SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Pagina 2 van de 3 EersteEerste 123 LaatsteLaatste
Resultaten 21 tot 40 van de 41

Onderwerp: Trojan

  1. #21
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Klopt, ik had hem van iemand anders overgenomen en die link bleek verouderd te zijn.
    Mijn vorige post heb ik even aangepast, link moet nu werken

  2. #22

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    hierbij het gevraagde file

    C:\Documents and Settings\hans\Local Settings\Temp\~nsu.tmp moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\_avast4_ moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\WZSE0.TMP moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\WPDNSE moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\VBE moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\OIS\temp moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\OIS\cacheFiles moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\OIS moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision\MenuTemplates\Pictures moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision\MenuTemplates moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero Vision moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero CoverDesigner\Templates moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct\Nero CoverDesigner moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp\TmpPdfChmNct moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.tmp moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.log\log moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nro.log moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\Nero\NPS moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\Nero moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp\7.10.1.2_7.03.0637_13842 moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\nero.tmp moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Patches\C11650C20FBF_00883F1BA365 moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Patches moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Setup moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist\DirectX moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist\Config moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Redist moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7\Cab moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web\Nero 7 moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Nero Web moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Excel8.0 moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Babylon\link_files moved successfully.
    C:\Documents and Settings\hans\Local Settings\Temp\Babylon moved successfully.
    Folder move failed. C:\Documents and Settings\hans\Local Settings\Temp scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_123856

    Files moved on Reboot...
    C:\Documents and Settings\hans\Local Settings\Temp moved successfully.

    gr schijndel100

  3. #23
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Nu zou dat bestand ook weg moeten zijn?

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.
    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

  4. #24

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    hallo heb gedaan wat gevraagd werdt
    hierbij de logfile van Deckard system scanner

    Deckard's System Scanner v20071014.68
    Run by hans on 2008-04-04 14:05:42
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    67: 2008-04-04 12:05:56 UTC - RP376 - Deckard's System Scanner Restore Point
    66: 2008-04-03 20:30:45 UTC - RP375 - Verwijderd Logitech Desktop Messenger
    65: 2008-04-02 19:42:33 UTC - RP374 - Removed Ad-Aware 2007
    64: 2008-04-02 10:29:01 UTC - RP373 - Controlepunt van systeem
    63: 2008-03-29 19:04:09 UTC - RP372 - Installed Ad-Aware 2007


    -- First Restore Point --
    1: 2008-01-04 08:12:16 UTC - RP310 - Installed ITEDO IsoView 5


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-04 14:09:51
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\program files hans\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Babylon\Babylon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\snmp.exe
    D:\program files hans\KeePass Password Safe\KeePass.exe
    C:\WINDOWS\system32\svchost.exe
    D:\program files hans\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\program files hans\MSGTAG\MSGTAG.exe
    D:\program files hans\birthday\Birthday.exe
    D:\program files hans\PopTray 3.03\PopTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\hans\Bureaublad\dss.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\program files hans\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\program files hans\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: Birthday.lnk = ?
    O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - (file missing)
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - (file missing)
    O15 - Trusted Zone: https://estim.citroen.com (HKCU)
    O15 - Trusted Zone: https://networkservice.citroen.com (HKCU)
    O15 - Trusted Zone: http://public.service.citroen.com (HKCU)
    O15 - Trusted Zone: http://service.citroen.com (HKCU)
    O15 - Trusted Zone: https://service.citroen.com (HKCU)
    O15 - Trusted Zone: http://estim.citroen.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://estim.peugeot.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://public.service.citroen.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://service.citroen.inetpsa.com (HKCU)
    O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com (HKCU)
    O15 - Trusted Zone: https://estim.peugeot.com (HKCU)
    O15 - Trusted Zone: http://public.servicebox.peugeot.com (HKCU)
    O15 - Trusted Zone: https://servicebox.peugeot.com (HKCU)
    O15 - Trusted Zone: https://www.infotec.peugeot.com (HKCU)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
    O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    --
    End of file - 13325 bytes

    -- HijackThis Fixed Entries (D:\program files hans\Hijack This\backups\) -------

    backup-20080402-230412-258 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080402-231055-494 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-165641-168 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-165718-550 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-211250-263 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-212126-718 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-212448-323 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    backup-20080403-222245-435 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
    R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
    R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R2 MA1908Driver - c:\windows\system32\drivers\ma1908.sys
    R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
    R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
    R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 uir1100a - c:\windows\system32\drivers\uir1100a.sys <Not Verified; UIR1000; UIR1000>
    R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

