Vraag & Antwoord

Beveiliging & privacy

Virus check en advertisement pop-ups.

Anoniem
None
40 antwoorden
 • Hallo iedereen,

  aangezien jullie mij de vorige keer ook zo ontzettend goed hebben geholpen hebben, hoopte ik dat jullie dat weer kunnen.

  Ik heb laatst een virus binnen gekregen en nu zijn alle pictogrammen op mijn bureaublad "geselecteerd". Dus de lettertjes zitten in de blauwe kadertjes. Hij start ook steeds automatisch Limewire op en ik krijg steeds advertisement pop-ups.

  Ik heb met AVG een scan gedaan en hij heeft wel wat gevonden en weggegooid, maar het probleem is nog steeds niet over.

  De vorige keer deden lieten jullie mij allemaal conrtoles uitvoeren met Hijackthis en killbox etc. Nou hoopte ik of jullie dat mij dus weer zo zouden kunnen helpen of met andere middelen als het nodig is.

  Het is dan ook tevens een soort systeemcheck.

  Bij voorbaat dank.

  Met vriendelijke groet,
  RocX
 • Laten we beginnen met een Hijackthis log. Indien je deze nog op je PC hebt, mag je daarmee een log maken, doe anders onderstaande.

  Download Hijackthis-setup naar je [u:1078607be7]Bureaublad[/u:1078607be7].

  Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
  Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
  Kies nu voor [b:1078607be7]'Do a system scan and save a logfile'[/b:1078607be7].
  Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:1078607be7]ctrl-A[/b:1078607be7]), kopieer ([b:1078607be7]ctrl C[/b:1078607be7]) en plak deze tekst in je volgende bericht.

  Succes! 8)

  Pim
 • okeej daar komt ie,

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:20:59, on 25-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\RGVuIFVpamw\command.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Network Monitor\netmon.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\retadpu1000106.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WinAble\winable.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  D:\Britta\Ipod\bin\iPodService.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
  O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVuIFVpamw\command.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 11990 bytes
 • Download Combofix naar je [b:722975831f]bureaublad[/b:722975831f]

  Dubbelklik op [u:722975831f]combofix.exe[/u:722975831f]
  Kies voor "Continue" door [b:722975831f]1[/b:722975831f] te typen gevolgd door [b:722975831f]ENTER[/b:722975831f].
  Tijdens het runnen van de fix, [b:722975831f]NIET[/b:722975831f] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:722975831f]combofix.txt[/b:722975831f] openen. Bewaar dit logje.

  [i:722975831f]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:722975831f]

  Plaats in je volgende antwoord het logje van combofix ([i:722975831f]combofix.txt[/i:722975831f]) tesamen met een vers Hijackthis log.

  Succes!
  Pim
 • Ik krijg Combofix niet eens geïnstalleerd. Ik dubbelklik op Combofix wat op mijn bureablad staat. Dan vraagt de computer of ik de installatie wil uitvoeren, dan druk ik op uitvoeren. Popt er een scherm van combofix in Dos-stijl op met blauwe achtergrond. Hierin komt te staan:

  Gelieve te wachten
  Combofix wordt opgestart..

  en even later zegt hij dat hij een bestand niet kan vinden.

  Het bestand wat hij niet kan vinden is:

  [b:ecfaf5d8a2]C:\WINDOWS\regedit.exe[/b:ecfaf5d8a2]

  Heb jij hier een oplossing voor?
 • Dan gaan we het even handmatig doen, het probleem van Combofix kom ik later op terug.

  Start Hijackthis, kies voor [i:b7f04a487c]'Do a system scan only'[/i:b7f04a487c] en vink onderstaande regels aan:
  [b:b7f04a487c]
  O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
  O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
  O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
  O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
  [/b:b7f04a487c]

  Sluit nu [u:b7f04a487c]alle[/u:b7f04a487c] openstaande vensters, behalve Hijackthis en klik op [b:b7f04a487c]Fix Checked[/b:b7f04a487c].

  Download, unzip en gebruik [b:b7f04a487c]Alcanshorty[/b:b7f04a487c]
  * Download alcanshorty_nl.exe
  * Dubbelklik op alcanshorty_nl en installeer het op je [b:b7f04a487c]Bureaublad[/b:b7f04a487c].
  * Open daarna de map alcanshorty_nl en dubbelklik op [b:b7f04a487c]run.bat[/b:b7f04a487c]
  * Lees de instructies goed door en klik op een toets op door te gaan.
  De icoontjes op je Bureaublad zullen verdwijnen en daarna terug verschijnen. [u:b7f04a487c]Dit is normaal[/u:b7f04a487c].
  * Wacht op de "Completed script execution" melding en klik op "OK"
  * Sluit BFU af door op "EXIT" te klikken
  * In het uitgepakte mapje van BFU is nu een .log bestand bijgekomen, post de inhoud daarvan mee in je volgende reactie

  Download Look2Me-Destroyer.exe naar je bureaublad.

  * Sluit alle open venster.
  * Dubbelklik [b:b7f04a487c]Look2Me-Destroyer.exe[/b:b7f04a487c] om het te starten.
  * Zet een vinkje naast [b:b7f04a487c]Run this program as a task[/b:b7f04a487c].
  * Je zal een melding krijgen met: 'Look2Me-Destroyer will close and re-open in approximately 10 seconds'. Klik [b:b7f04a487c]OK[/b:b7f04a487c]
  * Wanneer Look2Me-Remover opnieuw opent, Klik de [b:b7f04a487c]Scan for L2M[/b:b7f04a487c] knop.
  * Je bureaublad icoontjes en taakbalk zullen verdwijnen, dit is normaal.
  * Eénmaal gedaan met scannen, klik de [b:b7f04a487c]Remove L2M[/b:b7f04a487c] knop.
  * Je zal de boodschap [b:b7f04a487c]Done Scanning[/b:b7f04a487c] krijgen, klik [b:b7f04a487c]OK[/b:b7f04a487c].
  * Nadien zal je volgende melding krijgen: [b:b7f04a487c]Done removing infected files! Look2Me-Destroyer will now shutdown your computer[/b:b7f04a487c], klik [b:b7f04a487c]OK[/b:b7f04a487c].
  * Je computer zal dan afsluiten.
  * Start je computer opnieuw op.
  * Post de inhoud van C:\[b:b7f04a487c]Look2Me-Destroyer.txt[/b:b7f04a487c] samen met een nieuw hijackthislogje.

