Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Probleem pop-ups

Anoniem
Othuroyo
17 antwoorden
  • Ik krijg sinds vandaag pop-ups in mozilla firefox als ik aan het surfen ben… tevens krijg ik bij op het opstarten van de pc een foutmelding dat bamonipc.dll en zanamalo.dll in de windows/system32 directory niet goed werken.

    Ik heb ook het idee dat mijn pc een stuk trager is geworden.

    Zouden jullie even naar mijn hijack log kunnen kijken?

    [quote:8b70ca33db]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13:25, on 17-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Gnoozle\Gnoozle.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8a3186b9-ca68-4e9e-8a62-adbb0bd06df2} - C:\WINDOWS\system32\vowowono.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: {e3fb3a0d-e936-fe9b-fee4-bae7d55425dd} - {dd52455d-7eab-4eef-b9ef-639ed0a3bf3e} - C:\WINDOWS\system32\wgcpts.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CPM4f6cb761] Rundll32.exe "C:\WINDOWS\system32\bamonipo.dll",a
    O4 - HKLM\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Gnoozle.lnk = ?
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\vizaratu.dll wgcpts.dll c:\windows\system32\bamonipo.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bamonipo.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bamonipo.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 12142 bytes[/quote:8b70ca33db]
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:ed6a17ad52]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8a3186b9-ca68-4e9e-8a62-adbb0bd06df2} - C:\WINDOWS\system32\vowowono.dll
    O2 - BHO: {e3fb3a0d-e936-fe9b-fee4-bae7d55425dd} - {dd52455d-7eab-4eef-b9ef-639ed0a3bf3e} - C:\WINDOWS\system32\wgcpts.dll
    O4 - HKLM\..\Run: [CPM4f6cb761] Rundll32.exe "C:\WINDOWS\system32\bamonipo.dll",a
    O4 - HKLM\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s (User 'Lokale service')
    O20 - AppInit_DLLs: C:\WINDOWS\system32\vizaratu.dll wgcpts.dll c:\windows\system32\bamonipo.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bamonipo.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bamonipo.dll (file missing)
    [/b:ed6a17ad52]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:ed6a17ad52]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\system32\vowowono.dll
    C:\WINDOWS\system32\wgcpts.dll
    C:\WINDOWS\system32\bamonipo.dll
    C:\WINDOWS\system32\zanamalo.dll
    C:\WINDOWS\system32\vizaratu.dll) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:ed6a17ad52]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

    ownload [b:ed6a17ad52] en sla het op je bureaublad op.
    Dubbelklik op [b:ed6a17ad52]mbam-setup.exe[/b:ed6a17ad52] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:ed6a17ad52]
    [*:ed6a17ad52]Update MalwareBytes' Anti-Malware
    [*:ed6a17ad52]Start MalwareBytes' Anti-Malware
    [/list:u:ed6a17ad52]Klik daarna op "[b:ed6a17ad52]Voltooien[/b:ed6a17ad52]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:ed6a17ad52]
    [*:ed6a17ad52]Zodra het programma gestart is, ga dan naar het tabblad "[b:ed6a17ad52]Instellingen[/b:ed6a17ad52]".
    [*:ed6a17ad52]Vink hier aan: "[b:ed6a17ad52]Sluit Internet Explorer tijdens verwijdering van malware[/b:ed6a17ad52]".
    [*:ed6a17ad52]Ga daarna naar het tabblad "[b:ed6a17ad52]Scanner[/b:ed6a17ad52]", kies hier voor "[b:ed6a17ad52]Snelle Scan[/b:ed6a17ad52]".
    [*:ed6a17ad52]Druk vervolgens op "[b:ed6a17ad52]Scannen[/b:ed6a17ad52]" om de scan te starten.
    [*:ed6a17ad52]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:ed6a17ad52]Wanneer de scan voltooid is, klik op [b:ed6a17ad52]OK[/b:ed6a17ad52], daarna "[b:ed6a17ad52]Bekijk Resultaten[/b:ed6a17ad52]" om de resultaten te zien.
    [*:ed6a17ad52]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:ed6a17ad52]Verwijder geselecteerde[/b:ed6a17ad52]".
    [*:ed6a17ad52]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:ed6a17ad52]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:ed6a17ad52]Logs[/b:ed6a17ad52]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Alles uitgevoerd zoals hier boven, vooralsnog geen foutmelding of pop-ups gehad.