    S3 BTCOMM - c:\windows\system32\drivers\btcomm.sys (file missing)
    S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
    S3 BTKRNBDG (Bluetooth COM Bridge) - c:\windows\system32\drivers\btkrnbdg.sys (file missing)
    S3 catchme - c:\docume~1\hans\locals~1\temp\catchme.sys (file missing)
    S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
    S3 vad_multi (Windigo Virtual Audio Device (WDM)) - c:\windows\system32\drivers\vadmulti.sys (file missing)
    S3 wanusb (HM121dp USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Autodata Limited License Service - "c:\program files\common files\autodata limited shared\service\adcdlicsvc.exe" <Not Verified; Autodata Limited; Autodata Limited License Service>
    R2 BlueSoleil Hid Service - d:\program files hans\bluetoot-infrarood adapter\btntservice.exe

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&78
    Manufacturer: Realtek
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&78
    Service: rtl8139

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications-controller
    Device ID: PCI\VEN_127A&DEV_1034&SUBSYS_00025214&REV_08\3&61AAA01&0&80
    Manufacturer:
    Name: PCI Simple Communications-controller
    PNP Device ID: PCI\VEN_127A&DEV_1034&SUBSYS_00025214&REV_08\3&61AAA01&0&80
    Service:

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6300 Hans
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-02 19:00:00 420 --a------ C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job
    2008-03-28 15:16:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-03-04 and 2008-04-04 -----------------------------

    2008-04-04 09:59:53 9296 --a------ C:\WINDOWS\system32\fbulri.exe
    2008-04-03 23:12:04 9296 --a------ C:\WINDOWS\system32\suvhhj.exe
    2008-04-03 21:25:44 9296 --a------ C:\WINDOWS\system32\aoizwn.exe
    2008-04-03 19:17:40 9296 --a------ C:\WINDOWS\system32\khrvit.exe
    2008-04-03 15:45:30 0 d-------- C:\WINDOWS\ERUNT
    2008-04-03 15:42:21 0 dr------- C:\Documents and Settings\Administrator\Favorieten
    2008-04-03 15:42:20 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
    2008-04-03 15:42:20 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
    2008-04-03 15:42:12 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
    2008-04-03 15:42:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-04-03 15:42:12 0 dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-04-03 15:42:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-04-03 15:42:12 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-04-03 15:42:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-04-03 15:42:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-04-03 15:42:11 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-04-03 14:12:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
    2008-04-03 14:12:28 0 d-------- C:\Program Files\Babylon
    2008-04-03 14:06:06 0 d-------- C:\Documents and Settings\hans\Application Data\Babylon
    2008-04-03 11:15:37 0 d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
    2008-04-02 21:15:24 0 dr-h----- C:\Documents and Settings\hans\Onlangs geopend
    2008-04-02 20:18:24 9296 --a------ C:\WINDOWS\system32\yfhrof.exe
    2008-03-31 10:49:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-31 10:44:35 0 d-------- C:\Program Files\Common Files\Download Manager
    2008-03-30 19:23:17 49728 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-03-30 10:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-29 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-28 19:28:35 0 d-------- C:\Program Files\Safari
    2008-03-14 22:32:36 0 d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
    2008-03-14 22:32:25 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-03-14 22:31:39 0 d-------- C:\Program Files\AVS4YOU
    2008-03-14 22:30:40 0 d-------- C:\Program Files\Common Files\AVSMedia
    2008-03-14 22:29:34 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-03-14 22:29:34 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
    2008-03-14 22:29:33 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>