  Indien je een alert krijgt van je firewall dat dit programma probeert toegang te krijgen met het internet, sta het toe en blokkeer het niet!

  Indien je een [b:b7f04a487c]runtime error '339'[/b:b7f04a487c] krijgt, download MSWINSCK.OCX via onderstaande link en plaats het in je [b:b7f04a487c]C:\Windows\System32[/b:b7f04a487c] map.
  http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

  Post nu het logje van Alcanshorty, Look2me-Destroyer en een vers Hijackthis logje in je volgende bericht

  Succes!

  Pim
 • Okee,

  het BFU logje heb ik niet kunnen vinden, terwijl hij t og alles gechecked heeft.

  Het L2M Logje:


  Look2Me-Destroyer V1.0.12

  Scanning for infected files…..
  Scan started at 27-9-2007 18:30:03


  Attempting to delete infected files…

  Making registry repairs.


  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1CDB2949-8F65-4355-8456-263E7C208A5D}"
  HKCR\Clsid\{1CDB2949-8F65-4355-8456-263E7C208A5D}

  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{82A4E758-BE58-4BEF-9188-1DBB10D7C1DE}"
  HKCR\Clsid\{82A4E758-BE58-4BEF-9188-1DBB10D7C1DE}

  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8434C518-A078-4582-B401-2A6D0D24F9CA}"
  HKCR\Clsid\{8434C518-A078-4582-B401-2A6D0D24F9CA}

  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E3E7D1BF-4842-431B-A498-0E3077B7DBD5}"
  HKCR\Clsid\{E3E7D1BF-4842-431B-A498-0E3077B7DBD5}

  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98E6191A-D353-4470-B154-50A9D18E642C}"
  HKCR\Clsid\{98E6191A-D353-4470-B154-50A9D18E642C}

  Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{27E60F66-AA43-4E0A-9D4B-F5094B16B993}"
  HKCR\Clsid\{27E60F66-AA43-4E0A-9D4B-F5094B16B993}

  Restoring Windows certificates.

  Replaced hosts file with default windows hosts file


  Restoring SeDebugPrivilege for Administrators - Succeeded


  En een vers Hijackthis logje:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:53:05, on 27-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\QuickTime\qttask.exe
  D:\Britta\Ipod\bin\iPodService.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  C:\WINDOWS\system32\fxrsalun.exe
  C:\WINDOWS\system32\hycushbv.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\swacsqeg.dll",sitypnow
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 11596 bytes
 • Hmm, dat ging niet helemaal zoals verwacht, ik kom z.s.m. met een nieuwe fix!
 • 1. klik op [b:2a2eccc3b3]Start –> Uitvoeren[/b:2a2eccc3b3], typ in [b:2a2eccc3b3]CMD[/b:2a2eccc3b3] en klik op '[b:2a2eccc3b3]OK[/b:2a2eccc3b3]'
  kopieer de volgende 2 regels en plak deze in het DOS venster (rechtermuis/plakken) geef dan een Enter :
  [b:2a2eccc3b3]
  SC STOP cmdService
  SC DELETE cmdService
  [/b:2a2eccc3b3]
  Typ [b:2a2eccc3b3]EXIT[/b:2a2eccc3b3] om het DOS-venster te sluiten.

  2. Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:2a2eccc3b3]
  O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
  O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

  Klik op 'Fix checked' om de items te verwijderen.

  3. Download Deckard's System Scanner naar je Bureaublad.[/b:2a2eccc3b3]


  * [b:2a2eccc3b3]Sluit[/b:2a2eccc3b3] alle toepassingen en vensters.
  * Dubbelklik op [b:2a2eccc3b3]dss.exe[/b:2a2eccc3b3] om het te activeren, en volg de aanwijzingen.
  * Wanneer de scan volledig is, zal een tekstbestand - [b:2a2eccc3b3]main.txt[/b:2a2eccc3b3] - openen.
  * Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van [b:2a2eccc3b3]main.txt[/b:2a2eccc3b3] in je volgende antwoord.


  [b:2a2eccc3b3]Opmerking[/b:2a2eccc3b3]: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
  - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
  Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
  Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

  Succes!

  Pim.
 • Ik heb geprobeerd je commando's uit te voeren in het CMD venster, maar hij gaan aan dat de service niet was geïnstalleerd.

  Bij Hijackthis kon ik laatste 2 regels niet aanvinken, omdat ze er niet tussenstonden.

  Wat me dan wel is gelukt is met DSS, hier het logje:

  Deckard's System Scanner v20070905.67
  Run by Daan on 2007-09-28 15:47:04
  Computer is in Normal Mode.
  ——————————————————————————–

  – System Restore ————————————————————–

  System Restore is disabled; attempting to re-enable…success.


