Vraag & Antwoord

Beveiliging & privacy

pop-ups

Anoniem
None
11 antwoorden
 • Hallo,
  Ik heb sinds 2maande een nieuwe comp, maar kheb nu al weer last van popups en een supertraag werkende computer als mijn internet aanstaat.
  ik heb al acties ondernomen en ZoneAlarm firewall, SpywareBlaster & Spywareguard geïnstalleerd, maar pas nadat ik eragter kwam dat ik popups had.

  Kan iemand naar de volgende scan kijken en missgien vertellen wat ik kan doen?

  Logfile of HijackThis v1.99.1
  Scan saved at 19:08:42, on 2-11-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\ISTsvc\istsvc.exe
  C:\WINDOWS\cuohdsd.exe
  C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  C:\Program Files\Clbnll\Yobq.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  D:\Free Ram x pro\FreeRAM XP Pro.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  D:\SpywareGuard\sgmain.exe
  D:\SpywareGuard\sgbhp.exe
  D:\FireWall @ ZoneAlarm\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\dllhost.exe
  D:\Azureus 2.3.0.2\Azureus\Azureus.exe
  C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
  C:\Program Files\Messenger\msmsgs.exe
  D:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alternate.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alternate.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - <default> - (no file)
  O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
  O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\Run: [70WrGZKl] C:\WINDOWS\cuohdsd.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
  O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  O4 - HKLM\..\Run: [Hrezy] C:\Program Files\Clbnll\Yobq.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [Á³# {"h'þ9ÓœÇ3rÅ WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cuohdsd.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] D:\FireWall @ ZoneAlarm\ZoneAlarm\zlclient.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
  O4 - HKCU\..\Run: [ObjectDock] -
  O4 - HKCU\..\Run: [WinRoll] -
  O4 - HKCU\..\Run: [Yz Shadow] -
  O4 - HKCU\..\Run: [FreeRAM XP] "D:\Free Ram x pro\FreeRAM XP Pro.exe" -win
  O4 - Startup: SpywareGuard.lnk = D:\SpyWareGuard\sgmain.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
  O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\k0pmla711d.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe  Alvast heel erg bedankt.
 • Download en installeer CCleaner.
  Gebruik het programma nog niet.

  Download de trial versie van Spysweeper: http://www.webroot.com/consumer/products/spysweeper
  Kies bij de installatie voor "standaard installatie", en geef je emailadres in wanneer daar naar gevraagd wordt.
  Er zal gevraagd worden of je de nieuwste definities wil downloaden, sta dit dan toe (dit kan even duren)

  Download de L2Mfix: http://www.atribune.org/downloads/l2mfix.exe
  Plaats het bestand op je bureaublad. Klik op l2mfix.exe.
  Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install".

  Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
  Power Scan
  Istsvc

  Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..

  Start de computer in veilige modus.


  Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

  [b:04cc6fa5c2]R3 - URLSearchHook: (no name) - <default> - (no file)
  O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
  O4 - HKLM\..\Run: [70WrGZKl] C:\WINDOWS\cuohdsd.exe
  O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
  O4 - HKLM\..\Run: [Hrezy] C:\Program Files\Clbnll\Yobq.exe
  O4 - HKLM\..\Run: [Á³# {"h'þ9ÓœÇ3rÅ WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\cuohdsd.exe
  O4 - HKCU\..\Run: [ObjectDock] -
  O4 - HKCU\..\Run: [WinRoll] -
  O4 - HKCU\..\Run: [Yz Shadow] -
  O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)[/b:04cc6fa5c2]

  Klik daarna op "Fix checked" en sluit HijackThis af.

  Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn:

  C:\Program Files\ISTsvc
  C:\WINDOWS\cuohdsd.exe
  C:\Program Files\Power Scan
  C:\Program Files\Clbnll\Yobq.exe

  Start Ccleaner en klik op de knop "Opschonen".

  Start Spysweeper
  Klik daarna op Options - Sweep Options en vink het volgende aan:
  Sweep all Folders on Selected drives en Local Disc C.
  Bij "What to Sweep", vink je alles aan.
  Klik dan op"Sweep" en laat het je systeem volledig scannen.

  Na afloop van de scan, klik je op "Remove", en vervolgens klik je op "Select All" en daarna "Next".