    -- Find3M Report ---------------------------------------------------------------

    2008-04-03 22:30:32 0 d-------- C:\Program Files\Logitech
    2008-04-03 15:17:38 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
    2008-04-03 14:43:22 0 d-------- C:\Program Files\Packard Bell Data Secure
    2008-04-02 21:42:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-01 23:10:41 0 d-------- C:\Documents and Settings\hans\Application Data\U3
    2008-03-31 10:50:12 531526 --a------ C:\WINDOWS\system32\perfh013.dat
    2008-03-31 10:50:12 106314 --a------ C:\WINDOWS\system32\perfc013.dat
    2008-03-31 10:44:35 0 d-------- C:\Program Files\Common Files
    2008-03-28 19:33:11 0 d-------- C:\Documents and Settings\hans\Application Data\Apple Computer
    2008-03-19 19:41:20 0 d-------- C:\Program Files\Java
    2008-03-14 22:40:39 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-03-09 14:13:29 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-03-01 12:45:57 0 d-------- C:\Program Files\iTunes
    2008-03-01 12:45:36 0 d-------- C:\Program Files\iPod
    2008-02-27 21:34:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-22 00:05:05 0 d-------- C:\Program Files\Microsoft Rekenmachine Plus
    2008-02-21 10:15:05 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-17 23:58:01 0 d-------- C:\Program Files\NCH Swift Sound
    2008-02-17 20:54:51 0 d-------- C:\Documents and Settings\hans\Application Data\NCH Swift Sound
    2008-02-17 11:03:33 3443 --a------ C:\WINDOWS\unins000.dat
    2008-02-17 11:02:23 691545 --a------ C:\WINDOWS\unins000.exe
    2008-02-08 09:25:19 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-07 18:01:42 0 d-------- C:\Documents and Settings\hans\Application Data\InstallShield


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [09/05/2005 10:46]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 15:00]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
    "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [20/05/2005 13:22]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [06/08/2001 20:03]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
    "NWEReboot"=""
    "Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
    "QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [01/02/2008 00:13]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
    "PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
    "Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [27/06/2005 16:36]
    "Flash Media"="C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe"
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
    "KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [02/01/2006 14:04]
    "Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [08/07/2006 10:57]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 17:14]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe"
    "MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [16/09/2003 15:09]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "Picasa Media Detector"=D:\program files hans\Picasa2\PicasaMediaDetector.exe
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
    Birthday.lnk - D:\program files hans\birthday\Birthday.exe [24/09/2003 3:40:00]
    PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [16/09/2006 15:01:16]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix' '.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
    AutoRun\command- K:\InstallTomTomHOME.exe




    -- End of Deckard's System Scanner: finished at 2008-04-04 14:10:53 ------------



    gr schijndel100

  5. #25

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    heb hier nog een logje van Deckards scan

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: Dutch

    CPU 0: AMD Athlon(tm) Processor
    Percentage of Memory in Use: 42%
    Physical Memory (total/avail): 1015.49 MiB / 583.4 MiB
    Pagefile Memory (total/avail): 3481.87 MiB / 3177.55 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1921.71 MiB