  – Last 1 Restore Point(s) –
  1: 2007-09-28 13:47:08 UTC - RP1 - Controlepunt van systeem


  Backed up registry hives.
  Performed disk cleanup.  – HijackThis (run as Daan.exe) ————————————————

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 15:49:04, on 28-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\fxrsalun.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  D:\Britta\Ipod\bin\iPodService.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe
  C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Documents and Settings\Daan\Bureaublad\dss.exe
  C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {096C8BA4-1664-4AE6-6D2D-4D71C278C5C1} - C:\WINDOWS\system32\bneogv.dll
  O2 - BHO: 0 - {2E9F2046-87A1-47E7-999C-661EE0016664} - C:\Program Files\MSN Gaming Zone\lavunagiv401.dll
  O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: (no name) - {9395AB2A-65EB-3A3D-BF55-3A766D340497} - C:\WINDOWS\system32\jzflaygg.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
  O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll
  O2 - BHO: (no name) - {CE6A3B7C-D765-454A-9E47-0DBA7B8E20DB} - C:\WINDOWS\system32\jkhhh.dll
  O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\wcvdjkju.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dknoqnip.dll",sitypnow
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O20 - Winlogon Notify: jkkklkk - C:\WINDOWS\SYSTEM32\jkkklkk.dll
  O20 - Winlogon Notify: qomnlmm - C:\WINDOWS\SYSTEM32\qomnlmm.dll
  O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 13065 bytes

  – HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ———–

  backup-20070927-180819-333 O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
  backup-20070927-180819-480 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
  backup-20070927-180819-492 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
  backup-20070927-180819-553 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  backup-20070927-180819-636 O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
  backup-20070927-180819-728 O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
  backup-20070928-154406-736 O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  backup-20070928-154406-882 O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe"

  – File Associations ———————————————————–

 • Eerst even wat opruimen, want nu zie ik door de bomen het bos niet meer!

  Download
 • Okee, hier het Vundofix logje:


  VundoFix V6.3.19

  Checking Java version…

  Java version is 1.5.0.6
  Old versions of java are exploitable and should be removed.

  Scan started at 13:50:31 15-4-2007

  Listing files found while scanning….

  C:\WINDOWS\system32\guard.tmp

  VundoFix V6.5.9

  Checking Java version…

  Java version is 1.5.0.6
  Old versions of java are exploitable and should be removed.

  Scan started at 23:24:34 28-9-2007

  Listing files found while scanning….

  C:\WINDOWS\system32\dknoqnip.dll
  C:\windows\system32\hycushbv.exe
  C:\WINDOWS\system32\pinqonkd.ini
  C:\WINDOWS\system32\wcvdjkju.dll

  Beginning removal…

  Attempting to delete C:\WINDOWS\system32\dknoqnip.dll
  C:\WINDOWS\system32\dknoqnip.dll Could not be deleted.

  Attempting to delete C:\windows\system32\hycushbv.exe
  C:\windows\system32\hycushbv.exe Has been deleted!

  Attempting to delete C:\WINDOWS\system32\pinqonkd.ini
  C:\WINDOWS\system32\pinqonkd.ini Has been deleted!

  Attempting to delete C:\WINDOWS\system32\wcvdjkju.dll
  C:\WINDOWS\system32\wcvdjkju.dll Could not be deleted.

  Performing Repairs to the registry.
  Done!

  Beginning removal…

  Attempting to delete C:\WINDOWS\system32\dknoqnip.dll
  C:\WINDOWS\system32\dknoqnip.dll Has been deleted!

  Attempting to delete C:\WINDOWS\system32\wcvdjkju.dll
  C:\WINDOWS\system32\wcvdjkju.dll Has been deleted!

  Performing Repairs to the registry.
  Done!

  VundoFix V6.5.9

  Checking Java version…

  Java version is 1.5.0.6
  Old versions of java are exploitable and should be removed.

  Scan started at 23:33:16 28-9-2007

  Listing files found while scanning….

  C:\windows\system32\ccsspsru.dll

  Beginning removal…

  Attempting to delete C:\windows\system32\ccsspsru.dll
  C:\windows\system32\ccsspsru.dll Has been deleted!

  Performing Repairs to the registry.
  Done!


  Hijackthislogje:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 23:46:38, on 28-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\fxrsalun.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  D:\Britta\Ipod\bin\iPodService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\F?nts\??chost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 11386 bytes

  En dan nog DSS:

  Deckard's System Scanner v20070905.67
  Run by Daan on 2007-09-28 23:47:06
  Computer is in Normal Mode.
  ——————————————————————————–  – HijackThis (run as Daan.exe) ————————————————

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 23:47:09, on 28-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\fxrsalun.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  D:\Britta\Ipod\bin\iPodService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Documents and Settings\Daan\Bureaublad\dss.exe
  C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {096C8BA4-1664-4AE6-6D2D-4D71C278C5C1} - C:\WINDOWS\system32\bneogv.dll
  O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: (no name) - {98C7A825-69B9-6839-EE55-3A766D3407C5} - C:\WINDOWS\system32\fzv.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
  O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll
  O2 - BHO: (no name) - {F8B3503D-4026-478F-B9C6-36A6D0D2B1E8} - C:\WINDOWS\system32\jkhhh.dll
  O2 - BHO: 0 - {FD3101AB-B1E2-462C-9BBC-DF9BAF63C666} - C:\Program Files\MSN Gaming Zone\lavunagiv463.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O20 - Winlogon Notify: jkkklkk - C:\WINDOWS\SYSTEM32\jkkklkk.dll
  O20 - Winlogon Notify: qomnlmm - C:\WINDOWS\SYSTEM32\qomnlmm.dll
  O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 12786 bytes