  Klik op "Results" en vervolgens op het tabblad "Session Log".
  klik dan op "Save to File" en bewaar het logje op je bureaublad.

  Sluit Spysweeper af.

  Herstart de computer in normale modus.


  Op je bureaublad open je de map l2mfix.
  Klik op l2fix.bat.
  Klik op "1" om optie te 1 selecteren: Run Find Log.
  Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend.
  Kopieer en plak de inhoud van dit bestand in je volgende post.

  Let op: Optie 2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!

  Plaats de inhoud van het log bestandje van spysweeper dan in je volgende antwoord, samen met een nieuw logje van hijackthis.
 • Owkay,
  Alvast bedankt voor de snelle reactie.
  ik heb alles gedaan en hier zijn de files:

  L2MFIX:
  L2MFIX find log 1.04a
  These are the registry keys present
  **********************************************************************************
  Winlogon/notify:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
  "DLLName"="Ati2evxx.dll"
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000001
  "Lock"="AtiLockEvent"
  "Logoff"="AtiLogoffEvent"
  "Logon"="AtiLogonEvent"
  "Disconnect"="AtiDisConnectEvent"
  "Reconnect"="AtiReConnectEvent"
  "Safe"=dword:00000000
  "Shutdown"="AtiShutdownEvent"
  "StartScreenSaver"="AtiStartScreenSaverEvent"
  "StartShell"="AtiStartShellEvent"
  "Startup"="AtiStartupEvent"
  "StopScreenSaver"="AtiStopScreenSaverEvent"
  "Unlock"="AtiUnLockEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
  "Logoff"="ChainWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Logoff"="CryptnetWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  "DLLName"="cscdll.dll"
  "Logon"="WinlogonLogonEvent"
  "Logoff"="WinlogonLogoffEvent"
  "ScreenSaver"="WinlogonScreenSaverEvent"
  "Startup"="WinlogonStartupEvent"
  "Shutdown"="WinlogonShutdownEvent"
  "StartShell"="WinlogonStartShellEvent"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  "DLLName"="wlnotify.dll"
  "Logon"="SCardStartCertProp"
  "Logoff"="SCardStopCertProp"
  "Lock"="SCardSuspendCertProp"
  "Unlock"="SCardResumeCertProp"
  "Enabled"=dword:00000001
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "StartShell"="SchedStartShell"
  "Logoff"="SchedEventLogOff"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  "Logoff"="WLEventLogoff"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001
  "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  "DLLName"="WlNotify.dll"
  "Lock"="SensLockEvent"
  "Logon"="SensLogonEvent"
  "Logoff"="SensLogoffEvent"
  "Safe"=dword:00000001
  "MaxWait"=dword:00000258
  "StartScreenSaver"="SensStartScreenSaverEvent"
  "StopScreenSaver"="SensStopScreenSaverEvent"
  "Startup"="SensStartupEvent"
  "Shutdown"="SensShutdownEvent"
  "StartShell"="SensStartShellEvent"
  "PostShell"="SensPostShellEvent"
  "Disconnect"="SensDisconnectEvent"
  "Reconnect"="SensReconnectEvent"
  "Unlock"="SensUnlockEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "Logoff"="TSEventLogoff"
  "Logon"="TSEventLogon"
  "PostShell"="TSEventPostShell"
  "Shutdown"="TSEventShutdown"
  "StartShell"="TSEventStartShell"
  "Startup"="TSEventStartup"
  "MaxWait"=dword:00000258
  "Reconnect"="TSEventReconnect"
  "Disconnect"="TSEventDisconnect"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  "DLLName"="wlnotify.dll"
  "Logon"="RegisterTicketExpiredNotificationEvent"
  "Logoff"="UnregisterTicketExpiredNotificationEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
  "Asynchronous"=dword:00000000
  "DllName"="WRLogonNTF.dll"
  "Impersonate"=dword:00000001
  "Lock"="WRLock"
  "StartScreenSaver"="WRStartScreenSaver"
  "StartShell"="WRStartShell"
  "Startup"="WRStartup"
  "StopScreenSaver"="WRStopScreenSaver"
  "Unlock"="WRUnlock"
  "Shutdown"="WRShutdown"
  "Logoff"="WRLogoff"
  "Logon"="WRLogon"


  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  This program is Freeware, use it on your own risk!

  Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  (NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-NI) ALLOW Read INGEBOUWD\Gebruikers
  (ID-IO) ALLOW Read INGEBOUWD\Gebruikers
  (ID-NI) ALLOW Full access INGEBOUWD\Administrators
  (ID-IO) ALLOW Full access INGEBOUWD\Administrators
  (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-IO) ALLOW Full access MAKER EIGENAAR


  **********************************************************************************
  useragent:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  "{A459C5B6-AEAE-D2B8-76E0-AC3C4C3646A0}"=""

  **********************************************************************************
  Shell Extension key:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
  "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
  "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
  "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
  "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
  "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
  "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
  "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
  "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
  "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
  "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
  "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
  "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
  "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
  "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
  "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
  "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
  "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
  "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
  "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
  "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
  "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
  "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
  "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
  "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
  "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
  "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
  "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
  "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
  "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
  "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
  "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
  "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
  "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
  "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
  "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
  "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
  "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host"
  "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
  "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
  "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
  "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
  "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
  "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
  "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
  "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
  "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
  "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
  "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren…"
  "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
  "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
  "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
  "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
  "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschappenpagina van vorige versies"
  "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorige versies"
  "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
  "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
  "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
  "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
  "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
  "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
  "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
  "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
  "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
  "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
  "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
  "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
  "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
  "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
  "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
  "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
  "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
  "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
  "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
  "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
  "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
  "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
  "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
  "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
  "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
  "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
  "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
  "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
  "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
  "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
  "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
  "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
  "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
  "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
  "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
  "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
  "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
  "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
  "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
  "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
  "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
  "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
  "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
  "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
  "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
  "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
  "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
  "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
  "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
  "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
  "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
  "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
  "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
  "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
  "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
  "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
  "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
  "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
  "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
  "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
  "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
  "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
  "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
  "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
  "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
  "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
  "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
  "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
  "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
  "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
  "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
  "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
  "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
  "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
  "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
  "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
  "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
  "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
  "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
  "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
  "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
  "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
  "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
  "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
  "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
  "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
  "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
  "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
  "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
  "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
  "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
  "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
  "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
  "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
  "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
  "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
  "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
  "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
  "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
  "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
  "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
  "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
  "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
  "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
  "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
  "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
  "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
  "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
  "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
  "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
  "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen…"
  "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
  "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
  "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
  "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
  "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen"
  "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
  "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
  "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
  "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
  "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
  "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
  "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
  "{ABC70703-32AF-11d4-90C4-D483A70F4825}"="CMenuExtender"
  "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
  "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
  "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
  "{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}"=""
  "{9EBBCEE2-6441-42C9-98DC-7C8AC3B6C1CE}"=""
  "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
  "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

  **********************************************************************************
  HKEY ROOT CLASSIDS:
  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}]
  @=""
  "IDEx"="ADDR"

  [HKEY_CLASSES_ROOT\CLSID\{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}\InprocServer32]
  @="C:\\WINDOWS\\system32\\dunaddr.dll"
  "ThreadingModel"="Apartment"

