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
    C:\Program Files\BulletProofSoft.com\SpywareRemover\zlib.dll
    C:\Program Files\Common Files\uninstall information
    C:\WINDOWS\Downloaded Program Files\setup.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))
    .

    2008-07-17 11:31 . 2008-07-07 17:35 34,296 –a–c— C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
    2008-07-17 11:31 . 2008-07-07 17:35 17,144 –a–c— C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-07-17 11:04 . 2008-07-17 11:04 <DIR> dr-h-c— C:\Documents and Settings\lennart\Onlangs geopend
    2008-07-13 14:26 . 2008-07-13 14:26 <DIR> d—-c— C:\Program Files\ADJ Video Decoder

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-17 09:31 ——— dc—-w C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 16:45 ——— dc—-w C:\Program Files\World of Warcraft
    2008-06-22 14:10 ——— dc—-w C:\Program Files\Apple Software Update
    2008-06-22 12:41 ——— dc—-w C:\Program Files\iTunes
    2008-06-22 12:41 ——— dc—-w C:\Program Files\iPod
    2008-06-22 12:38 ——— dc—-w C:\Program Files\QuickTime
    2008-06-20 10:45 360,320 -c–a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 -c–a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 -c–a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 18:00 272,640 -c—-w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-27 18:12 ——— dc—-w C:\Program Files\Avira
    2008-05-27 18:12 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-24 13:45 ——— dc—-w C:\Program Files\AVG
    2008-05-24 13:45 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-05-20 18:44 ——— dc—-w C:\Documents and Settings\lennart\Application Data\U3
    2006-05-28 08:21 135 -c–a-w C:\Documents and Settings\jasper\AutoUpdate.dat
    2005-07-03 16:26 6,816,904 -c–a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
    2005-01-12 17:18 3,276,296 -c–a-w C:\Program Files\BSINSTALL.exe
    2004-10-06 12:30 9,038,408 -c–a-w C:\Program Files\winamp505_strata.exe
    2004-08-22 12:48 4,354,084 -c–a-w C:\Program Files\spybotsd13.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-01 20:40 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= L3codecp.acm
    "msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
    "msacm.divxa32"= DivXa32.acm
    "msacm.enc"= ITIG726.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a–c— 2005-07-14 16:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    –a—— 2004-08-04 10:03 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
    –a–c— 2002-04-03 03:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    –a–c— 2003-08-13 12:27 28672 C:\WINDOWS\SYSTEM32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    –a–c— 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a–c— 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a–c— 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    –a–c— 2003-02-13 03:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a–c— 2007-03-01 20:40 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.5.0-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.8.4-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.10.0-enGB-downloader.exe"=
    "C:\\LELEUX\\bcmcmw32.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\SecondLife\\SLVoice.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    S3 kbeepm;kbeepm;C:\DOCUME~1\lennart\LOCALS~1\Temp\kbeepm.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11de6a12-2642-11dd-a398-000cf1881ce9}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\9169AC1392F27F0F.job"
    - c:\docume~1\magikook\applic~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\A2086EB79187E7D7.job"
    - c:\docume~1\lennart\applic~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\AD03445B9180F80F.job"
    - c:\progra~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\ADE83E719183B19D.job"
    - c:\docume~1\lennart\applic~1\meetca~1\onebiasthis.exe
    "2008-07-15 05:55:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-default show - C:\PROGRA~1\MEETCA~1\about mfcd.exe
    MSConfigStartUp-dla - C:\WINDOWS\system32\dla\tfswctrl.exe
    MSConfigStartUp-PCMService - C:\Program Files\Dell\Media Experience\PCMService.exe


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-18 11:05:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
    C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
    C:\WINDOWS\SYSTEM32
    vsvc32.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-07-18 11:19:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-18 09:19:25

    Pre-Run: 24,018,235,392 bytes beschikbaar
    Post-Run: 24,024,993,792 bytes beschikbaar

    346 — E O F — 2008-07-16 13:33:25

    Ook een nieuw HJT-log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:39:55, on 18/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://86.81.0.69:1024/activex/AMC.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 6727 bytes

    Desondanks al deze verwijdering is er absoluut geen verbetering merkbaar :? .

    Wat zijn de volgende stappen?
  • Het zal je wel duidelijk zijn dat je een "vals" spywareprogramma op je PC had lopen : Spyware Remover. Combofix lijkt dit volledig opgeruimd te hebben. Kijk nog wel even na of je daar nog sporen van kan vinden.

    Verwijder al deze taken eens uit de "Gedeelde Taken"-map

    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\9169AC1392F27F0F.job"
    - c:\docume~1\magikook\applic~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\A2086EB79187E7D7.job"
    - c:\docume~1\lennart\applic~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\AD03445B9180F80F.job"
    - c:\progra~1\meetca~1\onebiasthis.exe
    "2008-07-18 09:00:00 C:\WINDOWS\Tasks\ADE83E719183B19D.job"
    - c:\docume~1\lennart\applic~1\meetca~1\onebiasthis.exe

    en laat daarna eens weten of dit enig verschil maakt ?