    [quote:d54512c355]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:49:40, on 17-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Gnoozle\Gnoozle.exe
    C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Gnoozle.lnk = ?
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 11305 bytes
    [/quote:d54512c355]

    [quote:d54512c355]Deleting files
    C:\WINDOWS\system32\vowowono.dll not found
    C:\WINDOWS\system32\wgcpts.dll deleted
    C:\WINDOWS\system32\bamonipo.dll not found
    C:\WINDOWS\system32\zanamalo.dll not found
    C:\WINDOWS\system32\vizaratu.dll not found
    [/quote:d54512c355]

    [quote:d54512c355]Malwarebytes' Anti-Malware 1.33
    Database versie: 1663
    Windows 5.1.2600 Service Pack 3

    17-1-2009 20:46:20
    mbam-log-2009-01-17 (20-46-20).txt

    Scan type: Snelle Scan
    Objecten gescand: 94619
    Verstreken tijd: 22 minute(s), 38 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 2
    Registersleutels geïnfecteerd: 8
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 3
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\vizaratu.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vowowono.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a3186b9-ca68-4e9e-8a62-adbb0bd06df2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8a3186b9-ca68-4e9e-8a62-adbb0bd06df2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a3186b9-ca68-4e9e-8a62-adbb0bd06df2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poduhazudo (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vizaratu.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vizaratu.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vizaratu.dll -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\vowowono.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vizaratu.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\Documents and Settings\Peter Gloudemans\Local Settings\Temporary Internet Files\Content.IE5\OIY1ZL8Q\wAqeBZc[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Peter Gloudemans\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
    [/quote:d54512c355]
  • Heb je na de MBAM scan je pc opnieuw opgestart?
  • jep opnieuw opgestart
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:f436e1202a]O4 - HKUS\S-1-5-19\..\Run: [poduhazudo] Rundll32.exe "C:\WINDOWS\system32\zanamalo.dll",s (User 'Lokale service')[/b:f436e1202a]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Bij deze:

    [quote:4917fa79e3]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:49:39, on 18-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Gnoozle\Gnoozle.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Gnoozle.lnk = ?
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 10484 bytes
    [/quote:4917fa79e3]

    [quote:4917fa79e3]ComboFix 09-01-17.03 - Peter Gloudemans 2009-01-18 13:12:21.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.591 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Peter Gloudemans\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\IE4 Error Log.txt
    c:\windows\msnimport.exe
    c:\windows\system32\gisiyojo.dll
    c:\windows\system32\oloyijem.ini
    c:\windows\system32\sozivado.dll
    c:\windows\system32\talogevi.dll
    c:\windows\system32\uxtged.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))
    .