  **********************************************************************************
  Files Found are not all bad files:

  C:\WINDOWS\SYSTEM32\
  bassmod.dll Tue 1 Nov 2005 19:24:44 A…. 34.308 33,50 K
  browseui.dll Sat 3 Sep 2005 0:54:56 A…. 1.020.416 996,50 K
  cdfview.dll Sat 3 Sep 2005 0:54:56 A…. 151.552 148,00 K
  cdosys.dll Sat 10 Sep 2005 2:55:38 A…. 2.067.968 1,97 M
  cmdlin~1.dll Tue 30 Aug 2005 20:57:12 A…. 98.304 96,00 K
  danim.dll Sat 3 Sep 2005 0:54:58 A…. 1.056.768 1,01 M
  dmnetlib.dll Wed 2 Nov 2005 16:58:44 ..S.R 235.442 229,92 K
  dxtrans.dll Sat 3 Sep 2005 0:54:58 A…. 205.312 200,50 K
  extmgr.dll Sat 3 Sep 2005 0:54:58 A…. 55.808 54,50 K
  iepeers.dll Sat 3 Sep 2005 0:54:58 A…. 251.392 245,50 K
  inseng.dll Sat 3 Sep 2005 0:54:58 A…. 96.768 94,50 K
  ir46l5~1.dll Wed 2 Nov 2005 20:47:26 ..S.R 234.070 228,58 K
  islzma.dll Fri 21 Oct 2005 15:50:14 A…. 102.912 100,50 K
  linkinfo.dll Thu 1 Sep 2005 3:28:26 A…. 19.968 19,50 K
  mshtml.dll Tue 4 Oct 2005 16:27:36 A…. 3.013.120 2,87 M
  mshtmled.dll Sat 3 Sep 2005 0:55:02 A…. 448.512 438,00 K
  msrating.dll Sat 3 Sep 2005 0:55:02 A…. 146.432 143,00 K
  mstime.dll Sat 3 Sep 2005 0:55:04 A…. 530.432 518,00 K
  netman.dll Mon 22 Aug 2005 19:36:16 A…. 197.632 193,00 K
  pngfilt.dll Sat 3 Sep 2005 0:55:04 A…. 39.424 38,50 K
  quartz.dll Tue 30 Aug 2005 4:56:40 A…. 1.291.264 1,23 M
  r48sle~1.dll Tue 1 Nov 2005 20:03:32 ..S.R 234.415 228,92 K
  shdocvw.dll Sat 3 Sep 2005 0:55:06 A…. 1.483.776 1,41 M
  shell32.dll Fri 23 Sep 2005 4:08:06 A…. 8.497.664 8,10 M
  shlwapi.dll Sat 3 Sep 2005 0:55:06 A…. 474.112 463,00 K
  sirenacm.dll Sat 13 Aug 2005 20:41:12 A…. 118.784 116,00 K
  umpnpmgr.dll Tue 23 Aug 2005 4:40:36 A…. 124.416 121,50 K
  urlmon.dll Sat 3 Sep 2005 0:55:08 A…. 605.184 591,00 K
  uxtheme.dll Tue 30 Aug 2005 16:40:06 A…. 219.136 214,00 K
  vsdata.dll Mon 29 Aug 2005 19:08:34 A…. 83.712 81,75 K
  vsinit.dll Mon 29 Aug 2005 19:08:46 A…. 141.056 137,75 K
  vsmonapi.dll Mon 29 Aug 2005 19:08:54 A…. 104.192 101,75 K
  vspubapi.dll Mon 29 Aug 2005 19:08:58 A…. 227.072 221,75 K
  vsregexp.dll Mon 29 Aug 2005 19:09:02 A…. 71.424 69,75 K
  vsutil.dll Mon 29 Aug 2005 19:09:14 A…. 382.720 373,75 K
  vsxml.dll Mon 29 Aug 2005 19:09:22 A…. 100.096 97,75 K
  weavideo.dll Wed 2 Nov 2005 20:44:44 ..S.R 235.442 229,92 K
  wininet.dll Sat 3 Sep 2005 0:55:08 A…. 661.504 646,00 K
  winsrv.dll Thu 1 Sep 2005 3:28:26 A…. 292.352 285,50 K
  wrlogo~1.dll Thu 27 Oct 2005 16:41:02 A…. 492.544 481,00 K
  wrlzma.dll Thu 27 Oct 2005 16:40:58 A…. 17.920 17,50 K
  zlcomm.dll Mon 29 Aug 2005 19:09:42 A…. 79.616 77,75 K
  zlcommdb.dll Mon 29 Aug 2005 19:09:46 A…. 71.424 69,75 K

  43 items found: 43 files (4 H/S), 0 directories.
  Total of file sizes: 26.016.365 bytes 24,81 M
  Locate .tmp files:

  No matches found.
  **********************************************************************************
  Directory Listing of system files:
  De volumenaam van station C is XP_Home_NL
  Het volumenummer is 94B8-C9A3