  – Files created between 2007-08-28 and 2007-09-28 —————————–

  2007-09-28 23:33:15 0 d——– C:\WINDOWS\F?nts
  2007-09-28 23:33:14 60928 –a—— C:\WINDOWS\system32\fzv.dll
  2007-09-28 23:24:34 0 d——– C:\VundoFix Backups
  2007-09-28 14:06:49 75328 –a—— C:\WINDOWS\system32\jufvcmyw.exe <Not Verified; ; DDC>
  2007-09-27 19:13:23 75328 –a—— C:\WINDOWS\system32\fxrsalun.exe <Not Verified; ; DDC>
  2007-09-27 18:26:32 710917 —hs—- C:\WINDOWS\system32\hhhkj.bak2
  2007-09-27 18:12:59 0 d——– C:\bintheredunthat
  2007-09-26 21:27:24 693140 —hs—- C:\WINDOWS\system32\hhhkj.bak1
  2007-09-26 20:41:44 86016 –a—— C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
  2007-09-26 20:37:25 0 d——– C:\Program Files\Jamdat
  2007-09-25 22:20:33 0 d——– C:\Program Files\Trend Micro
  2007-09-25 22:19:01 0 d——– C:\Documents and Settings\Daan\Application Data\?ymantec
  2007-09-25 22:17:41 0 d——– C:\Documents and Settings\All Users\Application Data\Avg7
  2007-09-25 15:23:50 0 d——– C:\Documents and Settings\Daan\Application Data\??curity
  2007-09-25 15:23:09 32177 —hs—- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
  2007-09-25 15:23:07 0 d——– C:\Program Files\?ystem
  2007-09-25 15:23:07 207 –a—— C:\Documents and Settings\Daan\2977.bat
  2007-09-25 07:56:25 321632 —–n— C:\WINDOWS\system32\jkhhh.dll
  2007-09-25 07:52:04 207 –a—— C:\Documents and Settings\Daan\2813.bat
  2007-09-25 07:51:53 36352 –a—— C:\WINDOWS\system32\jkkklkk.dll
  2007-09-24 23:28:10 207 –a—— C:\Documents and Settings\Daan\4992.bat
  2007-09-24 23:28:01 0 d——– C:\Program Files\WinAble
  2007-09-24 23:28:01 0 d——– C:\Program Files\Temporary
  2007-09-24 23:28:00 32768 –a—— C:\Documents and Settings\Daan\winlogo.exe <Not Verified; w00t; oooo8888>
  2007-09-24 23:14:02 135168 –a—— C:\WINDOWS\tk58.exe
  2007-09-24 23:13:59 687592 –a—— C:\WINDOWS\system32\atmtd.dll
  2007-09-24 23:13:56 169147 –a—— C:\WINDOWS\TTC-4444.exe
  2007-09-24 23:13:50 0 d——– C:\Documents and Settings\LocalService\Application Data\NetMon
  2007-09-24 23:13:43 35840 –a—— C:\WINDOWS\retadpu1000106.exe
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\UPC1
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\P2
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\Dr3
  2007-09-24 23:13:35 0 d——– C:\WINDOWS\system32\f04WtR
  2007-09-24 23:13:35 207 –a—— C:\WINDOWS\system32\9774.bat
  2007-09-24 23:13:33 109585 –a—— C:\WINDOWS\system32\ps.exe
  2007-09-24 23:13:22 35328 –a—— C:\WINDOWS\system32\qomnlmm.dll
  2007-09-24 23:13:20 55296 —–n— C:\WINDOWS\system32\install.exe
  2007-09-24 23:13:08 35840 –a—— C:\WINDOWS\retadpu1000137.exe
  2007-09-24 23:13:03 9814 –a—— C:\WINDOWS\system32\app.exe <Not Verified; ; adinstall>
  2007-09-24 23:13:01 32768 –a—— C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; oooo8888>
  2007-09-24 22:06:12 0 –a—— C:\WINDOWS\system32\taskkill.exe
  2007-09-24 22:06:03 147456 –a—— C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
  2007-09-23 21:07:36 225280 –a—— C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
  2007-09-23 21:07:36 0 d——– C:\Program Files\VstPlugins
  2007-09-23 21:02:34 0 d——– C:\Program Files\Image-Line
  2007-09-23 15:12:48 0 d——– C:\Documents and Settings\Daan\Application Data\Syntrillium
  2007-09-23 14:42:54 4608 –a—— C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
  2007-09-23 14:42:54 2272 –a—— C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
  2007-09-23 10:18:45 0 d——– C:\Documents and Settings\All Users\Application Data\Google Updater
  2007-09-23 10:18:44 0 d——– C:\Program Files\Google
  2007-09-20 17:56:07 0 d——– C:\WINDOWS\s?mbols
  2007-09-20 17:56:06 60928 –a—— C:\WINDOWS\system32\bneogv.dll
  2007-09-20 17:55:42 0 d——– C:\Documents and Settings\Niels\Application Data\Logitech
  2007-09-19 21:56:10 53248 –a—— C:\WINDOWS\b122.exe
  2007-09-14 18:32:35 0 d——– C:\Documents and Settings\Daan\Application Data\NCH Swift Sound
  2007-09-14 18:27:09 0 d——– C:\Program Files\NCH Swift Sound
  2007-09-10 23:13:07 0 d——– C:\Documents and Settings\Reinier\Application Data\Logitech
  2007-09-03 18:20:17 0 d——– C:\Program Files\Norton Security Scan
  2007-09-03 17:34:51 0 d——– C:\Documents and Settings\Daan\Application Data\Logitech
  2007-09-03 17:34:43 0 d——– C:\Documents and Settings\Daan\Application Data\Leadertech
  2007-09-03 17:34:41 0 d——– C:\Program Files\Common Files\LogiShared
  2007-09-03 17:32:08 69632 –a—— C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 110592 –a—— C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 135168 –a—— C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 163840 –a—— C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:31:41 0 d——– C:\Documents and Settings\All Users\Application Data\Logitech
  2007-09-03 17:31:28 0 d——– C:\Documents and Settings\Daan\Application Data\InstallShield
  2007-09-03 17:31:19 0 d——– C:\Documents and Settings\All Users\Application Data\LogiShrd