    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\Peter Gloudemans\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-17 20:21 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-17 15:44 . 2009-01-17 15:44 <DIR> d——– c:\program files\Trend Micro
    2009-01-17 15:22 . 2009-01-17 15:22 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-17 15:22 . 2009-01-17 16:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-17 15:15 . 2009-01-17 15:22 <DIR> d——– c:\program files\SpywareBlaster
    2009-01-17 15:15 . 2005-08-25 19:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
    2009-01-17 15:05 . 2009-01-17 15:05 <DIR> d——– c:\program files\CCleaner
    2009-01-17 14:45 . 2009-01-17 14:45 <DIR> d——– c:\documents and settings\All Users\Application Data\McAfee
    2008-12-25 13:04 . 2008-12-25 13:04 <DIR> d——– c:\program files\Common Files\Skype
    2008-12-25 13:04 . 2008-12-25 13:04 56 –ah—– c:\windows\system32\ezsidmv.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 12:12 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-17 17:37 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Skype
    2009-01-17 17:20 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\skypePM
    2009-01-17 15:06 ——— d—–w c:\program files\Everest Poker
    2008-12-13 06:39 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-09 15:54 ——— d—–w c:\program files\MSECache
    2008-12-07 11:47 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Ahead
    2008-12-06 16:53 ——— d—–w c:\program files\Ahead
    2008-12-06 16:53 ——— d—–w c:\documents and settings\All Users\Application Data\Ahead
    2008-12-06 16:37 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-06 10:06 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-05 21:42 ——— d—–w c:\documents and settings\All Users\Application Data\Nero
    2008-12-05 21:16 ——— d—–w c:\program files\Nero
    2008-12-04 20:29 ——— d—–w c:\program files\FTDv3.8
    2008-12-04 20:26 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\GrabIt
    2008-12-04 20:24 ——— d—–w c:\program files\GrabIt
    2008-12-03 22:21 ——— d—–w c:\program files\Dialang
    2008-12-03 22:20 ——— d—–w c:\program files\DivX
    2008-12-03 22:14 ——— d—–w c:\program files\Windows Live
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Media Connect 2
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Live Toolbar
    2008-12-03 22:11 ——— d—–w c:\program files\PokerStars
    2008-12-03 22:11 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 22:11 ——— d—–w c:\program files\Hema Album Software Advanced
    2008-12-03 22:11 ——— d—–w c:\program files\Gnoozle
    2008-12-03 22:09 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-12-03 22:00 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-03 21:52 ——— d—–w c:\program files\MSN Messenger
    2008-12-03 21:48 360,580 —-a-w c:\windows\eSellerateEngine.dll
    2008-10-24 11:21 455,296 ——w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:43 286,720 ——w c:\windows\system32\dllcache\gdi32.dll
    2008-03-09 16:25 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2005-08-27 13:29 68,800 —-a-w c:\program files\MC
    2008-08-28 18:42 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082820080829\index.dat
    2008-10-17 16:56 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Peter Gloudemans\Menu Start\Programma's\Opstarten\
    Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-02-18 111376]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-02-18 51984]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-09 113664]
    Gnoozle.lnk - c:\program files\Gnoozle\Gnoozle.exe [2005-04-30 126976]
    Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe [2007-10-05 913408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "vidc.avrn"= AvidAVICodec.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:4917fa79e3]0[/u:4917fa79e3]SsiEfr.e

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Gnoozle\\Gnoozle.exe"=
    "c:\\championchipmanager4\\cm4\\cm4.exe"=
    "c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\F1News.nl\\WS_FTP\\WS_FTP95.EXE"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\Services\\ServiceLayer.exe"=]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S3 DCamUSBSvis;Sound Vision Stream Driver;c:\windows\system32\drivers\svstream.sys [2005-09-08 93000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a11f257-a5f7-11d9-ad34-806d6172696f}]
    \Shell\AutoRun\command - D:\DVD-W.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-17 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-26 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    MSConfigStartUp-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe


    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    FF - ProfilePath - c:\documents and settings\Peter Gloudemans\Application Data\Mozilla\Firefox\Profiles\ebf3qfki.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602
    pCIDetect13.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 13:26:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*]
    "Data"="InstallTime=1c5fb83:f8e7b730\[u:4917fa79e3]0[/u:4917fa79e3]d\[u:4917fa79e3]0[/u:4917fa79e3]aLastRunTime=1c5fb83:f8e7b730\[u:4917fa79e3]0[/u:4917fa79e3]d\[u:4917fa79e3]0[/u:4917fa79e3]a"
    .
    Voltooingstijd: 2009-01-18 13:30:01
    ComboFix-quarantined-files.txt 2009-01-18 12:28:44

    Pre-Run: 14,284,820,480 bytes beschikbaar
    Post-Run: 15,026,556,928 bytes beschikbaar

    184 — E O F — 2009-01-15 18:29:23
    [/quote:4917fa79e3]




  • Heb je PokerStars vrijwillig geïnstalleerd?

    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Pokerstarts vrijwillig geinstalleerd.. heb het nu verwijdert :)

    hier de logs nog eenmaal:

    [quote:2e51ae2e7d]ComboFix 09-01-17.04 - Peter Gloudemans 2009-01-18 15:51:56.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.353 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Peter Gloudemans\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Peter Gloudemans\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))
    .