  Map van C:\WINDOWS\System32

  02-11-2005 20:47 234.070 ir46l5hs1.dll
  02-11-2005 20:44 235.442 weavideo.dll
  02-11-2005 16:58 235.442 dmnetlib.dll
  02-11-2005 14:43 7.168 Thumbs.db
  01-11-2005 20:03 234.415 r48slel71hq.dll
  28-10-2005 12:48 <DIR> dllcache
  19-08-2005 15:40 <DIR> Microsoft
  5 bestand(en) 946.537 bytes
  2 map(pen) 10.376.183.808 bytes beschikbaar
  SPYSWEEPER:

  ********
  20:56: | Start of Session, woensdag 2 november 2005 |
  20:56: Spy Sweeper started
  20:56: Sweep initiated using definitions version 564
  20:56: Starting Memory Sweep
  20:56: Found Adware: icannnews
  20:56: Detected running threat: C:\WINDOWS\system32\m246lchs1f46.dll (ID = 83)
  20:57: Detected running threat: C:\WINDOWS\system32\issmsnap.dll (ID = 83)
  20:57: Memory Sweep Complete, Elapsed Time: 00:00:34
  20:57: Starting Registry Sweep
  20:57: Found Adware: internetoptimizer
  20:57: HKLM\software\avenue media\ (ID = 128888)
  20:57: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
  20:57: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
  20:57: HKLM\software\policies\avenue media\ (ID = 128929)
  20:57: Found Adware: ist istbar
  20:57: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (3 subtraces) (ID = 129083)
  20:57: Found Adware: ist software
  20:57: HKLM\software\istsvc\ (43 subtraces) (ID = 129111)
  20:57: HKLM\software\microsoft\windows\currentversion\uninstall\istsvc\ (2 subtraces) (ID = 129183)
  20:57: Found Adware: powerscan
  20:57: HKLM\software\powerscan\ (1 subtraces) (ID = 136824)
  20:57: Found Adware: ist sidefind
  20:57: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 141763)
  20:57: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141765)
  20:57: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141766)
  20:57: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 141770)
  20:57: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141772)
  20:57: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141773)
  20:57: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141775)
  20:57: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141776)
  20:57: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 141780)
  20:57: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141784)
  20:57: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141785)
  20:57: Found System Monitor: wintective pc keylogger
  20:57: HKLM\software\classes\typelib\{aa987bf8-e849-4996-9335-413df4a8158a}\ (9 subtraces) (ID = 802329)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\avenue media\ (ID = 128887)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\policies\avenue media\ (ID = 128928)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\ist\ (6 subtraces) (ID = 129108)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {faa356e4-d317-42a6-ab41-a3021c6e7d52} (ID = 129117)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\powerscan\ (1 subtraces) (ID = 136823)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
  20:57: HKU\S-1-5-21-1960506277-2135744219-1782934558-1005\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
  20:57: Registry Sweep Complete, Elapsed Time:00:00:08
  20:57: Starting Cookie Sweep
  20:57: Cookie Sweep Complete, Elapsed Time: 00:00:00
  20:57: Starting File Sweep
  20:58: Found Adware: look2me
  20:58: kadblr.dll (ID = 163672)
  20:58: cuohdsd.exe (ID = 64496)
  20:59: File Sweep Complete, Elapsed Time: 00:02:24
  20:59: Full Sweep has completed. Elapsed time 00:03:08
  20:59: Traces Found: 172
  21:00: Removal process initiated
  21:00: Quarantining All Traces: icannnews
  21:00: Warning: Launched explorer.exe
  21:00: Warning: Quarantine process could not restart Explorer.
  21:00: icannnews is in use. It will be removed on reboot.
  21:00: C:\WINDOWS\system32\m246lchs1f46.dll is in use. It will be removed on reboot.
  21:00: C:\WINDOWS\system32\issmsnap.dll is in use. It will be removed on reboot.
  21:00: Quarantining All Traces: internetoptimizer
  21:00: Quarantining All Traces: ist istbar
  21:00: Quarantining All Traces: ist software
  21:00: Quarantining All Traces: powerscan
  21:00: Quarantining All Traces: ist sidefind
  21:00: Quarantining All Traces: wintective pc keylogger
  21:00: Quarantining All Traces: look2me
  21:01: Removal process completed. Elapsed time 00:00:57
  21:03: Deletion from quarantine initiated
  21:03: Processing: internetoptimizer
  21:03: Processing: ist istbar
  21:03: Processing: look2me
  21:03: Processing: ist software
  21:03: Processing: powerscan
  21:03: Processing: ist sidefind
  21:03: Processing: wintective pc keylogger
  21:03: Processing: icannnews
  21:03: Deletion from quarantine completed. Elapsed time 00:00:00
  ********
  20:30: | Start of Session, woensdag 2 november 2005 |
  20:30: Spy Sweeper started
  20:31: Messenger service has been disabled.
  20:31: Your spyware definitions have been updated.
  20:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:32: Updating spyware definitions
  20:32: Your definitions are up to date.
  20:32: Updating spyware definitions
  20:32: Your definitions are up to date.
  20:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:36: Spy Installation Shield: found: Adware: ist istbar, version 1.0.0.0 – Execution Denied
  20:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  20:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  20:54: Program Version 4.5.5 (Build 607) Using Spyware Definitions 564
  20:56: | End of Session, woensdag 2 november 2005 |
  Hijackthis:


