Trojan

**smeenk** · 04-04-08, 09:42

Klopt, ik had hem van iemand anders overgenomen en die link bleek verouderd te zijn.
Mijn vorige post heb ik even aangepast, link moet nu werken

**schijndel100** · 04-04-08, 12:10

hierbij het gevraagde file

C:\Documents and Settings\hans\Local Settings\Temp\~nsu.tmp moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\_avast4_ moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\WZSE0.TMP moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\WPDNSE moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\VBE moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\OIS\temp moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\OIS\cacheFiles moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\OIS moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision\MenuTemplates\Pictures moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision\MenuTemplates moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero CoverDesigner\Templates moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero CoverDesigner moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.log\log moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nro.log moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\Nero\NPS moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\Nero moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\7.10.1.2_7.03.0637_13842 moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Patches\C11650C20FBF_00883F1BA365 moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Patches moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Setup moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist\DirectX moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist\Config moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Cab moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7 moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Nero Web moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Excel8.0 moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Babylon\link_files moved successfully.
C:\Documents and Settings\hans\Local Settings\Temp\Babylon moved successfully.
Folder move failed. C:\Documents and Settings\hans\Local Settings\Temp scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_123856

Files moved on Reboot...
C:\Documents and Settings\hans\Local Settings\Temp moved successfully.

gr schijndel100

**smeenk** · 04-04-08, 12:22

Nu zou dat bestand ook weg moeten zijn?

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**schijndel100** · 04-04-08, 13:24

hallo heb gedaan wat gevraagd werdt
hierbij de logfile van Deckard system scanner

Deckard's System Scanner v20071014.68
Run by hans on 2008-04-04 14:05:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
67: 2008-04-04 12:05:56 UTC - RP376 - Deckard's System Scanner Restore Point
66: 2008-04-03 20:30:45 UTC - RP375 - Verwijderd Logitech Desktop Messenger
65: 2008-04-02 19:42:33 UTC - RP374 - Removed Ad-Aware 2007
64: 2008-04-02 10:29:01 UTC - RP373 - Controlepunt van systeem
63: 2008-03-29 19:04:09 UTC - RP372 - Installed Ad-Aware 2007

-- First Restore Point --
1: 2008-01-04 08:12:16 UTC - RP310 - Installed ITEDO IsoView 5

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-04 14:09:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\program files hans\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Babylon\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\snmp.exe
D:\program files hans\KeePass Password Safe\KeePass.exe
C:\WINDOWS\system32\svchost.exe
D:\program files hans\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\program files hans\MSGTAG\MSGTAG.exe
D:\program files hans\birthday\Birthday.exe
D:\program files hans\PopTray 3.03\PopTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\hans\Bureaublad\dss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\program files hans\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\program files hans\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Birthday.lnk = ?
O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - (file missing)
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - (file missing)
O15 - Trusted Zone: https://estim.citroen.com (HKCU)
O15 - Trusted Zone: https://networkservice.citroen.com (HKCU)
O15 - Trusted Zone: http://public.service.citroen.com (HKCU)
O15 - Trusted Zone: http://service.citroen.com (HKCU)
O15 - Trusted Zone: https://service.citroen.com (HKCU)
O15 - Trusted Zone: http://estim.citroen.inetpsa.com (HKCU)
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com (HKCU)
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com (HKCU)
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com (HKCU)
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com (HKCU)
O15 - Trusted Zone: http://service.citroen.inetpsa.com (HKCU)
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com (HKCU)
O15 - Trusted Zone: https://estim.peugeot.com (HKCU)
O15 - Trusted Zone: http://public.servicebox.peugeot.com (HKCU)
O15 - Trusted Zone: https://servicebox.peugeot.com (HKCU)
O15 - Trusted Zone: https://www.infotec.peugeot.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13325 bytes