    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\Peter Gloudemans\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-17 20:21 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-17 15:44 . 2009-01-17 15:44 <DIR> d——– c:\program files\Trend Micro
    2009-01-17 15:22 . 2009-01-17 15:22 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-17 15:22 . 2009-01-17 16:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-17 15:15 . 2009-01-17 15:22 <DIR> d——– c:\program files\SpywareBlaster
    2009-01-17 15:15 . 2005-08-25 19:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
    2009-01-17 15:05 . 2009-01-17 15:05 <DIR> d——– c:\program files\CCleaner
    2009-01-17 14:45 . 2009-01-17 14:45 <DIR> d——– c:\documents and settings\All Users\Application Data\McAfee
    2008-12-25 13:04 . 2008-12-25 13:04 <DIR> d——– c:\program files\Common Files\Skype
    2008-12-25 13:04 . 2008-12-25 13:04 56 –ah—– c:\windows\system32\ezsidmv.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 14:57 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Skype
    2009-01-18 14:45 ——— d—–w c:\program files\PokerStars
    2009-01-18 12:53 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\skypePM
    2009-01-18 12:12 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-17 15:06 ——— d—–w c:\program files\Everest Poker
    2008-12-13 06:39 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-09 15:54 ——— d—–w c:\program files\MSECache
    2008-12-07 11:47 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Ahead
    2008-12-06 16:53 ——— d—–w c:\program files\Ahead
    2008-12-06 16:53 ——— d—–w c:\documents and settings\All Users\Application Data\Ahead
    2008-12-06 16:37 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-06 10:06 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-05 21:42 ——— d—–w c:\documents and settings\All Users\Application Data\Nero
    2008-12-05 21:16 ——— d—–w c:\program files\Nero
    2008-12-04 20:29 ——— d—–w c:\program files\FTDv3.8
    2008-12-04 20:26 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\GrabIt
    2008-12-04 20:24 ——— d—–w c:\program files\GrabIt
    2008-12-03 22:21 ——— d—–w c:\program files\Dialang
    2008-12-03 22:20 ——— d—–w c:\program files\DivX
    2008-12-03 22:14 ——— d—–w c:\program files\Windows Live
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Media Connect 2
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Live Toolbar
    2008-12-03 22:11 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 22:11 ——— d—–w c:\program files\Hema Album Software Advanced
    2008-12-03 22:11 ——— d—–w c:\program files\Gnoozle
    2008-12-03 22:09 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-12-03 22:00 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-03 21:52 ——— d—–w c:\program files\MSN Messenger
    2008-12-03 21:48 360,580 —-a-w c:\windows\eSellerateEngine.dll
    2008-10-24 11:21 455,296 ——w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:43 286,720 ——w c:\windows\system32\dllcache\gdi32.dll
    2008-03-09 16:25 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2005-08-27 13:29 68,800 —-a-w c:\program files\MC
    2008-08-28 18:42 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082820080829\index.dat
    2008-10-17 16:56 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Peter Gloudemans\Menu Start\Programma's\Opstarten\
    Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-02-18 111376]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-02-18 51984]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-09 113664]
    Gnoozle.lnk - c:\program files\Gnoozle\Gnoozle.exe [2005-04-30 126976]
    Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe [2007-10-05 913408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "vidc.avrn"= AvidAVICodec.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:2e51ae2e7d]0[/u:2e51ae2e7d]SsiEfr.e

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Gnoozle\\Gnoozle.exe"=
    "c:\\championchipmanager4\\cm4\\cm4.exe"=
    "c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\F1News.nl\\WS_FTP\\WS_FTP95.EXE"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=