  Logfile of HijackThis v1.99.1
  Scan saved at 21:16:05, on 2-11-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  D:\Spysweeper trial\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\system32\SHVRTF.EXE
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  C:\WINDOWS\system32\rundll32.exe
  D:\FireWall @ ZoneAlarm\ZoneAlarm\zlclient.exe
  D:\Spysweeper trial\Spy Sweeper\SpySweeper.exe
  C:\WINDOWS\system32\ctfmon.exe
  D:\Free Ram x pro\FreeRAM XP Pro.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  D:\SpyWareGuard\sgmain.exe
  D:\SpyWareGuard\sgbhp.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Messenger\msmsgs.exe
  D:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alternate.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alternate.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
  O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] D:\FireWall @ ZoneAlarm\ZoneAlarm\zlclient.exe
  O4 - HKLM\..\Run: [SpySweeper] "D:\Spysweeper trial\Spy Sweeper\SpySweeper.exe" /startintray
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
  O4 - HKCU\..\Run: [FreeRAM XP] "D:\Free Ram x pro\FreeRAM XP Pro.exe" -win
  O4 - Startup: SpywareGuard.lnk = D:\SpyWareGuard\sgmain.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Spysweeper trial\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 • p.s. Ik heb al sinds een paar uur geen last meer van popups of langzaam internet dus ik denk dat het goed is,gelukkig :d.

  Als het zo is:

  Hartstikke bedankt voor de goede hulp!!!
 • Sluit alle openstaande programma's.
  Dubbelklik op l2mfix.bat.
  Klik op "2" om optie 2 te selecteren: Run Fix.
  Druk op Enter.
  Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt.
  Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal).
  L2mfix gaat je computer scannen.
  Wanneer het klaar is wordt er een nieuw kladblokbestand geopend.
  Post de inhoud van dit bestand.
  Maak een nieuwe Hijackthislog en post deze ook.
 • Owkay hier is het.  Setting Directory
  C:\
  C:\
  System Rebooted!

  Running From:
  C:\

  killing explorer and rundll32.exe

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 312 'explorer.exe'

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 320 'rundll32.exe'

  Scanning First Pass. Please Wait!

  First Pass Completed

  Second Pass Scanning

  Second pass Completed!
  Backing Up: C:\WINDOWS\system32\dmnetlib.dll
  1 bestand(en) gekopieerd.
  Backing Up: C:\WINDOWS\system32\ir46l5hs1.dll
  1 bestand(en) gekopieerd.
  Backing Up: C:\WINDOWS\system32\r48slel71hq.dll
  1 bestand(en) gekopieerd.
  Backing Up: C:\WINDOWS\system32\weavideo.dll
  1 bestand(en) gekopieerd.
  deleting: C:\WINDOWS\system32\dmnetlib.dll
  Successfully Deleted: C:\WINDOWS\system32\dmnetlib.dll
  deleting: C:\WINDOWS\system32\ir46l5hs1.dll
  Successfully Deleted: C:\WINDOWS\system32\ir46l5hs1.dll
  deleting: C:\WINDOWS\system32\r48slel71hq.dll
  Successfully Deleted: C:\WINDOWS\system32\r48slel71hq.dll
  deleting: C:\WINDOWS\system32\weavideo.dll
  Successfully Deleted: C:\WINDOWS\system32\weavideo.dll