    A: is Removable (Unformatted)
    C: is Fixed (NTFS) - 79.59 GiB total, 32.76 GiB free.
    D: is Fixed (NTFS) - 29.23 GiB total, 26.72 GiB free.
    E: is Fixed (NTFS) - 26.19 GiB total, 25.37 GiB free.
    F: is Fixed (NTFS) - 17.65 GiB total, 17.58 GiB free.
    H: is CDROM (No Media)
    I: is CDROM (No Media)
    J: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 152.66 GiB - 4 partitions
    \PARTITION0 (bootable) - Installable File System - 79.59 GiB - C:
    \PARTITION1 - Uitgebreide partitie - 73.07 GiB - D: - E: - F:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: avast! antivirus 4.7.1169 [VPS 080404-0] v4.7.1169 (ALWIL Software) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\\program files hans\\iTunes.exe"="D:\\program files hans\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"="D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "D:\\program files hans\\LimeWire\\LimeWire.exe"="D:\\program files hans\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "D:\\program files hans\\MSGTAG\\MSGTAG.exe"="D:\\program files hans\\MSGTAG\\MSGTAG.exe:*:Enabled:MSGTAG"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe:*:Enabled:mcoinstall"
    "D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe:*:Enabled:mcoinstall"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
    "D:\\program files hans\\PopTray 3.03\\PopTray.exe"="D:\\program files hans\\PopTray 3.03\\PopTray.exe:*:Enabled:PopTray"
    "D:\\program files hans\\SPAMfighter\\SPAMCFG.exe"="D:\\program files hans\\SPAMfighter\\SPAMCFG.exe:*:Enabled:SPAMCFG"
    "D:\\program files hans\\SPAMfighter\\SFAgent.exe"="D:\\program files hans\\SPAMfighter\\SFAgent.exe:*:Enabled:SFAgent"
    "D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"="D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe:*:Enabled:script-fu"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
    "D:\\program files hans\\Shareaza\\Shareaza.exe"="D:\\program files hans\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\Program Files\\support.com\\KPN\\hcenter.exe"="C:\\Program Files\\support.com\\KPN\\hcenter.exe:*:Enabled:Starten ADSL Support Wizard"
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter"
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
    "C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
    "D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"="D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"="C:\\DOCUME~1\\hans\\LOCALS~1\\T emp\\vaanéé£'£'%''msn'è%'fix''.exe:*:Enabled:Flash Media"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\hans\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=DING
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\hans
    LANG=nl
    LOGONSERVER=\\DING
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;D:\program files hans\2.0\bin;D:\program files hans\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0402
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\hans\LOCALS~1\Temp
    TMP=C:\DOCUME~1\hans\LOCALS~1\Temp
    USERDOMAIN=DING
    USERNAME=hans
    USERPROFILE=C:\Documents and Settings\hans
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    hans (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Aangifte inkomstenbelasting 2007 --> D:\program files hans\Belastingdienst\2007\ib2007u.exe
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
    Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Adres 2000 --> C:\WINDOWS\uninst.exe -f"d:\program files hans\adres2000\DeIsL3.isu" -cd:\PROGRA~1\ADRES2~1\_ISREG32.DLL
    Adres 2000 Version 1.8 --> "D:\program files hans\Adres2000\Adres 2000\unins000.exe"
    ADSL Support Wizard --> MsiExec.exe /X{1066E724-271D-404F-B6EB-F0FF7B3ACD36}
    AM-DeadLink 2.8.1 --> "D:\program files hans\AM-DeadLink\unins000.exe"
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Babylon --> C:\Program Files\Babylon\Utils\uninstbb.exe
    Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926247) --> "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB939373) --> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB942830) --> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB942831) --> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Birthday --> "D:\program files hans\Birthday\unins000.exe"
    BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x13
    Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
    Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
    Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
    Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
    Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
    Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
    Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
    Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
    Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
    Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
    Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
    Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
    CCleaner (remove only) --> "D:\program files hans\CCleaner\uninst.exe"
    CdCoverCreator v.2.5 --> D:\program files hans\CdCoverCreator\uninstall.exe
    dBPowerAMP AIFF codec r4 --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP AIFF codec r4.dat
    dBpowerAMP iTunes Encode --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP iTunes Encode.dat
    dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
    dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    dBpowerAMP Nero Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
    dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
    DriverMax 2.4 --> "D:\program files hans\DriverMax\unins000.exe"