  – Find3M Report —————————————————————

  2007-09-28 23:41:51 0 d——– C:\Program Files\MSN Gaming Zone
  2007-09-28 23:33:20 2 –a—— C:\WINDOWS\system32\wcpsvit32.exe
  2007-09-28 23:33:15 0 d——– C:\Documents and Settings\Daan\Application Data\??curity
  2007-09-27 19:18:23 0 d——– C:\Program Files\Common Files
  2007-09-26 20:54:01 0 d——– C:\Program Files\Microsoft ActiveSync
  2007-09-26 20:27:32 2528 –a—— C:\Documents and Settings\Daan\Application Data\$_hpcst$.hpc
  2007-09-25 22:19:01 0 d——– C:\Documents and Settings\Daan\Application Data\?ymantec
  2007-09-25 22:18:28 0 d——– C:\Program Files\?ystem
  2007-09-25 18:14:27 0 d——– C:\Program Files\AdSponsorCL
  2007-09-25 16:56:20 86016 –a—— C:\eSetup.exe
  2007-09-20 17:56:07 0 d——– C:\Program Files\Common Files\s?stem
  2007-09-10 22:20:41 0 d——– C:\Program Files\LimeWire
  2007-09-10 16:46:54 0 d——– C:\Program Files\Java
  2007-09-03 18:20:22 0 d——– C:\Program Files\Common Files\Symantec Shared
  2007-09-03 17:32:22 0 d——– C:\Program Files\Common Files\Logitech
  2007-09-03 17:31:40 0 d——– C:\Program Files\Logitech
  2007-09-03 17:31:38 0 d–h—– C:\Program Files\InstallShield Installation Information
  2007-08-15 23:10:19 0 d——– C:\Program Files\MSXML 4.0
  2007-08-11 14:56:22 0 d——– C:\Program Files\??mantec
  2007-08-11 14:56:22 0 d——– C:\Program Files\Outerinfo
  2007-08-02 15:43:59 282624 –a—— C:\Program Files\TTC.dll
  2007-08-01 20:04:14 0 d——– C:\Program Files\Common Files\Teleca Shared


  – Registry Dump —————————————————————

  *Note* empty entries & legit default entries are not shown


  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{096C8BA4-1664-4AE6-6D2D-4D71C278C5C1}]
  06-09-2007 15:47 60928 –a—— C:\WINDOWS\system32\bneogv.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554534D4-2C73-4A6E-8EC8-D4A37C30CEF4}]
  02-08-2007 15:43 282624 –a—— C:\Program Files\Internet Explorer\hoketof83122.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98C7A825-69B9-6839-EE55-3A766D3407C5}]
  23-08-2007 21:58 60928 –a—— C:\WINDOWS\system32\fzv.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B403F9DE-5C4E-4149-808B-25855C446A89}]
  02-08-2007 15:43 282624 –a—— C:\Program Files\Internet Explorer\hoketof4444.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8B3503D-4026-478F-B9C6-36A6D0D2B1E8}]
  25-09-2007 07:56 321632 ——— C:\WINDOWS\system32\jkhhh.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD3101AB-B1E2-462C-9BBC-DF9BAF63C666}]
  28-09-2007 23:41 70144 –a—— C:\Program Files\MSN Gaming Zone\lavunagiv463.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06-10-2003 15:16]
  "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10-04-2002 17:44]
  "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 12:02]
  "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
  "nwiz"="nwiz.exe" [06-10-2003 15:16 C:\WINDOWS\system32\nwiz.exe]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54]
  "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" []
  "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
  "iTunesHelper"="D:\Britta\Itunes\iTunesHelper.exe" [23-02-2006 15:45]
  "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-05-2002 19:58]
  "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" []
  "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
  "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
  "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
  "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" []
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-12-2006 13:55]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 04:00]
  "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 15:32 C:\WINDOWS\KHALMNPR.Exe]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]
  "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" []
  "Steam"="c:\program files\steam\steam.exe" []
  "SmartBarXP"="D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe" []
  "Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" []
  "BitTorrent"="D:\Daan\Documenten\bittorrent.exe" []
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23-09-2007 10:18]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34]
  "Adru"="C:\PROGRA~1\YSTEM~1\javaw.exe" [25-09-2007 22:18]
  "Lacuog"="C:\WINDOWS\F?nts\??chost.exe" []

  [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
  Source= C:\Program Files\MSN Gaming Zone\profsycyzyrt.html
  FriendlyName=

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\qomnlmm.dll [24-09-2007 23:13 35328]
  "{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\jkkklkk.dll [25-09-2007 07:51 36352]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkk]
  jkkklkk.dll 25-09-2007 07:51 36352 C:\WINDOWS\system32\jkkklkk.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlmm]
  qomnlmm.dll 24-09-2007 23:13 35328 C:\WINDOWS\system32\qomnlmm.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh
  "Notification Packages"= scecli scecli

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
  @="Service"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
  @=""

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
  @="Volume shadow copy"


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8affe2a-9871-11d9-9951-806d6172696f}]
  AutoRun\command- D:\setupSNK.exe


  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AFEB339-8F0B-469A-B2A2-87D2A8FA92BE}]
  c:\eSetup.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}]
  C:\WINDOWS\system\sservice.exe  – End of Deckard's System Scanner: finished at 2007-09-28 23:47:53 ————
 • Start Hijackthis, kies voor [i:2e6f03d351]'Do a system scan only'[/i:2e6f03d351] en vink onderstaande regels aan:
  [b:2e6f03d351]
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe
  [/b:2e6f03d351]

  Sluit nu [u:2e6f03d351]alle[/u:2e6f03d351] openstaande vensters, behalve Hijackthis en klik op [b:2e6f03d351]Fix Checked[/b:2e6f03d351].