    En kan je mij eens informeren wat de volledige naam van deze map (Meetca….) is :

    C:\PROGRA~1\MEETCA~1\about mfcd.exe

    En ook op de andere accounts moet je alle programma's hun werk laten doen.
  • Ok, zal ik zeker doen!

    Hoe verwijder ik de taken uit "Gedoeelde taken" map?

    Ik heb geen flauw idee wat C:\PROGRA~1\MEETCA~1\about mfcd.exe is, nooit van gehoord.
  • Hier vind je alle taken en kan je de verschillende jobs verwijderen : C:\WINDOWS\Tasks

    Verwijder ook die map C:\PROGRA~1\MEETCA~1 maar meteen.

    En dan lees ik wel of dit iets heeft opgeleverd.
  • Ik zit in C:\WINDOWS maar zie de sub map TASKS niet staan.

    Ook kan in nergens "Gedeelde Taken"-map vinden :x
  • EDIT: Juist de map tasks eindelijk gevonden!
    Gedeelde mappen nog niet, helaas :?
  • [quote:f0589c30f1="Endor"]Ik zit in C:\WINDOWS maar zie de sub map TASKS niet staan.[/quote:f0589c30f1] Erg vreemd, nu zet je me wel even met de mond vol tanden :( Want ik geloof niet dat Tasks een map is die normaal verborgen wordt of als systeemmap beschouwd wordt (waardoor ze normaal niet zichtbaar is in je C:\Windows-root).

    Probeer dan eens met de zoekfunctie te ontdekken waar bvb. dit bestand ADE83E719183B19D.job zich bevindt. Zo kom je er misschien achter waar die Tasks op je PC aanwezig zijn. Die "gedeelde mappen" of "gedeelde taken" is enkel een aanduiding van alles wat er in zit, geen specifieke plaats op je PC.
  • Ik heb het gevonden en heb de desbetreffende task verwijdert.
    Ik ga nu beginnen aan de andere accounts, dit kan even duren.
    Ben nu op gebruikersaccount 1.
    Ik heb Ccleaner alles laten cleanen, maar toen ik MBAM wou updaten kreeg ik deze error: Error code 723 (2, 0)
    Dit gebeurde toen ik MBAM wou updaten :? .
    Ik heb alvast een HJT-log genomen:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:48:21, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-2200123971-1191529400-553185127-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'lennart')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin
    pjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin
    pjpi160_06.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://86.81.0.69:1024/activex/AMC.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe


    End of file - 7210 bytes

    Ik hoop dat je nog kan volgen ;).
  • Dit log is OK.

    Ken jij eigenlijk deze site : http://gretnaweddings-anvilhall.remotemanager.co.uk ???
  • Ja.
    Vrienden van ons zijn daar gaan trouwen en wij hebben dat live gevolgt op onze computer, was lachen :lol: .

    Zal ik MBAM verwijderen en herinstalleren?
  • [quote:8fc8ce73f2="Endor"]Zal ik MBAM verwijderen en herinstalleren?[/quote:8fc8ce73f2] Yep.
  • Ik ga dus naar config –> software. Maar daar staat MBAM helemaal niet tussen :? .
    Ik maar scrollen, maar ik vond het dus niet.
    Maar wat zie ik wél staan? Spyware remover!
    Direct verwijdert uiteraard, maar dat wil zeggen dat combofix zijn werkt niet echt goed heeft gedaan lijkt me?

    EDIT: Juist MBAM herinstalleert en wat krijg ik als melding?

    C:/Program files/MBAM/MBAMext.dll
    Kan DLL /OCX niet registreren: REGSVR32 mislukt met afsluitcode 0x5.

    Bah zeg ..
    Als ik die inactieve accounts verwijder, is dat een oplossing?
  • [quote:4c29e99e55="Endor"]Ik ga dus naar config –> software. Maar daar staat MBAM helemaal niet tussen [/quote:4c29e99e55] Klopt. Dit moet je verwijderen via Windows Verkenner.

    [quote:4c29e99e55] Maar wat zie ik wél staan? Spyware remover! Direct verwijdert uiteraard, maar dat wil zeggen dat combofix zijn werkt niet echt goed heeft gedaan lijkt me?[/quote:4c29e99e55] Dat was de reden waarom ik in een eerder bericht gemeld had dat je nog eens goed moest kijken of je nog sporen van Spyware Remover op je PC kon terugvinden. Maar ik begrijp natuurlijk wel dat je nu niet onmiddellijk bij de Software gaat zoeken, als je vermoed dat alles verwijderd is. Nu is het opgeruimd = OK.
  • [quote:9c39f5b915="Endor"] Als ik die inactieve accounts verwijder, is dat een oplossing?[/quote:9c39f5b915] Als ze echt inactief zijn … zeker ! En daarna alles weer opkuisen met CCleaner. Zowel de gewone clean als de registerclean uitvoeren.
  • Ok, zal ik doen met MBAM.

    Ik hoop het ivm spyware remover!

    Ik zal ze verwijderen, er wordt maar 1 gezamenlijk account gebruikt namenlijk.

    Daarna op het gezamenlijk account alles terug laten lopen zoals ATF cleaner, Ccleaner, MBAM en combofix?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.