    DVD Decrypter (Remove Only) --> "D:\program files hans\DVD Decrypter\uninstall.exe"
    eCover 1.0.6 --> "D:\program files hans\eCover\unins001.exe"
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EVEREST Home Edition v1.51 --> "D:\EVEREST Home Edition\unins000.exe"
    freeCommander 2005.09a --> "D:\program files hans\freeCommander2005\unins000.exe"
    Gadwin PrintScreen --> D:\program files hans\PrintScreen\Uninstall.exe
    Gigaset USB Adapter 108 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{031BDDC8-B6CD-4074-9D50-F92B648E7B92}\Setup.exe" -l0x13
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    GTK+ 2.6.9 runtime environment --> "D:\program files hans\2.0\unins000.exe"
    hcc!hulp pc-ok! v2.1.0.0 --> "C:\Program Files\hcchulp\ClientAgent\unins000.exe"
    HEMA Online Fotoservice --> MsiExec.exe /I{B3953D3B-1550-4D8E-879B-0E184BFF3CB9}
    HijackThis 2.0.0 --> "C:\Documents and Settings\hans\Bureaublad\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
    IrfanView (remove only) --> D:\program files hans\irfan view\iv_uninstall.exe
    ITEDO IsoView 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCB873D5-94BD-4ADC-B80A-A3B381D7E8FA}\setup.exe" -l0x9
    iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
    iView Catalog Reader (remove only) --> D:\program files hans\iView Catalog Reader\Uninst.exe
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
    J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    K-Lite Codec Pack 2.53 Basic --> "D:\program files hans\K-Lite Codec Pack\unins000.exe"
    KeePass Password Safe 1.04 --> "D:\program files hans\KeePass Password Safe\unins000.exe"
    KPN SMS mail --> D:\KPN SMS mail\Uninstall.exe
    LimeWire 4.16.6 --> "D:\program files hans\LimeWire\uninstall.exe"
    Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x13
    Logitech® Camera-stuurprogramma --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    Medisana BPA 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1D3F3DAE-D427-45B1-8465-A21D37274C9A}
    Messenger-Control plug-in for Ad-Aware SE --> D:\PROGRA~1\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE D:\PROGRA~1\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office PowerPoint 2003 Template Creation Wizard --> MsiExec.exe /I{39B1915D-3CBA-42F8-8A58-2AB5587BF863}
    Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Viewer 2003 (Nederlands) --> MsiExec.exe /I{90520413-6000-11D3-8CFE-0150048383C9}
    Microsoft Rekenmachine Plus --> MsiExec.exe /I{7852F4B3-4647-4161-8FCF-637B0DF8C4A7}
    Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
    Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSGTAG --> "D:\program files hans\MSGTAG\unins000.exe"
    MSN Megapack 1 --> "C:\WINDOWS\MSN Megapack 1\uninstall.exe" "/U:\program files hans\MSN WINKS\Uninstall\uninstall.xml"
    Nero 7 Premium --> MsiExec.exe /I{2D71D4CA-1108-4BD4-AFC9-42594F671043}
    Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG="1043"
    Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
    Nokia Software Updater --> MsiExec.exe /X{57CEA991-6F11-4E7E-B67C-2F02168CED6B}
    Nuria 3.3 --> "D:\program files hans\Nuria\unins000.exe"
    Nvu 1.0 --> "D:\program files hans\Nvu\unins000.exe"
    Offline Rekening Overzicht --> MsiExec.exe /I{9A09EC10-3856-45B4-8C9E-465CF0D36AA1}
    Offline Rekening Overzicht --> MsiExec.exe /I{E1CCDB78-DC5A-46EA-80B4-7D2C7C6FF6E9}
    Packard Bell Data Secure --> C:\Program Files\Packard Bell Data Secure\Uninstall.exe
    Partitie-Expert --> D:\program files hans\partitie expert\MediaBuilder.exe -uninstall
    PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
    Philips Intelligent Agent --> "D:\program files hans\Philips Intelligent Agent\Uninst\unins000.exe"
    Photo Story 3 voor Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
    PhotoFiltre --> "D:\program files hans\PhotoFiltre\Uninst.exe"
    Picasa 2 --> "D:\program files hans\Picasa2\Uninstall.exe"
    PopTray 3.20 --> D:\program files hans\PopTray 3.03\Uninstall.exe
    PopTray Hotmail Plug-in --> D:\program files hans\PopTray 3.03\Plugins\UninstallHotmail.exe
    Prism --> C:\Program Files\NCH Software\Prism\uninst.exe
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
    save2pc Light 3.23 --> "D:\program files hans\save2pc\unins000.exe"
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Shareaza versie 2.2.1.0 --> "D:\program files hans\Shareaza\Uninstall\unins000.exe"
    Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
    SyncBack --> "D:\program files hans\SyncBack\unins000.exe"
    Telefoongids Zoekbalk 1.0.1 Build 291 --> D:\program files hans\De Telefoongids Zoekbalk\uninst.exe
    The GIMP 2.2.13 --> "D:\program files hans\GIMP-2.0\unins000.exe"
    TomTom HOME --> D:\program files hans\TomTom Home\TomTom HOME 2\Uninstall TomTom HOME.exe
    Trust Easy Connect 9600 Plus v1.51 --> C:\WINDOWS\twain_32\A4CIS\UNINST.EXE
    Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    U.R.Celeb 2.02 --> D:\program files hans\U.R.Celeb\uninst.exe
    U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
    Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
    Windows-stuurprogrammapakket - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
    Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Rights Management Client Backwards Compatibility --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
    WinRAR --> C:\Program Files\WinRAR\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type14465 / Error
    Event Submitted/Written: 04/04/2008 00:59:41 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
    Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