-- HijackThis Fixed Entries (D:\program files hans\Hijack This\backups\) -------

backup-20080402-230412-258 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080402-231055-494 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-165641-168 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-165718-550 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-211250-263 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-212126-718 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-212448-323 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
backup-20080403-222245-435 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 MA1908Driver - c:\windows\system32\drivers\ma1908.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 uir1100a - c:\windows\system32\drivers\uir1100a.sys <Not Verified; UIR1000; UIR1000>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BTCOMM - c:\windows\system32\drivers\btcomm.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTKRNBDG (Bluetooth COM Bridge) - c:\windows\system32\drivers\btkrnbdg.sys (file missing)
S3 catchme - c:\docume~1\hans\locals~1\temp\catchme.sys (file missing)
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vad_multi (Windigo Virtual Audio Device (WDM)) - c:\windows\system32\drivers\vadmulti.sys (file missing)
S3 wanusb (HM121dp USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodata Limited License Service - "c:\program files\common files\autodata limited shared\service\adcdlicsvc.exe" <Not Verified; Autodata Limited; Autodata Limited License Service>
R2 BlueSoleil Hid Service - d:\program files hans\bluetoot-infrarood adapter\btntservice.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&78
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&78
Service: rtl8139

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications-controller
Device ID: PCI\VEN_127A&DEV_1034&SUBSYS_00025214&REV_08\3&61AAA01&0&80
Manufacturer:
Name: PCI Simple Communications-controller
PNP Device ID: PCI\VEN_127A&DEV_1034&SUBSYS_00025214&REV_08\3&61AAA01&0&80
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300 Hans
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-04-02 19:00:00 420 --a------ C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job
2008-03-28 15:16:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 09:59:53 9296 --a------ C:\WINDOWS\system32\fbulri.exe
2008-04-03 23:12:04 9296 --a------ C:\WINDOWS\system32\suvhhj.exe
2008-04-03 21:25:44 9296 --a------ C:\WINDOWS\system32\aoizwn.exe
2008-04-03 19:17:40 9296 --a------ C:\WINDOWS\system32\khrvit.exe
2008-04-03 15:45:30 0 d-------- C:\WINDOWS\ERUNT
2008-04-03 15:42:21 0 dr------- C:\Documents and Settings\Administrator\Favorieten
2008-04-03 15:42:20 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-03 15:42:20 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-03 15:42:12 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-03 15:42:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 15:42:12 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-03 15:42:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 15:42:12 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 15:42:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 15:42:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 15:42:11 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-03 14:12:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-04-03 14:12:28 0 d-------- C:\Program Files\Babylon
2008-04-03 14:06:06 0 d-------- C:\Documents and Settings\hans\Application Data\Babylon
2008-04-03 11:15:37 0 d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
2008-04-02 21:15:24 0 dr-h----- C:\Documents and Settings\hans\Onlangs geopend
2008-04-02 20:18:24 9296 --a------ C:\WINDOWS\system32\yfhrof.exe
2008-03-31 10:49:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 10:44:35 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-30 19:23:17 49728 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-30 10:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 19:28:35 0 d-------- C:\Program Files\Safari
2008-03-14 22:32:36 0 d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
2008-03-14 22:32:25 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-14 22:31:39 0 d-------- C:\Program Files\AVS4YOU
2008-03-14 22:30:40 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-14 22:29:34 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-14 22:29:34 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-14 22:29:33 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>

-- Find3M Report ---------------------------------------------------------------

2008-04-03 22:30:32 0 d-------- C:\Program Files\Logitech
2008-04-03 15:17:38 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-04-03 14:43:22 0 d-------- C:\Program Files\Packard Bell Data Secure
2008-04-02 21:42:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 23:10:41 0 d-------- C:\Documents and Settings\hans\Application Data\U3
2008-03-31 10:50:12 531526 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-31 10:50:12 106314 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-31 10:44:35 0 d-------- C:\Program Files\Common Files
2008-03-28 19:33:11 0 d-------- C:\Documents and Settings\hans\Application Data\Apple Computer
2008-03-19 19:41:20 0 d-------- C:\Program Files\Java
2008-03-14 22:40:39 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 14:13:29 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-01 12:45:57 0 d-------- C:\Program Files\iTunes
2008-03-01 12:45:36 0 d-------- C:\Program Files\iPod
2008-02-27 21:34:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-22 00:05:05 0 d-------- C:\Program Files\Microsoft Rekenmachine Plus
2008-02-21 10:15:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-17 23:58:01 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-17 20:54:51 0 d-------- C:\Documents and Settings\hans\Application Data\NCH Swift Sound
2008-02-17 11:03:33 3443 --a------ C:\WINDOWS\unins000.dat
2008-02-17 11:02:23 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-08 09:25:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-07 18:01:42 0 d-------- C:\Documents and Settings\hans\Application Data\InstallShield

