Vraag & Antwoord

Beveiliging & privacy

hijackthis log

Anoniem
None
14 antwoorden
 • Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 14:42:46, on 12-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\System32\Rundll32.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
  O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKLM"
  O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S1A9.tmp" /EF "HKLM"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187091868468
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


  End of file - 8453 bytes  kan iemand me helpen met deze log wat moet ik precies doen

  alvast bedankt
 • Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
  [b:eff7647d1c]
  O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  [/b:eff7647d1c]
  Sluit alle openstaande vensters en klik op 'Fix Checked'.

  Download RVAXO.exe
  [list:eff7647d1c]
  Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
  Open nu de map [b:eff7647d1c]RVAXO[/b:eff7647d1c] op je bureaublad en dubbeklik [b:eff7647d1c]RVAXO.cmd[/b:eff7647d1c]
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  [b:eff7647d1c]Mogelijk[/b:eff7647d1c] start er ook een uninstaller van een rogue scanner op, [b:eff7647d1c]sluit deze niet af[/b:eff7647d1c] maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\[b:eff7647d1c]RVAXO-results.log[/b:eff7647d1c]
  Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:eff7647d1c]doe dit dan handmatig[/b:eff7647d1c].
  Post de inhoud van de logfile in je volgende bericht.
  [/list:u:eff7647d1c]

  Download Combofix naar je Bureaublad.

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:eff7647d1c]download Combofix opnieuw[/b:eff7647d1c]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  [list:eff7647d1c]
  Dubbelklik [b:eff7647d1c]Combofix.exe[/b:eff7647d1c]
  Volg de instructies, aanvaard de disclaimer door "[b:eff7647d1c]1[/b:eff7647d1c]" te typen en te bevestigen via "[b:eff7647d1c]Enter[/b:eff7647d1c]".
  Tijdens het runnen van de fix, [b:eff7647d1c]NIET[/b:eff7647d1c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:eff7647d1c]

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
  [i:eff7647d1c]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:eff7647d1c]

  Pim
 • —————-RVAXO.exe first run————-

  Files found:

  C:\WINDOWS\system32\superiorads-uninst.exe

  Uninstallers Rogue scanners:


  Folders Found:


  Hosts-file was reset, If you use a custom hosts file please replace it…

  ————–RVAXO.exe last run—————

  Files found:

  Folders Found:

  ————–RVAXO.exe finished—————-  dit krijg ik na de herstart met me pc meer niet
 • ComboFix 07-12-12.3 - Ifi 2007-12-12 17:48:57.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.204 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Ifi\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))
  .