    Event Record #/Type14464 / Error
    Event Submitted/Written: 04/04/2008 00:59:31 PM
    Event ID/Source: 1001 / Application Error
    Event Description:
    Fout-bucket 489835561.
    De uitwisseling van de WEP-sleutel resulteerde na de 802.1x-verificatie niet in een beveiligde verbinding. De huidige instelling is niet geldig en de draadloze verbinding wordt verbroken.

    Event Record #/Type14463 / Error
    Event Submitted/Written: 04/04/2008 00:59:24 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
    Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

    Event Record #/Type14462 / Error
    Event Submitted/Written: 04/04/2008 00:59:13 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.3156, vastgelopen module: phoneshell.dll, versie: 1.0.0.44, vastgelopen op: 0x00011004.
    Verwerken van mediaspecifieke gebeurtenis voor [explorer.exe!ws!]

    Event Record #/Type14459 / Warning
    Event Submitted/Written: 04/04/2008 00:49:49 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    Kan parameter TraceLevel niet vinden in het register.
    Het gebruikte standaardtraceerniveau is 32.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type137180 / Error
    Event Submitted/Written: 04/04/2008 01:00:08 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
    om de server
    {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

    Event Record #/Type137179 / Error
    Event Submitted/Written: 04/04/2008 00:59:48 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
    om de server
    {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

    Event Record #/Type137178 / Error
    Event Submitted/Written: 04/04/2008 00:59:28 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
    om de server
    {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

    Event Record #/Type137177 / Error
    Event Submitted/Written: 04/04/2008 00:59:09 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
    om de server
    {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

    Event Record #/Type137176 / Error
    Event Submitted/Written: 04/04/2008 00:58:48 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
    om de server
    {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten



    -- End of Deckard's System Scanner: finished at 2008-04-04 14:10:53 ------------

    gr schijndel100

  6. #26
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Kan je deze regels nu verwijderen met Hijackthis?:
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  7. #27

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34
    heb alles gedaan zoals gevraagd maar heb twee regels kunnen verwijderen die ene f2 niet
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:03:13, on 4/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\program files hans\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Babylon\Babylon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\snmp.exe
    D:\program files hans\KeePass Password Safe\KeePass.exe
    C:\WINDOWS\system32\svchost.exe
    D:\program files hans\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\program files hans\MSGTAG\MSGTAG.exe
    D:\program files hans\birthday\Birthday.exe
    D:\program files hans\PopTray 3.03\PopTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\program files hans\Hijack This\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
    O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O15 - Trusted Zone: http://public.service.citroen.com
    O15 - Trusted Zone: http://service.citroen.com
    O15 - Trusted Zone: http://estim.citroen.inetpsa.com
    O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
    O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://service.citroen.inetpsa.com
    O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10727 bytes

  8. #28
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download Combofix eens en maak daar een logje mee, post dat in je volgende bericht.

  9. #29

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    heb combifix geprobeerd
    hier het logje
    ComboFix 08-04-03.5 - hans 2008-04-04 20:06:14.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.534 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\hans\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\Packet.dll
    C:\WINDOWS\system32\UpMedia

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))
    .

    2008-04-04 14:05 . 2008-04-04 14:05 <DIR> d-------- C:\Deckard
    2008-04-04 12:38 . 2008-04-04 12:38 <DIR> d-------- C:\_OTMoveIt
    2008-04-04 09:59 . 2008-04-04 09:59 9,296 --a------ C:\WINDOWS\system32\fbulri.exe
    2008-04-03 23:12 . 2008-04-03 23:12 9,296 --a------ C:\WINDOWS\system32\suvhhj.exe
    2008-04-03 21:25 . 2008-04-03 21:25 9,296 --a------ C:\WINDOWS\system32\aoizwn.exe
    2008-04-03 19:17 . 2008-04-03 19:17 9,296 --a------ C:\WINDOWS\system32\khrvit.exe
    2008-04-03 15:45 . 2008-04-03 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-03 15:42 . 2007-03-04 14:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
    2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
    2008-04-03 15:42 . 2005-09-03 19:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
    2008-04-03 15:42 . 2008-04-04 20:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
    2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Program Files\Babylon
    2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
    2008-04-03 14:06 . 2008-04-03 14:19 <DIR> d-------- C:\Documents and Settings\hans\Application Data\Babylon
    2008-04-03 11:15 . 2008-04-03 11:15 <DIR> d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
    2008-04-02 21:15 . 2008-04-04 18:07 <DIR> dr-h----- C:\Documents and Settings\hans\Onlangs geopend
    2008-04-02 20:18 . 2008-04-02 20:18 9,296 --a------ C:\WINDOWS\system32\yfhrof.exe
    2008-04-01 17:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-01 17:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 10:49 . 2008-03-31 19:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-31 10:44 . 2008-03-31 10:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-03-31 10:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-30 19:23 . 2008-03-30 19:23 49,728 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-03-30 10:52 . 2008-03-30 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-29 21:04 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-28 19:28 . 2008-03-28 19:29 <DIR> d-------- C:\Program Files\Safari
    2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
    2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-03-14 22:31 . 2008-03-14 22:35 <DIR> d-------- C:\Program Files\AVS4YOU
    2008-03-14 22:30 . 2008-03-14 22:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-03 20:30 --------- d-----w C:\Program Files\Logitech
    2008-04-03 12:43 --------- d-----w C:\Program Files\Packard Bell Data Secure
    2008-04-02 19:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-02 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-01 21:10 --------- d-----w C:\Documents and Settings\hans\Application Data\U3
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-28 17:33 --------- d-----w C:\Documents and Settings\hans\Application Data\Apple Computer
    2008-03-19 17:41 --------- d-----w C:\Program Files\Java
    2008-03-01 10:45 --------- d-----w C:\Program Files\iTunes
    2008-03-01 10:45 --------- d-----w C:\Program Files\iPod
    2008-02-27 19:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-27 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-21 22:05 --------- d-----w C:\Program Files\Microsoft Rekenmachine Plus
    2008-02-21 08:15 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-17 21:58 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-02-17 18:54 --------- d-----w C:\Documents and Settings\hans\Application Data\NCH Swift Sound
    2008-02-17 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-02-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-17 09:02 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-02-08 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-07 16:01 --------- d-----w C:\Documents and Settings\hans\Application Data\InstallShield
    2007-01-14 09:25 299 ------w C:\Documents and Settings\hans\Application Data\internaldb1942.dat
    2004-05-24 07:35 86,016 ----a-w C:\Program Files\mozilla firefox\plugins\IvInstHelper.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
    "KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [2006-01-02 14:04 584704]
    "Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [2003-09-16 15:09 1320448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [2005-05-09 10:46 1019904]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-05-20 13:22 1757184]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
    "NWEReboot"=""
    "Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
    "Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2005-06-27 16:36 2433086]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 14:00 15360]
    "Nokia.PCSync"="D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
    "Picasa Media Detector"="D:\program files hans\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