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [09/05/2005 10:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 15:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [20/05/2005 13:22]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [06/08/2001 20:03]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"NWEReboot"=""

"Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [27/06/2005 16:36]
"Flash Media"="C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe"

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [02/01/2006 14:04]
"Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [08/07/2006 10:57]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 17:14]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe"

"MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [16/09/2003 15:09]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Picasa Media Detector"=D:\program files hans\Picasa2\PicasaMediaDetector.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
Birthday.lnk - D:\program files hans\birthday\Birthday.exe [24/09/2003 3:40:00]
PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [16/09/2006 15:01:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix' '.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
AutoRun\command- K:\InstallTomTomHOME.exe

-- End of Deckard's System Scanner: finished at 2008-04-04 14:10:53 ------------

gr schijndel100

**schijndel100** · 04-04-08, 13:25

heb hier nog een logje van Deckards scan

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: AMD Athlon(tm) Processor
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1015.49 MiB / 583.4 MiB
Pagefile Memory (total/avail): 3481.87 MiB / 3177.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.71 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 79.59 GiB total, 32.76 GiB free.
D: is Fixed (NTFS) - 29.23 GiB total, 26.72 GiB free.
E: is Fixed (NTFS) - 26.19 GiB total, 25.37 GiB free.
F: is Fixed (NTFS) - 17.65 GiB total, 17.58 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 152.66 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 79.59 GiB - C:
\PARTITION1 - Uitgebreide partitie - 73.07 GiB - D: - E: - F:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1169 [VPS 080404-0] v4.7.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\program files hans\\iTunes.exe"="D:\\program files hans\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"="D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\\program files hans\\LimeWire\\LimeWire.exe"="D:\\program files hans\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\program files hans\\MSGTAG\\MSGTAG.exe"="D:\\program files hans\\MSGTAG\\MSGTAG.exe:*:Enabled:MSGTAG"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe:*:Enabled:mcoinstall"
"D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"D:\\program files hans\\PopTray 3.03\\PopTray.exe"="D:\\program files hans\\PopTray 3.03\\PopTray.exe:*:Enabled:PopTray"
"D:\\program files hans\\SPAMfighter\\SPAMCFG.exe"="D:\\program files hans\\SPAMfighter\\SPAMCFG.exe:*:Enabled:SPAMCFG"
"D:\\program files hans\\SPAMfighter\\SFAgent.exe"="D:\\program files hans\\SPAMfighter\\SFAgent.exe:*:Enabled:SFAgent"
"D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"="D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe:*:Enabled:script-fu"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\\program files hans\\Shareaza\\Shareaza.exe"="D:\\program files hans\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\support.com\\KPN\\hcenter.exe"="C:\\Program Files\\support.com\\KPN\\hcenter.exe:*:Enabled:Starten ADSL Support Wizard"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
"D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"="D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"="C:\\DOCUME~1\\hans\\LOCALS~1\\T emp\\vaanéé£'£'%''msn'è%'fix''.exe:*:Enabled:Flash Media"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\hans\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DING
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\hans
LANG=nl
LOGONSERVER=\\DING
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;D:\program files hans\2.0\bin;D:\program files hans\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\hans\LOCALS~1\Temp
TMP=C:\DOCUME~1\hans\LOCALS~1\Temp
USERDOMAIN=DING
USERNAME=hans
USERPROFILE=C:\Documents and Settings\hans
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