  Download OTmoveit en plaats het op je [u:2e6f03d351]bureaublad[/u:2e6f03d351]

  [list:2e6f03d351]
  * Dubbelklik op [b:2e6f03d351]OTMoveIt.exe[/b:2e6f03d351] om de tool te starten.
  * Kopiëer (selecteren en druk Ctrl-C) [b:2e6f03d351]alle[/b:2e6f03d351] onderstaande, vetgedrukte, blauwe tekst :
 • Okeej, heb alles doorgevoerd. Ik heb alleen mijn PC niet opnieuw opgestart wat OTMoveIt mij vroeg omdat ik dan niet zeker wist of de resultaten in de rechterkolom bewaard zouden blijven dus hier de resulaten:

  C:\WINDOWS\system32\fxrsalun.exe moved successfully.
  File/Folder C:\WINDOWS\F?nts\??chost.exe not found.
  C:\PROGRA~1\YSTEM~1\javaw.exe moved successfully.
  C:\WINDOWS\system32\bneogv.dll unregistered successfully.
  C:\WINDOWS\system32\bneogv.dll moved successfully.
  DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\hoketof83122.dll
  C:\Program Files\Internet Explorer\hoketof83122.dll NOT unregistered.
  C:\Program Files\Internet Explorer\hoketof83122.dll moved successfully.
  C:\WINDOWS\system32\fzv.dll unregistered successfully.
  C:\WINDOWS\system32\fzv.dll moved successfully.
  DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\hoketof4444.dll
  C:\Program Files\Internet Explorer\hoketof4444.dll NOT unregistered.
  C:\Program Files\Internet Explorer\hoketof4444.dll moved successfully.
  LoadLibrary failed for C:\WINDOWS\system32\jkhhh.dll
  C:\WINDOWS\system32\jkhhh.dll NOT unregistered.
  File move failed. C:\WINDOWS\system32\jkhhh.dll scheduled to be moved on reboot.
  LoadLibrary failed for C:\Program Files\MSN Gaming Zone\lavunagiv463.dll
  C:\Program Files\MSN Gaming Zone\lavunagiv463.dll NOT unregistered.
  C:\Program Files\MSN Gaming Zone\lavunagiv463.dll moved successfully.
  LoadLibrary failed for C:\WINDOWS\SYSTEM32\jkkklkk.dll
  C:\WINDOWS\SYSTEM32\jkkklkk.dll NOT unregistered.
  C:\WINDOWS\SYSTEM32\jkkklkk.dll moved successfully.
  LoadLibrary failed for C:\WINDOWS\SYSTEM32\qomnlmm.dll
  C:\WINDOWS\SYSTEM32\qomnlmm.dll NOT unregistered.
  C:\WINDOWS\SYSTEM32\qomnlmm.dll moved successfully.
  File/Folder C:\WINDOWS\system32\fxrsalun.exe not found.
  C:\Program Files\MSN Gaming Zone\profsycyzyrt.html moved successfully.
  C:\WINDOWS\system32\jufvcmyw.exe moved successfully.
  File/Folder C:\WINDOWS\system32\fxrsalun.exe not found.
  C:\WINDOWS\system32\hhhkj.bak2 moved successfully.
  C:\WINDOWS\system32\hhhkj.bak1 moved successfully.
  C:\bintheredunthat moved successfully.
  C:\WINDOWS\unvise32.exe moved successfully.
  File/Folder C:\Documents and Settings\Daan\Application Data\??curity not found.
  LoadLibrary failed for C:\WINDOWS\system32\jkhhh.dll
  C:\WINDOWS\system32\jkhhh.dll NOT unregistered.
  File move failed. C:\WINDOWS\system32\jkhhh.dll scheduled to be moved on reboot.
  File/Folder C:\WINDOWS\system32\jkkklkk.dll not found.
  C:\Program Files\WinAble moved successfully.
  C:\Documents and Settings\Daan\winlogo.exe moved successfully.
  C:\WINDOWS\tk58.exe moved successfully.
  LoadLibrary failed for C:\WINDOWS\system32\atmtd.dll
  C:\WINDOWS\system32\atmtd.dll NOT unregistered.
  C:\WINDOWS\system32\atmtd.dll moved successfully.
  C:\WINDOWS\TTC-4444.exe moved successfully.
  C:\WINDOWS\retadpu1000106.exe moved successfully.
  File/Folder C:\WINDOWS\system32\qomnlmm.dll not found.
  C:\WINDOWS\system32\install.exe moved successfully.
  C:\WINDOWS\retadpu1000137.exe moved successfully.
  C:\WINDOWS\system32\winlogo.exe moved successfully.
  File/Folder C:\WINDOWS\system32\bneogv.dll not found.
  C:\WINDOWS\b122.exe moved successfully.
  C:\WINDOWS\system32\wcpsvit32.exe moved successfully.

  Created on 09-29-2007 09:04:33


  Hijackthis:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 9:08:49, on 29-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\fxrsalun.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  D:\Britta\Ipod\bin\iPodService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\WINDOWS\F?nts\??chost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fxrsalun.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 11359 bytes


  DSS logje:

  Deckard's System Scanner v20070905.67
  Run by Daan on 2007-09-29 09:09:49
  Computer is in Normal Mode.
  ——————————————————————————–  – HijackThis (run as Daan.exe) ————————————————

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 9:09:51, on 29-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\fxrsalun.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  D:\Britta\Itunes\iTunesHelper.exe
  C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\PROGRA~1\MICROS~4\rapimgr.exe
  C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
  D:\Britta\Ipod\bin\iPodService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe
  C:\PROGRA~1\YSTEM~1\javaw.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\WINDOWS\F?nts\??chost.exe
  C:\Documents and Settings\Daan\Bureaublad\dss.exe
  C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: 0 - {2F2E90E8-BD69-4AFF-FAB3-FB1989091D17} - C:\Program Files\MSN Gaming Zone\lavunagiv238.dll
  O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll (file missing)
  O2 - BHO: (no name) - {63633284-BC99-4D86-AEB6-158AC92C5A17} - C:\WINDOWS\system32\jkhhh.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
  O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll (file missing)
  O2 - BHO: (no name) - {B694C244-BC70-4AE5-A2A8-452F4CABC099} - C:\WINDOWS\system32\pmnli.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
  O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
  O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
  O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
  O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
  O4 - Startup: Planet Internet ADSL.lnk = ?
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
  O20 - Winlogon Notify: jkkklkk - jkkklkk.dll (file missing)
  O20 - Winlogon Notify: qomnlmm - qomnlmm.dll (file missing)
  O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fxrsalun.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
  O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
  O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html