    C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
    Birthday.lnk - D:\program files hans\birthday\Birthday.exe [2003-09-24 03:40:00 955392]
    PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [2006-09-16 15:01:16 1666048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= ffdshow.ax
    "VIDC.WMV3"= wmv9vcm.dll
    "MSVideo8"= VfWWDM32.dll
    "MSVideo"= vfwwdm32.dll
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"=
    "D:\\program files hans\\LimeWire\\LimeWire.exe"=
    "D:\\program files hans\\MSGTAG\\MSGTAG.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"=
    "D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\Outlook Express\\msimn.exe"=
    "D:\\program files hans\\PopTray 3.03\\PopTray.exe"=
    "D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\program files hans\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\support.com\\KPN\\hcenter.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
    "D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 16:40]
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
    R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 22:51]
    R3 uir1100a;UIR1100A;C:\WINDOWS\system32\DRIVERS\uir1100a.sys [2004-12-01 09:43]
    S2 HidCom;USB-HID -> COM Driver Service;C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 11:47]
    S3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
    S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
    S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
    S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
    S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
    S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
    \Shell\AutoRun\command - K:\InstallTomTomHOME.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-28 13:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-02 17:00:00 C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job"
    - D:\program files hans\SyncBack\SyncBack.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-04 20:09:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    ? [1764]

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-04 20:10:59
    ComboFix-quarantined-files.txt 2008-04-04 18:10:35
    Pre-Run: 35,057,307,648 bytes beschikbaar
    Post-Run: 35,044,458,496 bytes beschikbaar
    .
    2008-03-20 16:08:27 --- E O F ---

  10. #30

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    Hallo smeenk
    ik probeer om OT movelt te verwijderen naar de prullebak maar dat gaat niet krijg dan dit te zien
    zie bijlage
    en combifix hoe dit te verwijderen ook naar de prullebak?

    gr schijndel100
    Bijgevoegde Bestanden Bijgevoegde Bestanden

  11. #31
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


    • File::
      C:\WINDOWS\system32\fbulri.exe
      C:\WINDOWS\system32\suvhhj.exe
      C:\WINDOWS\system32\aoizwn.exe
      C:\WINDOWS\system32\khrvit.exe
      C:\WINDOWS\system32\yfhrof.exe

      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaanéé£'£'%''msn'è%'fix''.exe"=-



    Sla dit op op je Bureaublad als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

  12. #32

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    Hallo Smeenk
    Gedaan wat je me vraagt maar alles was prima gegaan maar nadat combifix klaar was dan zie je heel even een logfile maar gaat direct over in een blauw scherm en komt dan als de pc herstart is niet meer terug.

  13. #33
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Draai Combofix eens opnieuw en kijk of er dan wel een nieuw logje opent.

  14. #34

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    nu heb ik combifix normaal gedraaid door er op te dubbelklikken niet dus het het txt log bestandje er naar toe gesleept
    nu wel een logje
    ComboFix 08-04-03.5 - hans 2008-04-05 10:29:06.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.625 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\hans\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .
    TimedOut: Windir.dat

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))
    .