hans (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aangifte inkomstenbelasting 2007 --> D:\program files hans\Belastingdienst\2007\ib2007u.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adres 2000 --> C:\WINDOWS\uninst.exe -f"d:\program files hans\adres2000\DeIsL3.isu" -cd:\PROGRA~1\ADRES2~1\_ISREG32.DLL
Adres 2000 Version 1.8 --> "D:\program files hans\Adres2000\Adres 2000\unins000.exe"
ADSL Support Wizard --> MsiExec.exe /X{1066E724-271D-404F-B6EB-F0FF7B3ACD36}
AM-DeadLink 2.8.1 --> "D:\program files hans\AM-DeadLink\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babylon --> C:\Program Files\Babylon\Utils\uninstbb.exe
Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926247) --> "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB939373) --> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB942830) --> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB942831) --> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Birthday --> "D:\program files hans\Birthday\unins000.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x13
Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "D:\program files hans\CCleaner\uninst.exe"
CdCoverCreator v.2.5 --> D:\program files hans\CdCoverCreator\uninstall.exe
dBPowerAMP AIFF codec r4 --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP AIFF codec r4.dat
dBpowerAMP iTunes Encode --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP iTunes Encode.dat
dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpowerAMP Nero Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DriverMax 2.4 --> "D:\program files hans\DriverMax\unins000.exe"
DVD Decrypter (Remove Only) --> "D:\program files hans\DVD Decrypter\uninstall.exe"
eCover 1.0.6 --> "D:\program files hans\eCover\unins001.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVEREST Home Edition v1.51 --> "D:\EVEREST Home Edition\unins000.exe"
freeCommander 2005.09a --> "D:\program files hans\freeCommander2005\unins000.exe"
Gadwin PrintScreen --> D:\program files hans\PrintScreen\Uninstall.exe
Gigaset USB Adapter 108 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{031BDDC8-B6CD-4074-9D50-F92B648E7B92}\Setup.exe" -l0x13
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTK+ 2.6.9 runtime environment --> "D:\program files hans\2.0\unins000.exe"
hcc!hulp pc-ok! v2.1.0.0 --> "C:\Program Files\hcchulp\ClientAgent\unins000.exe"
HEMA Online Fotoservice --> MsiExec.exe /I{B3953D3B-1550-4D8E-879B-0E184BFF3CB9}
HijackThis 2.0.0 --> "C:\Documents and Settings\hans\Bureaublad\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IrfanView (remove only) --> D:\program files hans\irfan view\iv_uninstall.exe
ITEDO IsoView 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCB873D5-94BD-4ADC-B80A-A3B381D7E8FA}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
iView Catalog Reader (remove only) --> D:\program files hans\iView Catalog Reader\Uninst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.53 Basic --> "D:\program files hans\K-Lite Codec Pack\unins000.exe"
KeePass Password Safe 1.04 --> "D:\program files hans\KeePass Password Safe\unins000.exe"
KPN SMS mail --> D:\KPN SMS mail\Uninstall.exe
LimeWire 4.16.6 --> "D:\program files hans\LimeWire\uninstall.exe"
Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x13
Logitech® Camera-stuurprogramma --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Medisana BPA 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1D3F3DAE-D427-45B1-8465-A21D37274C9A}
Messenger-Control plug-in for Ad-Aware SE --> D:\PROGRA~1\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE D:\PROGRA~1\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Creation Wizard --> MsiExec.exe /I{39B1915D-3CBA-42F8-8A58-2AB5587BF863}
Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (Nederlands) --> MsiExec.exe /I{90520413-6000-11D3-8CFE-0150048383C9}
Microsoft Rekenmachine Plus --> MsiExec.exe /I{7852F4B3-4647-4161-8FCF-637B0DF8C4A7}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSGTAG --> "D:\program files hans\MSGTAG\unins000.exe"
MSN Megapack 1 --> "C:\WINDOWS\MSN Megapack 1\uninstall.exe" "/U