  End of file - 12667 bytes

  – Files created between 2007-08-29 and 2007-09-29 —————————–

  2007-09-29 08:22:06 6448 —hs—- C:\WINDOWS\system32\ilnmp.bak1
  2007-09-29 08:21:31 316000 –a—— C:\WINDOWS\system32\pmnli.dll
  2007-09-29 08:08:33 4672 –a—— C:\WINDOWS\system32\ahsrpais.exe
  2007-09-28 23:33:15 0 d——– C:\WINDOWS\F?nts
  2007-09-28 23:24:34 0 d——– C:\VundoFix Backups
  2007-09-26 20:37:25 0 d——– C:\Program Files\Jamdat
  2007-09-25 22:20:33 0 d——– C:\Program Files\Trend Micro
  2007-09-25 22:19:01 0 d——– C:\Documents and Settings\Daan\Application Data\?ymantec
  2007-09-25 22:17:41 0 d——– C:\Documents and Settings\All Users\Application Data\Avg7
  2007-09-25 15:23:50 0 d——– C:\Documents and Settings\Daan\Application Data\??curity
  2007-09-25 15:23:09 32177 —hs—- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
  2007-09-25 15:23:07 0 d——– C:\Program Files\?ystem
  2007-09-25 15:23:07 207 –a—— C:\Documents and Settings\Daan\2977.bat
  2007-09-25 07:56:25 321632 —–n— C:\WINDOWS\system32\jkhhh.dll
  2007-09-25 07:52:04 207 –a—— C:\Documents and Settings\Daan\2813.bat
  2007-09-24 23:28:10 207 –a—— C:\Documents and Settings\Daan\4992.bat
  2007-09-24 23:28:01 0 d——– C:\Program Files\Temporary
  2007-09-24 23:13:50 0 d——– C:\Documents and Settings\LocalService\Application Data\NetMon
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\UPC1
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\P2
  2007-09-24 23:13:39 0 d——– C:\WINDOWS\system32\Dr3
  2007-09-24 23:13:35 0 d——– C:\WINDOWS\system32\f04WtR
  2007-09-24 23:13:35 207 –a—— C:\WINDOWS\system32\9774.bat
  2007-09-24 23:13:33 109585 –a—— C:\WINDOWS\system32\ps.exe
  2007-09-24 23:13:03 9814 –a—— C:\WINDOWS\system32\app.exe <Not Verified; ; adinstall>
  2007-09-24 22:06:12 0 –a—— C:\WINDOWS\system32\taskkill.exe
  2007-09-24 22:06:03 147456 –a—— C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
  2007-09-23 21:07:36 225280 –a—— C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
  2007-09-23 21:07:36 0 d——– C:\Program Files\VstPlugins
  2007-09-23 21:02:34 0 d——– C:\Program Files\Image-Line
  2007-09-23 15:12:48 0 d——– C:\Documents and Settings\Daan\Application Data\Syntrillium
  2007-09-23 14:42:54 4608 –a—— C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
  2007-09-23 14:42:54 2272 –a—— C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
  2007-09-23 10:18:45 0 d——– C:\Documents and Settings\All Users\Application Data\Google Updater
  2007-09-23 10:18:44 0 d——– C:\Program Files\Google
  2007-09-20 17:56:07 0 d——– C:\WINDOWS\s?mbols
  2007-09-20 17:55:42 0 d——– C:\Documents and Settings\Niels\Application Data\Logitech
  2007-09-14 18:32:35 0 d——– C:\Documents and Settings\Daan\Application Data\NCH Swift Sound
  2007-09-14 18:27:09 0 d——– C:\Program Files\NCH Swift Sound
  2007-09-10 23:13:07 0 d——– C:\Documents and Settings\Reinier\Application Data\Logitech
  2007-09-03 18:20:17 0 d——– C:\Program Files\Norton Security Scan
  2007-09-03 17:34:51 0 d——– C:\Documents and Settings\Daan\Application Data\Logitech
  2007-09-03 17:34:43 0 d——– C:\Documents and Settings\Daan\Application Data\Leadertech
  2007-09-03 17:34:41 0 d——– C:\Program Files\Common Files\LogiShared
  2007-09-03 17:32:08 69632 –a—— C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 110592 –a—— C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 135168 –a—— C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:32:08 163840 –a—— C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
  2007-09-03 17:31:41 0 d——– C:\Documents and Settings\All Users\Application Data\Logitech
  2007-09-03 17:31:28 0 d——– C:\Documents and Settings\Daan\Application Data\InstallShield
  2007-09-03 17:31:19 0 d——– C:\Documents and Settings\All Users\Application Data\LogiShrd


  – Find3M Report —————————————————————

  2007-09-29 09:04:26 0 d——– C:\Program Files\MSN Gaming Zone
  2007-09-29 09:04:22 0 d——– C:\Program Files\?ystem
  2007-09-28 23:33:15 0 d——– C:\Documents and Settings\Daan\Application Data\??curity
  2007-09-27 19:18:23 0 d——– C:\Program Files\Common Files
  2007-09-26 20:54:01 0 d——– C:\Program Files\Microsoft ActiveSync
  2007-09-26 20:27:32 2528 –a—— C:\Documents and Settings\Daan\Application Data\$_hpcst$.hpc
  2007-09-25 22:19:01 0 d——– C:\Documents and Settings\Daan\Application Data\?ymantec
  2007-09-25 18:14:27 0 d——– C:\Program Files\AdSponsorCL
  2007-09-25 16:56:20 86016 –a—— C:\eSetup.exe
  2007-09-20 17:56:07 0 d——– C:\Program Files\Common Files\s?stem
  2007-09-10 22:20:41 0 d——– C:\Program Files\LimeWire
  2007-09-10 16:46:54 0 d——– C:\Program Files\Java
  2007-09-03 18:20:22 0 d——– C:\Program Files\Common Files\Symantec Shared
  2007-09-03 17:32:22 0 d——– C:\Program Files\Common Files\Logitech
  2007-09-03 17:31:40 0 d——– C:\Program Files\Logitech
  2007-09-03 17:31:38 0 d–h—– C:\Program Files\InstallShield Installation Information
  2007-08-15 23:10:19 0 d——– C:\Program Files\MSXML 4.0
  2007-08-11 14:56:22 0 d——– C:\Program Files\??mantec
  2007-08-11 14:56:22 0 d——– C:\Program Files\Outerinfo
  2007-08-02 15:43:59 282624 –a—— C:\Program Files\TTC.dll
  2007-08-01 20:04:14 0 d——– C:\Program Files\Common Files\Teleca Shared