    [HKLM\~\Services\\ServiceLayer.exe"=]
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S3 DCamUSBSvis;Sound Vision Stream Driver;c:\windows\system32\drivers\svstream.sys [2005-09-08 93000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a11f257-a5f7-11d9-ad34-806d6172696f}]
    \Shell\AutoRun\command - D:\DVD-W.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-18 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-26 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    FF - ProfilePath - c:\documents and settings\Peter Gloudemans\Application Data\Mozilla\Firefox\Profiles\ebf3qfki.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602
    pCIDetect13.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 15:57:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*]
    "Data"="InstallTime=1c5fb83:f8e7b730\[u:2e51ae2e7d]0[/u:2e51ae2e7d]d\[u:2e51ae2e7d]0[/u:2e51ae2e7d]aLastRunTime=1c5fb83:f8e7b730\[u:2e51ae2e7d]0[/u:2e51ae2e7d]d\[u:2e51ae2e7d]0[/u:2e51ae2e7d]a"
    .
    Voltooingstijd: 2009-01-18 16:02:23
    ComboFix-quarantined-files.txt 2009-01-18 15:01:06
    ComboFix2.txt 2009-01-18 12:30:02

    Pre-Run: 13.433.655.296 bytes beschikbaar
    Post-Run: 13,495,472,128 bytes beschikbaar

    172 — E O F — 2009-01-15 18:29:23
    [/quote:2e51ae2e7d]

    [quote:2e51ae2e7d]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:16:36, on 18-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Gnoozle\Gnoozle.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Gnoozle.lnk = ?
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    End of file - 10594 bytes
    [/quote:2e51ae2e7d]




  • Open kladblok, en plak de onderstaande(vetgedrukte) tekst erin:

    [b:69b897b28d]REGEDIT4

    [-HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*][/b:69b897b28d]

    Ga naar bestand
    Klik op opslaan als
    Sla het op op jouw bureaublad onder de naam Fix.reg
    Ga naar jouw bureaublad en klik er 2 keer op, klik vervolgens op ja.

    Start je pc opnieuw op en maak een nieuwe log met ComboFix, plaats deze.
  • de nieuwe log van combofix..

    [quote:b14f5f784b]ComboFix 09-01-17.04 - Peter Gloudemans 2009-01-18 16:43:02.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.543 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Peter Gloudemans\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))
    .

    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\Peter Gloudemans\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-17 20:21 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-17 20:21 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-17 20:21 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-17 15:44 . 2009-01-17 15:44 <DIR> d——– c:\program files\Trend Micro
    2009-01-17 15:22 . 2009-01-17 15:22 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-17 15:22 . 2009-01-17 16:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-17 15:15 . 2009-01-17 15:22 <DIR> d——– c:\program files\SpywareBlaster
    2009-01-17 15:15 . 2005-08-25 19:18 118,784 –a—— c:\windows\system32\MSSTDFMT.DLL
    2009-01-17 15:05 . 2009-01-17 15:05 <DIR> d——– c:\program files\CCleaner
    2009-01-17 14:45 . 2009-01-17 14:45 <DIR> d——– c:\documents and settings\All Users\Application Data\McAfee
    2008-12-25 13:04 . 2008-12-25 13:04 <DIR> d——– c:\program files\Common Files\Skype
    2008-12-25 13:04 . 2008-12-25 13:04 56 –ah—– c:\windows\system32\ezsidmv.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 15:26 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Skype
    2009-01-18 14:45 ——— d—–w c:\program files\PokerStars
    2009-01-18 12:53 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\skypePM
    2009-01-18 12:12 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-17 15:06 ——— d—–w c:\program files\Everest Poker
    2008-12-13 06:39 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-09 15:54 ——— d—–w c:\program files\MSECache
    2008-12-07 11:47 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\Ahead
    2008-12-06 16:53 ——— d—–w c:\program files\Ahead
    2008-12-06 16:53 ——— d—–w c:\documents and settings\All Users\Application Data\Ahead
    2008-12-06 16:37 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-06 10:06 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-05 21:42 ——— d—–w c:\documents and settings\All Users\Application Data\Nero
    2008-12-05 21:16 ——— d—–w c:\program files\Nero
    2008-12-04 20:29 ——— d—–w c:\program files\FTDv3.8
    2008-12-04 20:26 ——— d—–w c:\documents and settings\Peter Gloudemans\Application Data\GrabIt
    2008-12-04 20:24 ——— d—–w c:\program files\GrabIt
    2008-12-03 22:21 ——— d—–w c:\program files\Dialang
    2008-12-03 22:20 ——— d—–w c:\program files\DivX
    2008-12-03 22:14 ——— d—–w c:\program files\Windows Live
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Media Connect 2
    2008-12-03 22:11 ——— d—–w c:\program files\Windows Live Toolbar
    2008-12-03 22:11 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 22:11 ——— d—–w c:\program files\Hema Album Software Advanced
    2008-12-03 22:11 ——— d—–w c:\program files\Gnoozle
    2008-12-03 22:09 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-12-03 22:00 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-03 21:52 ——— d—–w c:\program files\MSN Messenger
    2008-12-03 21:48 360,580 —-a-w c:\windows\eSellerateEngine.dll
    2008-10-24 11:21 455,296 ——w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:43 286,720 ——w c:\windows\system32\dllcache\gdi32.dll
    2008-03-09 16:25 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2005-08-27 13:29 68,800 —-a-w c:\program files\MC
    2008-08-28 18:42 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082820080829\index.dat
    2008-10-17 16:56 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Peter Gloudemans\Menu Start\Programma's\Opstarten\
    Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-02-18 111376]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-02-18 51984]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-09 113664]
    Gnoozle.lnk - c:\program files\Gnoozle\Gnoozle.exe [2005-04-30 126976]
    Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe [2007-10-05 913408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "vidc.avrn"= AvidAVICodec.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:b14f5f784b]0[/u:b14f5f784b]SsiEfr.e