  2007-12-11 19:48 . 2007-12-11 19:48 <DIR> d——– C:\Documents and Settings\Ifi\Application Data\Lavasoft
  2007-12-11 19:31 . 2007-12-11 19:31 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
  2007-12-11 19:31 . 2007-12-11 19:31 298,104 –a—— C:\WINDOWS\system32\imon.dll
  2007-12-11 19:31 . 2007-12-11 19:31 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
  2007-12-11 19:29 . 2007-12-11 19:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
  2007-12-11 19:21 . 2007-12-11 19:21 <DIR> d——– C:\Documents and Settings\Ifi\Application Data\Webroot
  2007-12-10 19:32 . 2007-12-10 19:32 268 –ah—– C:\sqmdata09.sqm
  2007-12-10 19:32 . 2007-12-10 19:32 244 –ah—– C:\sqmnoopt09.sqm
  2007-11-30 11:12 . 2007-11-30 11:12 63,488 –a—— C:\WINDOWS\system32\sprt_ads.dll
  2007-11-26 15:23 . 2007-11-26 15:23 268 –ah—– C:\sqmdata08.sqm
  2007-11-26 15:23 . 2007-11-26 15:23 244 –ah—– C:\sqmnoopt08.sqm
  2007-11-26 12:55 . 2007-11-26 12:55 268 –ah—– C:\sqmdata07.sqm
  2007-11-26 12:55 . 2007-11-26 12:55 244 –ah—– C:\sqmnoopt07.sqm
  2007-11-25 12:08 . 2007-11-25 12:08 268 –ah—– C:\sqmdata06.sqm
  2007-11-25 12:08 . 2007-11-25 12:08 244 –ah—– C:\sqmnoopt06.sqm
  2007-11-24 14:19 . 2007-11-24 14:19 268 –ah—– C:\sqmdata05.sqm
  2007-11-24 14:19 . 2007-11-24 14:19 244 –ah—– C:\sqmnoopt05.sqm
  2007-11-24 12:41 . 2007-11-24 12:41 268 –ah—– C:\sqmdata04.sqm
  2007-11-24 12:41 . 2007-11-24 12:41 244 –ah—– C:\sqmnoopt04.sqm
  2007-11-18 17:41 . 2007-11-18 17:41 <DIR> d——– C:\Documents and Settings\Ifi\WINDOWS
  2007-11-18 17:41 . 1996-07-18 13:06 297,472 –a—— C:\WINDOWS\uninst.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-12 16:13 ——— d—–w C:\Program Files\Hitman Pro
  2007-12-11 20:15 ——— d—–w C:\Program Files\Spyware Doctor
  2007-12-11 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-12-11 18:36 ——— d—–w C:\Program Files\SpywareBlaster
  2007-12-11 18:24 79,688 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-12-11 18:24 62,280 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-12-11 18:24 41,288 —-a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-12-11 18:24 29,000 —-a-w C:\WINDOWS\system32\drivers\kcom.sys
  2007-12-10 20:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-12-10 20:09 ——— d—–w C:\Program Files\Azureus
  2007-12-10 20:00 774 —-a-w C:\Documents and Settings\Ifi\Application Data\wklnhst.dat
  2007-11-18 16:42 ——— d—–w C:\Program Files\Java
  2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
  2007-11-04 14:39 ——— d—–w C:\Program Files\Jasc Software Inc
  2007-10-31 17:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
  2007-10-31 16:14 ——— d—–w C:\Program Files\Windows Live
  2007-10-31 16:14 ——— d—–w C:\Program Files\MSN Messenger
  2007-10-31 16:14 ——— d—–w C:\Program Files\Messenger Plus! Live
  2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
  2007-10-28 13:59 ——— d—–w C:\Program Files\Image-Line
  2007-10-28 13:53 ——— d—–w C:\Program Files\VstPlugins
  2007-10-28 11:46 ——— d—–w C:\Program Files\Google
  2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
  2007-10-17 17:23 10,752 —-a-w C:\WINDOWS\system32\WhoisCL.exe
  2007-09-24 17:32 164 —-a-w C:\install.dat
  2007-09-08 13:11 58,280 —-a-w C:\Documents and Settings\Ifi\Application Data\GDIPFONTCACHEV1.DAT
  2004-10-01 13:00 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
  2007-09-03 16:22 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
  2007-08-20 08:24 16,384 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
  2007-08-20 08:15 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007081320070820\index.dat
  2007-09-03 08:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007082020070827\index.dat
  2007-09-03 08:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007090320070904\index.dat
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
  "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
  "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
  "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
  "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 02:51 C:\WINDOWS\RTHDCPL.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
  "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 14:23]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
  "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-24 17:16]
  "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 13:41]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
  avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
  @=""

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
  @=""


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
  \Shell\AutoRun\command - Info.exe folder.htt 480 480

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940000a-4a70-11dc-922f-806d6172696f}]
  \Shell\AutoRun\command - E:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

  *Newly Created Service* - CATCHME
  *Newly Created Service* - PROCEXP90
  .
  **************************************************************************

  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-12 17:50:06
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-12 17:50:38
  .
  2007-12-12 13:30:34 — E O F —
 • dat van hieboven is van combofix en dit is dan de nieuwste hijack log

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:43:50, on 12-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187091868468
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


  End of file - 7317 bytes
 • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
  [b:6b45430a4d]
  File::
  C:\WINDOWS\system32\sprt_ads.dll
  [/b:6b45430a4d]
  Sla dit op op je Bureaublad als [b:6b45430a4d]CFScript.txt[/b:6b45430a4d]

  Sleep [b:6b45430a4d]CFScript.txt[/b:6b45430a4d] in [b:6b45430a4d]ComboFix.exe[/b:6b45430a4d] zoals getoond in onderstaand voorbeeld :

  [img:6b45430a4d]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6b45430a4d]

  Dit zal [b:6b45430a4d]ComboFix[/b:6b45430a4d] doen herstarten.
  Start opnieuw op als daarom gevraagd wordt,
  en post de inhoud van de [b:6b45430a4d]Combofix.txt[/b:6b45430a4d] in je volgende antwoord
 • ComboFix 07-12-12.3 - Ifi 2007-12-13 12:31:38.2 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.142 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Ifi\Bureaublad\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Ifi\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt

  FILE
  C:\WINDOWS\system32\sprt_ads.dll
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\WINDOWS\system32\sprt_ads.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))
  .