:\program files hans\MSN WINKS\Uninstall\uninstall.xml"
Nero 7 Premium --> MsiExec.exe /I{2D71D4CA-1108-4BD4-AFC9-42594F671043}
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG="1043"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{57CEA991-6F11-4E7E-B67C-2F02168CED6B}
Nuria 3.3 --> "D:\program files hans\Nuria\unins000.exe"
Nvu 1.0 --> "D:\program files hans\Nvu\unins000.exe"
Offline Rekening Overzicht --> MsiExec.exe /I{9A09EC10-3856-45B4-8C9E-465CF0D36AA1}
Offline Rekening Overzicht --> MsiExec.exe /I{E1CCDB78-DC5A-46EA-80B4-7D2C7C6FF6E9}
Packard Bell Data Secure --> C:\Program Files\Packard Bell Data Secure\Uninstall.exe
Partitie-Expert --> D:\program files hans\partitie expert\MediaBuilder.exe -uninstall
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Philips Intelligent Agent --> "D:\program files hans\Philips Intelligent Agent\Uninst\unins000.exe"
Photo Story 3 voor Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PhotoFiltre --> "D:\program files hans\PhotoFiltre\Uninst.exe"
Picasa 2 --> "D:\program files hans\Picasa2\Uninstall.exe"
PopTray 3.20 --> D:\program files hans\PopTray 3.03\Uninstall.exe
PopTray Hotmail Plug-in --> D:\program files hans\PopTray 3.03\Plugins\UninstallHotmail.exe
Prism --> C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
save2pc Light 3.23 --> "D:\program files hans\save2pc\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shareaza versie 2.2.1.0 --> "D:\program files hans\Shareaza\Uninstall\unins000.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SyncBack --> "D:\program files hans\SyncBack\unins000.exe"
Telefoongids Zoekbalk 1.0.1 Build 291 --> D:\program files hans\De Telefoongids Zoekbalk\uninst.exe
The GIMP 2.2.13 --> "D:\program files hans\GIMP-2.0\unins000.exe"
TomTom HOME --> D:\program files hans\TomTom Home\TomTom HOME 2\Uninstall TomTom HOME.exe
Trust Easy Connect 9600 Plus v1.51 --> C:\WINDOWS\twain_32\A4CIS\UNINST.EXE
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
U.R.Celeb 2.02 --> D:\program files hans\U.R.Celeb\uninst.exe
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Windows-stuurprogrammapakket - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type14465 / Error
Event Submitted/Written: 04/04/2008 00:59:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

Event Record #/Type14464 / Error
Event Submitted/Written: 04/04/2008 00:59:31 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fout-bucket 489835561.
De uitwisseling van de WEP-sleutel resulteerde na de 802.1x-verificatie niet in een beveiligde verbinding. De huidige instelling is niet geldig en de draadloze verbinding wordt verbroken.

Event Record #/Type14463 / Error
Event Submitted/Written: 04/04/2008 00:59:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

Event Record #/Type14462 / Error
Event Submitted/Written: 04/04/2008 00:59:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

Event Record #/Type14459 / Warning
Event Submitted/Written: 04/04/2008 00:49:49 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Kan parameter TraceLevel niet vinden in het register.
Het gebruikte standaardtraceerniveau is 32.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type137180 / Error
Event Submitted/Written: 04/04/2008 01:00:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type137179 / Error
Event Submitted/Written: 04/04/2008 00:59:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type137178 / Error
Event Submitted/Written: 04/04/2008 00:59:28 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type137177 / Error
Event Submitted/Written: 04/04/2008 00:59:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type137176 / Error
Event Submitted/Written: 04/04/2008 00:58:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

-- End of Deckard's System Scanner: finished at 2008-04-04 14:10:53 ------------

gr schijndel100

**smeenk** · 04-04-08, 13:47

Kan je deze regels nu verwijderen met Hijackthis?:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

**schijndel100** · 04-04-08, 17:05

heb alles gedaan zoals gevraagd maar heb twee regels kunnen verwijderen die ene f2 niet
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:03:13, on 4/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\program files hans\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Babylon\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
D:\program files hans\KeePass Password Safe\KeePass.exe
C:\WINDOWS\system32\svchost.exe
D:\program files hans\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\program files hans\MSGTAG\MSGTAG.exe
D:\program files hans\birthday\Birthday.exe
D:\program files hans\PopTray 3.03\PopTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\program files hans\Hijack This\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O15 - Trusted Zone: http://public.service.citroen.com
O15 - Trusted Zone: http://service.citroen.com
O15 - Trusted Zone: http://estim.citroen.inetpsa.com
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://service.citroen.inetpsa.com
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10727 bytes

**smeenk** · 04-04-08, 17:28

Download Combofix eens en maak daar een logje mee, post dat in je volgende bericht.