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Gnoozle\\Gnoozle.exe"=
    "c:\\championchipmanager4\\cm4\\cm4.exe"=
    "c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\F1News.nl\\WS_FTP\\WS_FTP95.EXE"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=

    [HKLM\~\Services\\ServiceLayer.exe"=]
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S3 DCamUSBSvis;Sound Vision Stream Driver;c:\windows\system32\drivers\svstream.sys [2005-09-08 93000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a11f257-a5f7-11d9-ad34-806d6172696f}]
    \Shell\AutoRun\command - D:\DVD-W.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-18 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-26 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    FF - ProfilePath - c:\documents and settings\Peter Gloudemans\Application Data\Mozilla\Firefox\Profiles\ebf3qfki.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602
    pCIDetect13.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 16:48:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*]
    "Data"="InstallTime=1c5fb83:f8e7b730\[u:b14f5f784b]0[/u:b14f5f784b]d\[u:b14f5f784b]0[/u:b14f5f784b]aLastRunTime=1c5fb83:f8e7b730\[u:b14f5f784b]0[/u:b14f5f784b]d\[u:b14f5f784b]0[/u:b14f5f784b]a"
    .
    Voltooingstijd: 2009-01-18 16:52:58
    ComboFix-quarantined-files.txt 2009-01-18 15:51:41
    ComboFix2.txt 2009-01-18 15:02:24
    ComboFix3.txt 2009-01-18 12:30:02

    Pre-Run: 13.438.582.784 bytes beschikbaar
    Post-Run: 13,424,234,496 bytes beschikbaar

    171 — E O F — 2009-01-15 18:29:23
    [/quote:b14f5f784b]


  • Kan je met het register omgaan?

    Zo ja, probeer deze sleutel dan handmatig te verwijderen:
    [b:c0b814fdb9][HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*][/b:c0b814fdb9]
  • Hoe kan ik die er handmatig uit halen dan?
  • Kan je met het register omgaan?
  • Nee nog nooit gedaan..
  • Ga naar start->uitvoeren en typ regedit.
    Druk op enter.

    Je ziet ergens staan Hkey_local_machine met een plusje ervoor, klik op dat plusje.
    Als je goed kijkt zie je daar onder staan software met een plusje ernaast klik ook daar op.
    Dan zie je staan WinHound.com, klik ook daar weer op dat plusje.
    Dan vouwt het zich weer uit en zie je Winhound staan, klik op het plusje ernaast.
    Als dat zich uitvouwt zie je wéér een plusje staan, klik daarop.
    Nu staat er Licence* klik daar met je rechtermuisknop op en klik vervolgens op verwijderen.
  • Dit lukt niet…

    Ik krijg "fout bij openen" als ik op die sleutel klik…

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.