  2007-12-12 18:03 . 2007-12-12 18:03 <DIR> d——– C:\Documents and Settings\Ifi\Application Data\SampleView
  2007-12-11 19:48 . 2007-12-11 19:48 <DIR> d——– C:\Documents and Settings\Ifi\Application Data\Lavasoft
  2007-12-11 19:31 . 2007-12-11 19:31 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
  2007-12-11 19:31 . 2007-12-11 19:31 298,104 –a—— C:\WINDOWS\system32\imon.dll
  2007-12-11 19:31 . 2007-12-11 19:31 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
  2007-12-11 19:29 . 2007-12-11 19:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
  2007-12-11 19:21 . 2007-12-11 19:21 <DIR> d——– C:\Documents and Settings\Ifi\Application Data\Webroot
  2007-12-10 19:32 . 2007-12-10 19:32 268 –ah—– C:\sqmdata09.sqm
  2007-12-10 19:32 . 2007-12-10 19:32 244 –ah—– C:\sqmnoopt09.sqm
  2007-11-26 15:23 . 2007-11-26 15:23 268 –ah—– C:\sqmdata08.sqm
  2007-11-26 15:23 . 2007-11-26 15:23 244 –ah—– C:\sqmnoopt08.sqm
  2007-11-26 12:55 . 2007-11-26 12:55 268 –ah—– C:\sqmdata07.sqm
  2007-11-26 12:55 . 2007-11-26 12:55 244 –ah—– C:\sqmnoopt07.sqm
  2007-11-25 12:08 . 2007-11-25 12:08 268 –ah—– C:\sqmdata06.sqm
  2007-11-25 12:08 . 2007-11-25 12:08 244 –ah—– C:\sqmnoopt06.sqm
  2007-11-24 14:19 . 2007-11-24 14:19 268 –ah—– C:\sqmdata05.sqm
  2007-11-24 14:19 . 2007-11-24 14:19 244 –ah—– C:\sqmnoopt05.sqm
  2007-11-24 12:41 . 2007-11-24 12:41 268 –ah—– C:\sqmdata04.sqm
  2007-11-24 12:41 . 2007-11-24 12:41 244 –ah—– C:\sqmnoopt04.sqm
  2007-11-18 17:41 . 2007-11-18 17:41 <DIR> d——– C:\Documents and Settings\Ifi\WINDOWS
  2007-11-18 17:41 . 1996-07-18 13:06 297,472 –a—— C:\WINDOWS\uninst.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-13 11:18 ——— d—–w C:\Program Files\Hitman Pro
  2007-12-12 17:01 774 —-a-w C:\Documents and Settings\Ifi\Application Data\wklnhst.dat
  2007-12-11 20:15 ——— d—–w C:\Program Files\Spyware Doctor
  2007-12-11 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-12-11 18:36 ——— d—–w C:\Program Files\SpywareBlaster
  2007-12-11 18:24 79,688 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-12-11 18:24 62,280 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-12-11 18:24 41,288 —-a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-12-11 18:24 29,000 —-a-w C:\WINDOWS\system32\drivers\kcom.sys
  2007-12-10 20:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-12-10 20:09 ——— d—–w C:\Program Files\Azureus
  2007-11-18 16:42 ——— d—–w C:\Program Files\Java
  2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
  2007-11-04 14:39 ——— d—–w C:\Program Files\Jasc Software Inc
  2007-10-31 17:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
  2007-10-31 16:14 ——— d—–w C:\Program Files\Windows Live
  2007-10-31 16:14 ——— d—–w C:\Program Files\MSN Messenger
  2007-10-31 16:14 ——— d—–w C:\Program Files\Messenger Plus! Live
  2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
  2007-10-28 13:59 ——— d—–w C:\Program Files\Image-Line
  2007-10-28 13:53 ——— d—–w C:\Program Files\VstPlugins
  2007-10-28 11:46 ——— d—–w C:\Program Files\Google
  2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
  2007-10-17 17:23 10,752 —-a-w C:\WINDOWS\system32\WhoisCL.exe
  2007-09-24 17:32 164 —-a-w C:\install.dat
  2007-09-08 13:11 58,280 —-a-w C:\Documents and Settings\Ifi\Application Data\GDIPFONTCACHEV1.DAT
  2004-10-01 13:00 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
  2007-09-03 16:22 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
  2007-08-20 08:24 16,384 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
  2007-08-20 08:15 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007081320070820\index.dat
  2007-09-03 08:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007082020070827\index.dat
  2007-09-03 08:25 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007090320070904\index.dat
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
  "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
  "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
  "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
  "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 02:51 C:\WINDOWS\RTHDCPL.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
  "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 14:23]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
  "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-24 17:16]
  "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 13:41]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
  avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
  @=""