**schijndel100** · 04-04-08, 19:15

heb combifix geprobeerd
hier het logje
ComboFix 08-04-03.5 - hans 2008-04-04 20:06:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.534 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\hans\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\UpMedia

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))
.

2008-04-04 14:05 . 2008-04-04 14:05 <DIR> d-------- C:\Deckard
2008-04-04 12:38 . 2008-04-04 12:38 <DIR> d-------- C:\_OTMoveIt
2008-04-04 09:59 . 2008-04-04 09:59 9,296 --a------ C:\WINDOWS\system32\fbulri.exe
2008-04-03 23:12 . 2008-04-03 23:12 9,296 --a------ C:\WINDOWS\system32\suvhhj.exe
2008-04-03 21:25 . 2008-04-03 21:25 9,296 --a------ C:\WINDOWS\system32\aoizwn.exe
2008-04-03 19:17 . 2008-04-03 19:17 9,296 --a------ C:\WINDOWS\system32\khrvit.exe
2008-04-03 15:45 . 2008-04-03 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 15:42 . 2007-03-04 14:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-03 15:42 . 2005-09-03 19:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
2008-04-03 15:42 . 2008-04-04 20:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Program Files\Babylon
2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-04-03 14:06 . 2008-04-03 14:19 <DIR> d-------- C:\Documents and Settings\hans\Application Data\Babylon
2008-04-03 11:15 . 2008-04-03 11:15 <DIR> d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
2008-04-02 21:15 . 2008-04-04 18:07 <DIR> dr-h----- C:\Documents and Settings\hans\Onlangs geopend
2008-04-02 20:18 . 2008-04-02 20:18 9,296 --a------ C:\WINDOWS\system32\yfhrof.exe
2008-04-01 17:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 17:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 10:49 . 2008-03-31 19:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 10:44 . 2008-03-31 10:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-31 10:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-30 19:23 . 2008-03-30 19:23 49,728 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-30 10:52 . 2008-03-30 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 21:04 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 19:28 . 2008-03-28 19:29 <DIR> d-------- C:\Program Files\Safari
2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-14 22:31 . 2008-03-14 22:35 <DIR> d-------- C:\Program Files\AVS4YOU
2008-03-14 22:30 . 2008-03-14 22:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:30 --------- d-----w C:\Program Files\Logitech
2008-04-03 12:43 --------- d-----w C:\Program Files\Packard Bell Data Secure
2008-04-02 19:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 21:10 --------- d-----w C:\Documents and Settings\hans\Application Data\U3
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 17:33 --------- d-----w C:\Documents and Settings\hans\Application Data\Apple Computer
2008-03-19 17:41 --------- d-----w C:\Program Files\Java
2008-03-01 10:45 --------- d-----w C:\Program Files\iTunes
2008-03-01 10:45 --------- d-----w C:\Program Files\iPod
2008-02-27 19:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-21 22:05 --------- d-----w C:\Program Files\Microsoft Rekenmachine Plus
2008-02-21 08:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 21:58 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-17 18:54 --------- d-----w C:\Documents and Settings\hans\Application Data\NCH Swift Sound
2008-02-17 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 09:02 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-08 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 16:01 --------- d-----w C:\Documents and Settings\hans\Application Data\InstallShield
2007-01-14 09:25 299 ------w C:\Documents and Settings\hans\Application Data\internaldb1942.dat
2004-05-24 07:35 86,016 ----a-w C:\Program Files\mozilla firefox\plugins\IvInstHelper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [2006-01-02 14:04 584704]
"Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [2003-09-16 15:09 1320448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [2005-05-09 10:46 1019904]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-05-20 13:22 1757184]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"NWEReboot"=""

"Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2005-06-27 16:36 2433086]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"Picasa Media Detector"="D:\program files hans\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
Birthday.lnk - D:\program files hans\birthday\Birthday.exe [2003-09-24 03:40:00 955392]
PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [2006-09-16 15:01:16 1666048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.WMV3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"=
"D:\\program files hans\\LimeWire\\LimeWire.exe"=
"D:\\program files hans\\MSGTAG\\MSGTAG.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"=
"D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"D:\\program files hans\\PopTray 3.03\\PopTray.exe"=
"D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\program files hans\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\support.com\\KPN\\hcenter.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 16:40]
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 22:51]
R3 uir1100a;UIR1100A;C:\WINDOWS\system32\DRIVERS\uir1100a.sys [2004-12-01 09:43]
S2 HidCom;USB-HID -> COM Driver Service;C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 11:47]
S3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys

S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys

S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-28 13:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 17:00:00 C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job"
- D:\program files hans\SyncBack\SyncBack.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 20:09:46
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

? [1764]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-04 20:10:59
ComboFix-quarantined-files.txt 2008-04-04 18:10:35
Pre-Run: 35,057,307,648 bytes beschikbaar
Post-Run: 35,044,458,496 bytes beschikbaar
.
2008-03-20 16:08:27 --- E O F ---

**schijndel100** · 04-04-08, 19:35

Hallo smeenk
ik probeer om OT movelt te verwijderen naar de prullebak maar dat gaat niet krijg dan dit te zien
zie bijlage
en combifix hoe dit te verwijderen ook naar de prullebak?

gr schijndel100

**smeenk** · 04-04-08, 22:01

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\fbulri.exe
C:\WINDOWS\system32\suvhhj.exe
C:\WINDOWS\system32\aoizwn.exe
C:\WINDOWS\system32\khrvit.exe
C:\WINDOWS\system32\yfhrof.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"=-

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

**schijndel100** · 05-04-08, 09:21

Hallo Smeenk
Gedaan wat je me vraagt maar alles was prima gegaan maar nadat combifix klaar was dan zie je heel even een logfile maar gaat direct over in een blauw scherm en komt dan als de pc herstart is niet meer terug.

**smeenk** · 05-04-08, 09:26

Draai Combofix eens opnieuw en kijk of er dan wel een nieuw logje opent.

**schijndel100** · 05-04-08, 09:40

nu heb ik combifix normaal gedraaid door er op te dubbelklikken niet dus het het txt log bestandje er naar toe gesleept
nu wel een logje
ComboFix 08-04-03.5 - hans 2008-04-05 10:29:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.625 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\hans\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
TimedOut: Windir.dat

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))
.

2008-04-04 22:21 . 2008-04-05 10:14 <DIR> dr-h----- C:\Documents and Settings\hans\Onlangs geopend
2008-04-04 12:38 . 2008-04-04 12:38 <DIR> d-------- C:\_OTMoveIt
2008-04-03 15:45 . 2008-04-03 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-03 15:42 . 2007-03-04 14:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-03 15:42 . 2005-09-03 19:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
2008-04-03 15:42 . 2008-04-04 20:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Program Files\Babylon
2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-04-03 14:06 . 2008-04-03 14:19 <DIR> d-------- C:\Documents and Settings\hans\Application Data\Babylon
2008-04-03 11:15 . 2008-04-03 11:15 <DIR> d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
2008-04-01 17:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 17:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 10:49 . 2008-03-31 19:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 10:44 . 2008-03-31 10:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-31 10:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-30 19:23 . 2008-03-30 19:23 49,728 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-30 10:52 . 2008-03-30 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 21:04 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 19:28 . 2008-03-28 19:29 <DIR> d-------- C:\Program Files\Safari
2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-14 22:31 . 2008-03-14 22:35 <DIR> d-------- C:\Program Files\AVS4YOU
2008-03-14 22:30 . 2008-03-14 22:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:30 --------- d-----w C:\Program Files\Logitech
2008-04-03 13:17 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-03 12:43 --------- d-----w C:\Program Files\Packard Bell Data Secure
2008-04-02 19:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 21:10 --------- d-----w C:\Documents and Settings\hans\Application Data\U3
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-28 17:33 --------- d-----w C:\Documents and Settings\hans\Application Data\Apple Computer
2008-03-19 17:41 --------- d-----w C:\Program Files\Java
2008-03-01 10:45 --------- d-----w C:\Program Files\iTunes
2008-03-01 10:45 --------- d-----w C:\Program Files\iPod
2008-02-27 19:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-21 22:05 --------- d-----w C:\Program Files\Microsoft Rekenmachine Plus
2008-02-21 08:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 21:58 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-17 18:54 --------- d-----w C:\Documents and Settings\hans\Application Data\NCH Swift Sound
2008-02-17 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 09:02 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-08 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 16:01 --------- d-----w C:\Documents and Settings\hans\Application Data\InstallShield
2007-01-14 09:25 299 ------w C:\Documents and Settings\hans\Application Data\internaldb1942.dat
2004-05-24 07:35 86,016 ----a-w C:\Program Files\mozilla firefox\plugins\IvInstHelper.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_20.10.14,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-04 10:53:39 224,528 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-05 08:17:22 224,517 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-05 08:13:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_708.dat
+ 2008-04-05 08:13:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_778.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [2006-01-02 14:04 584704]
"Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [2003-09-16 15:09 1320448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [2005-05-09 10:46 1019904]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-05-20 13:22 1757184]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"NWEReboot"=""

"Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2005-06-27 16:36 2433086]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"Picasa Media Detector"="D:\program files hans\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
Birthday.lnk - D:\program files hans\birthday\Birthday.exe [2003-09-24 03:40:00 955392]
PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [2006-09-16 15:01:16 1666048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.WMV3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"=
"D:\\program files hans\\LimeWire\\LimeWire.exe"=
"D:\\program files hans\\MSGTAG\\MSGTAG.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"=
"D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"D:\\program files hans\\PopTray 3.03\\PopTray.exe"=
"D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\program files hans\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\support.com\\KPN\\hcenter.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 16:40]
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 22:51]
R3 uir1100a;UIR1100A;C:\WINDOWS\system32\DRIVERS\uir1100a.sys [2004-12-01 09:43]
S2 HidCom;USB-HID -> COM Driver Service;C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 11:47]
S3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys

S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys

S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-28 13:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 17:00:00 C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job"
- D:\program files hans\SyncBack\SyncBack.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:33:17
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-05 10:34:35
ComboFix-quarantined-files.txt 2008-04-05 08:34:24
ComboFix2.txt 2008-04-05 08:03:06
ComboFix3.txt 2008-04-04 18:11:00
Pre-Run: 36,233,666,560 bytes beschikbaar
Post-Run: 36,222,099,456 bytes beschikbaar
.
2008-03-20 16:08:27 --- E O F ---

**smeenk** · 05-04-08, 09:47

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting folders>>log.txt
FOR %%I in (
C:\_OTMoveIt
C:\qoobox) DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**schijndel100** · 05-04-08, 10:45

hierbij hel logfile
Deleting folders
C:\_OTMoveIt deleted
C:\qoobox deleted

**smeenk** · 05-04-08, 10:47

Mooi zo

Post nu eens een logje van Hijackthis ter controle

**schijndel100** · 05-04-08, 10:57

volgens mij hebben we succes hierbij het logje

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:55:25, on 5/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
D:\program files hans\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Babylon\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files hans\KeePass Password Safe\KeePass.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\program files hans\MSGTAG\MSGTAG.exe
D:\program files hans\birthday\Birthday.exe
D:\program files hans\PopTray 3.03\PopTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\program files hans\Hijack This\HiJackThis_v2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
O15 - Trusted Zone: http://public.service.citroen.com
O15 - Trusted Zone: http://service.citroen.com
O15 - Trusted Zone: http://estim.citroen.inetpsa.com
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://service.citroen.inetpsa.com
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10561 bytes

**smeenk** · 05-04-08, 11:03

Dat was een taaie rakker

(ik ook

)

Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Druk daarna op OK.
Dit zal combofix verwijderen.
Let op: tussen Combofix en /u hoort een spatie te staan.

Dan mag je alle gebruikte programma's verwijderen

**schijndel100** · 05-04-08, 11:14

Hallo Smeenk
Ja dat was een taaie ik had het al opgegeven maar jij niet !!!!
Petje af voor de volhouder .
Ik had al een donatie gedaan maar zal er noch een doen omdat ik zo geweldig geholpen ben, hiervoor mijn hartelijke dank.

Gr schijndel100

Onderwerp: Trojan

Onderwerp Gereedschap

Zoek

trojan

trojan

trojan

trojan

trojan

trojan

trojan

trojan

trojan

trojan

Forum Rechten