  Zipping up files for submission:
  adding: dmnetlib.dll (188 bytes security) (deflated 5%)
  adding: ir46l5hs1.dll (188 bytes security) (deflated 4%)
  adding: r48slel71hq.dll (188 bytes security) (deflated 4%)
  adding: weavideo.dll (188 bytes security) (deflated 5%)
  adding: clear.reg (188 bytes security) (deflated 37%)
  adding: lo2.txt (188 bytes security) (deflated 69%)
  adding: test.txt (188 bytes security) (deflated 55%)
  adding: test2.txt (188 bytes security) (deflated 16%)
  adding: test3.txt (188 bytes security) (deflated 16%)
  adding: test5.txt (188 bytes security) (deflated 16%)
  adding: xfind.txt (188 bytes security) (deflated 49%)

  Restoring Registry Permissions:


  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  This program is Freeware, use it on your own risk!


  Revoking access for predefined group "Administrators"
  Inherited ACE can not be revoked here!
  Inherited ACE can not be revoked here!


  Registry permissions set too:

  RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
  Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
  This program is Freeware, use it on your own risk!

  Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
  (NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-NI) ALLOW Read INGEBOUWD\Gebruikers
  (ID-IO) ALLOW Read INGEBOUWD\Gebruikers
  (ID-NI) ALLOW Full access INGEBOUWD\Administrators
  (ID-IO) ALLOW Full access INGEBOUWD\Administrators
  (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
  (ID-IO) ALLOW Full access MAKER EIGENAAR


  Restoring Sedebugprivilege:

  Granting SeDebugPrivilege to Administrators … successful

  Restoring Windows Update Certificates.:

  deleting local copy: dmnetlib.dll
  deleting local copy: ir46l5hs1.dll
  deleting local copy: r48slel71hq.dll
  deleting local copy: weavideo.dll

  The following Is the Current Export of the Winlogon notify key:
  ****************************************************************************
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
  "DLLName"="Ati2evxx.dll"
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000001
  "Lock"="AtiLockEvent"
  "Logoff"="AtiLogoffEvent"
  "Logon"="AtiLogonEvent"
  "Disconnect"="AtiDisConnectEvent"
  "Reconnect"="AtiReConnectEvent"
  "Safe"=dword:00000000
  "Shutdown"="AtiShutdownEvent"
  "StartScreenSaver"="AtiStartScreenSaverEvent"
  "StartShell"="AtiStartShellEvent"
  "Startup"="AtiStartupEvent"
  "StopScreenSaver"="AtiStopScreenSaverEvent"
  "Unlock"="AtiUnLockEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
  "Logoff"="ChainWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Logoff"="CryptnetWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  "DLLName"="cscdll.dll"
  "Logon"="WinlogonLogonEvent"
  "Logoff"="WinlogonLogoffEvent"
  "ScreenSaver"="WinlogonScreenSaverEvent"
  "Startup"="WinlogonStartupEvent"
  "Shutdown"="WinlogonShutdownEvent"
  "StartShell"="WinlogonStartShellEvent"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  "DLLName"="wlnotify.dll"
  "Logon"="SCardStartCertProp"
  "Logoff"="SCardStopCertProp"
  "Lock"="SCardSuspendCertProp"
  "Unlock"="SCardResumeCertProp"
  "Enabled"=dword:00000001
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "StartShell"="SchedStartShell"
  "Logoff"="SchedEventLogOff"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  "Logoff"="WLEventLogoff"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001
  "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  "DLLName"="WlNotify.dll"
  "Lock"="SensLockEvent"
  "Logon"="SensLogonEvent"
  "Logoff"="SensLogoffEvent"
  "Safe"=dword:00000001
  "MaxWait"=dword:00000258
  "StartScreenSaver"="SensStartScreenSaverEvent"
  "StopScreenSaver"="SensStopScreenSaverEvent"
  "Startup"="SensStartupEvent"
  "Shutdown"="SensShutdownEvent"
  "StartShell"="SensStartShellEvent"
  "PostShell"="SensPostShellEvent"
  "Disconnect"="SensDisconnectEvent"
  "Reconnect"="SensReconnectEvent"
  "Unlock"="SensUnlockEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "Logoff"="TSEventLogoff"
  "Logon"="TSEventLogon"
  "PostShell"="TSEventPostShell"
  "Shutdown"="TSEventShutdown"
  "StartShell"="TSEventStartShell"
  "Startup"="TSEventStartup"
  "MaxWait"=dword:00000258
  "Reconnect"="TSEventReconnect"
  "Disconnect"="TSEventDisconnect"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  "DLLName"="wlnotify.dll"
  "Logon"="RegisterTicketExpiredNotificationEvent"
  "Logoff"="UnregisterTicketExpiredNotificationEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
  "Asynchronous"=dword:00000000
  "DllName"="WRLogonNTF.dll"
  "Impersonate"=dword:00000001
  "Lock"="WRLock"
  "StartScreenSaver"="WRStartScreenSaver"
  "StartShell"="WRStartShell"
  "Startup"="WRStartup"
  "StopScreenSaver"="WRStopScreenSaver"
  "Unlock"="WRUnlock"
  "Shutdown"="WRShutdown"
  "Logoff"="WRLogoff"
  "Logon"="WRLogon"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
  "DLLName"="wzcdlg.dll"
  "Logon"="WZCEventLogon"
  "Logoff"="WZCEventLogoff"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000000