  – Registry Dump —————————————————————

  *Note* empty entries & legit default entries are not shown


  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2E90E8-BD69-4AFF-FAB3-FB1989091D17}]
  29-09-2007 09:01 70144 –a—— C:\Program Files\MSN Gaming Zone\lavunagiv238.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554534D4-2C73-4A6E-8EC8-D4A37C30CEF4}]
  C:\Program Files\Internet Explorer\hoketof83122.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63633284-BC99-4D86-AEB6-158AC92C5A17}]
  25-09-2007 07:56 321632 ——— C:\WINDOWS\system32\jkhhh.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B403F9DE-5C4E-4149-808B-25855C446A89}]
  C:\Program Files\Internet Explorer\hoketof4444.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B694C244-BC70-4AE5-A2A8-452F4CABC099}]
  29-09-2007 08:21 316000 –a—— C:\WINDOWS\system32\pmnli.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06-10-2003 15:16]
  "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10-04-2002 17:44]
  "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 12:02]
  "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
  "nwiz"="nwiz.exe" [06-10-2003 15:16 C:\WINDOWS\system32\nwiz.exe]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54]
  "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" []
  "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
  "iTunesHelper"="D:\Britta\Itunes\iTunesHelper.exe" [23-02-2006 15:45]
  "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-05-2002 19:58]
  "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" []
  "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
  "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
  "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
  "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" []
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-12-2006 13:55]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 04:00]
  "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 15:32 C:\WINDOWS\KHALMNPR.Exe]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]
  "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" []
  "Steam"="c:\program files\steam\steam.exe" []
  "SmartBarXP"="D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe" []
  "Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" []
  "BitTorrent"="D:\Daan\Documenten\bittorrent.exe" []
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23-09-2007 10:18]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34]
  "Adru"="C:\PROGRA~1\YSTEM~1\javaw.exe" []

  [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
  Source= C:\Program Files\MSN Gaming Zone\profsycyzyrt.html
  FriendlyName=

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\qomnlmm.dll [ ]
  "{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\jkkklkk.dll [ ]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkk]
  jkkklkk.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlmm]
  qomnlmm.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh
  "Notification Packages"= scecli scecli

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
  @="Service"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
  @=""

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
  @="Volume shadow copy"


  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AFEB339-8F0B-469A-B2A2-87D2A8FA92BE}]
  c:\eSetup.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}]
  C:\WINDOWS\system\sservice.exe  – End of Deckard's System Scanner: finished at 2007-09-29 09:10:32 ————  En Combofix kan hetzelfde bestand nog steeds niet vinden:

  [b:3b76609723]C:\WINDOWS\regedit.exe[/b:3b76609723]
 • Ziet er niet zo goed uit.
  We zullen eerst kijken wat er met regedit.exe aan de hand is.

  Open een kladblokbestand.
  Kopieer onderstaande code in dit kladblokbestand.
  Ga naar Bestand - Opslaan als.
  Bij "Opslaan in" kies je: Bureaublad
  Bij "Bestandsnaam" zet je: look.bat
  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
  Klik op de knop Opslaan.
  [code:1:098d327967]
  IF EXIST files.txt DEL files.txt
  dir %Systemdrive%\regedit.exe /a h /s > files.txt
  start notepad files.txt
  [/code:1:098d327967]
  Dubbelklik op look.bat en post de inhoud files.txt
 • Kan je ook even de header posten van de laatste Combofixlog?
  Ik zou graag weten welke versie je gebruikt.
 • Okeej, hier het files.txt

  De volumenaam van station C is PROGRAMMAS
  Het volumenummer is 962A-D319

  Map van C:\WINDOWS

  04-08-2004 02:03 153.088 regedit.exe
  1 bestand(en) 153.088 bytes

  Map van C:\WINDOWS\$NtServicePackUninstall$

  30-09-2002 17:11 140.800 regedit.exe
  1 bestand(en) 140.800 bytes

  Map van C:\WINDOWS\ServicePackFiles\i386

  04-08-2004 02:03 153.088 regedit.exe
  1 bestand(en) 153.088 bytes

  Map van C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da

  04-08-2004 10:03 153.088 regedit.exe
  1 bestand(en) 153.088 bytes

  Map van C:\WINDOWS\system32\dllcache

  04-08-2004 02:03 153.088 regedit.exe
  1 bestand(en) 153.088 bytes

  En welke combofik versie ik gebruik weet ik niet en ik weet niet waar ik de header kan vinden sorry, maar alsje naar boven scrollt zul je zien dat Pim zegt "Download Combofix en plaats hem op je bureaublad" die versie die daar in een link staat aangegeven heb ik. Ik hoop dat dat een bevredigend antwoord is.
 • Download combofix opnieuw en maak een nieuwe log.
 • Daar wrikt hem nou juist de schoen, ik kan hem niet openen en ik heb ook geen logje, ik kan er ook geen logje mee maken omdat hij het dus niet doet, tenzij jij een andere weg weet.

  Maar ik moet nu werken dus zal vanavond verder kunnen iig ontzettend bedankt alvast.
 • Heb je hem opnieuw proberen te downloaden?
  (oude versie eerst weggooien RocX)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.