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
  @=""


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
  \Shell\AutoRun\command - E:\Info.exe folder.htt 480 480

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
  \Shell\AutoRun\command - Info.exe folder.htt 480 480

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940000a-4a70-11dc-922f-806d6172696f}]
  \Shell\AutoRun\command - E:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0241e30-5a4c-11dc-8c8e-003005f6218b}]
  \Shell\AutoRun\command - E:\Info.exe folder.htt 480 480

  .
  **************************************************************************

  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-13 12:32:48
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-13 12:33:14
  C:\ComboFix2.txt … 2007-12-12 17:50
  .
  2007-12-12 13:30:34 — E O F —


  dit is de nieuwste
  hopelijk kun je me verder helpen
  alvast bedankt
 • Ga naar start –> configuratiescherm –> software en verwijder daar:
  [b:603f2bf468]Hitman Pro[/b:603f2bf468], inclusief al zijn trail onderdelen, NOD32 etc.

  Herstart vervolgens je PC en plaats een Hijackthis log ter controle.

  Hoe is het met je problemen?
  Pim
 • Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:52:24, on 13-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187091868468
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe


  End of file - 6804 bytes


  dit is de nieuwste scan maar de pc is wel eeen beetje sneller geworden maar niet egt snel zoals i hoort te zijn .
 • Ik zie nog steeds twee anti virusscanners in je logfile staan, Panda en NOD32. Maak een keuze tussen een van de twee en verwijder de andere via configuratiescherm –> software.

  Verwijder deze map, indien aanwezig:
  C:\Program Files\[b:92f3c7d7f1]Hitman Pro[/b:92f3c7d7f1]

  Herstart je PC en post een nieuw Hijackthis logje. :wink:
 • Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:08:23, on 13-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187091868468
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
  O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
  O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe


  End of file - 6813 bytes
 • Dat is al beter. Panda staat er om bekend dat het een vertragende factor is, omdat het
  een erg groot en uitgebreid pakket is. Hoeveel ram (werkgeheugen) heb je in deze PC zitten?

  Verwijder Combofix:
  Ga naar start –> uitvoeren en typ daar: [b:27fff25168]Combofix /u[/b:27fff25168]
  Bevestig dit met enter.
  dit zal Combofix verwijderen en je systeemherstel wordt schoongemaakt.

  Download ATF Cleaner ( van Atribune)

  Dubbelklik op [b:27fff25168]ATF cleaner[/b:27fff25168] om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
  Klik op de knop Empty Selected.

  Gebruik je ook [b:27fff25168]Firefox[/b:27fff25168] als browser:

  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit verwijdert het vinkje bij "Firefox saved passwords";)
  Klik op de knop Empty Selected.

  Gebruik je ook [b:27fff25168]Opera[/b:27fff25168] als browser:

  Klik op tabblad "Opera", plaats een vinkje bij Select All.
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop Empty Selected.

  Ga naar het tabblad "Main" en klik op de knop [b:27fff25168]Exit[/b:27fff25168] om het programma af te sluiten.

  hoe is het met je problemen?

  Pim :)
 • het probleem is al aardig verholpen maar toch heb ik het idee dat i wat trager is dan het hoort
  weet jij mss wat ik nog kan doen
  bednkt voor de hulp trouwens tot nu toe
 • Defragmenteer je computer eens, bijvoorkeur in veilige modus:

  Start je computer op in veilige modus:
  http://users.telenet.be/marcvn/spyware/1378056.htm

  Ga naar start –> alle programma's –> bureau accessoires –> systeemwerkset –> schijfdefragmentatie.

  Herstart je computer terug in veilige modus en kijk of je probleem is opgelost. Let wel, dit kan wel een hele tijd duren wanneer je niet regelmatig defragmenteert.

  Succes!

  Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.