  The following are the files found:
  ****************************************************************************
  C:\WINDOWS\system32\dmnetlib.dll
  C:\WINDOWS\system32\ir46l5hs1.dll
  C:\WINDOWS\system32\r48slel71hq.dll
  C:\WINDOWS\system32\weavideo.dll

  Registry Entries that were Deleted:
  Please verify that the listing looks ok.
  If there was something deleted wrongly there are backups in the backreg folder.
  ****************************************************************************
  REGEDIT4

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}"=-
  "{9EBBCEE2-6441-42C9-98DC-7C8AC3B6C1CE}"=-
  [-HKEY_CLASSES_ROOT\CLSID\{26AEC7D7-9E61-4DF0-80F0-9DB3B78F04D0}]
  [-HKEY_CLASSES_ROOT\CLSID\{9EBBCEE2-6441-42C9-98DC-7C8AC3B6C1CE}]
  REGEDIT4

  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  "SV1"=""
  ****************************************************************************
  Desktop.ini Contents:
  ****************************************************************************
  ****************************************************************************
  


  HIJACKTHIS

  Logfile of HijackThis v1.99.1
  Scan saved at 22:30:56, on 3-11-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  D:\Spysweeper trial\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\explorer.exe
  D:\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alternate.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alternate.nl
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
  O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] D:\FireWall @ ZoneAlarm\ZoneAlarm\zlclient.exe
  O4 - HKLM\..\Run: [SpySweeper] "D:\Spysweeper trial\Spy Sweeper\SpySweeper.exe" /startintray
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
  O4 - HKCU\..\Run: [FreeRAM XP] "D:\Free Ram x pro\FreeRAM XP Pro.exe" -win
  O4 - Startup: SpywareGuard.lnk = D:\SpyWareGuard\sgmain.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Spysweeper trial\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 • Controleer of deze bestanden nog aanwezig zijn:

  C:\WINDOWS\system32\dmnetlib.dll
  C:\WINDOWS\system32\ir46l5hs1.dll
  C:\WINDOWS\system32\r48slel71hq.dll
  C:\WINDOWS\system32\weavideo.dll

  Indien aanwezig, kan je ze dan verwijderen via windows verkenner?
 • alle bestandjes staan er niet bij.

  ik heb wel een:
  wiavideo.dll

  Bedoel je missgien die i.p.v.:
  weavideo.dll

  Dat zou het enigste bestandje zijn dan.
 • Neen, die is het niet.
  Dan lijkt me dit ok.

  ALs er geen problemen meer zijn doe je dit:
  Wis nog even alle bestaande systeemherstelpunten.
  chakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
  Systeemherstel uitschakelen.
  Nog wat tips:
  Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

  Installeer ook SpywareBlaster en Spywareguard.
  Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
  Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

  Happy surfing again.
 • Owkay Topper!

  bedankt voor de hulp.

  SpywareBlaster / Guard heb ik btw al.
 • Graag gedaan.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.