    2008-04-04 22:21 . 2008-04-05 10:14 <DIR> dr-h----- C:\Documents and Settings\hans\Onlangs geopend
    2008-04-04 12:38 . 2008-04-04 12:38 <DIR> d-------- C:\_OTMoveIt
    2008-04-03 15:45 . 2008-04-03 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-03 15:42 . 2007-03-04 14:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
    2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
    2008-04-03 15:42 . 2005-09-03 19:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-04-03 15:42 . 2008-04-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
    2008-04-03 15:42 . 2008-04-04 20:09 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
    2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Program Files\Babylon
    2008-04-03 14:12 . 2008-04-03 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
    2008-04-03 14:06 . 2008-04-03 14:19 <DIR> d-------- C:\Documents and Settings\hans\Application Data\Babylon
    2008-04-03 11:15 . 2008-04-03 11:15 <DIR> d-------- C:\WINDOWS\B0CDD92B588D475BA77CDD674ED537D8.TMP
    2008-04-01 17:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-01 17:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 10:49 . 2008-03-31 19:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-31 10:44 . 2008-03-31 10:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-03-31 10:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-30 19:23 . 2008-03-30 19:23 49,728 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-03-30 10:52 . 2008-03-30 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-29 21:04 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-28 19:28 . 2008-03-28 19:29 <DIR> d-------- C:\Program Files\Safari
    2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\hans\Application Data\AVS4YOU
    2008-03-14 22:32 . 2008-03-14 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-03-14 22:31 . 2008-03-14 22:35 <DIR> d-------- C:\Program Files\AVS4YOU
    2008-03-14 22:30 . 2008-03-14 22:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-03 20:30 --------- d-----w C:\Program Files\Logitech
    2008-04-03 13:17 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
    2008-04-03 12:43 --------- d-----w C:\Program Files\Packard Bell Data Secure
    2008-04-02 19:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-02 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-01 21:10 --------- d-----w C:\Documents and Settings\hans\Application Data\U3
    2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2008-03-28 17:33 --------- d-----w C:\Documents and Settings\hans\Application Data\Apple Computer
    2008-03-19 17:41 --------- d-----w C:\Program Files\Java
    2008-03-01 10:45 --------- d-----w C:\Program Files\iTunes
    2008-03-01 10:45 --------- d-----w C:\Program Files\iPod
    2008-02-27 19:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-27 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-21 22:05 --------- d-----w C:\Program Files\Microsoft Rekenmachine Plus
    2008-02-21 08:15 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-17 21:58 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-02-17 18:54 --------- d-----w C:\Documents and Settings\hans\Application Data\NCH Swift Sound
    2008-02-17 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-02-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-17 09:02 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-02-08 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-07 16:01 --------- d-----w C:\Documents and Settings\hans\Application Data\InstallShield
    2007-01-14 09:25 299 ------w C:\Documents and Settings\hans\Application Data\internaldb1942.dat
    2004-05-24 07:35 86,016 ----a-w C:\Program Files\mozilla firefox\plugins\IvInstHelper.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-04_20.10.14,02 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-04 10:53:39 224,528 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
    + 2008-04-05 08:17:22 224,517 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
    + 2008-04-05 08:13:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_708.dat
    + 2008-04-05 08:13:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_778.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
    "KeePass Password Safe"="D:\program files hans\KeePass Password Safe\KeePass.exe" [2006-01-02 14:04 584704]
    "Gadwin PrintScreen 3.5"="D:\program files hans\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "MSGTAG"="D:\program files hans\MSGTAG\MSGTAG.exe" [2003-09-16 15:09 1320448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "KPN SMS mail"="D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe" [2005-05-09 10:46 1019904]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-05-20 13:22 1757184]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
    "NWEReboot"=""
    "Adobe Reader Speed Launcher"="D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="D:\program files hans\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "PCSuiteTrayApplication"="D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
    "Babylon Client"="C:\Program Files\Babylon\Babylon.exe" [2005-06-27 16:36 2433086]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 14:00 15360]
    "Nokia.PCSync"="D:\program files hans\Nokia div\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
    "Picasa Media Detector"="D:\program files hans\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

    C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
    Birthday.lnk - D:\program files hans\birthday\Birthday.exe [2003-09-24 03:40:00 955392]
    PopTray.lnk - D:\program files hans\PopTray 3.03\PopTray.exe [2006-09-16 15:01:16 1666048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= ffdshow.ax
    "VIDC.WMV3"= wmv9vcm.dll
    "MSVideo8"= VfWWDM32.dll
    "MSVideo"= vfwwdm32.dll
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"=
    "D:\\program files hans\\LimeWire\\LimeWire.exe"=
    "D:\\program files hans\\MSGTAG\\MSGTAG.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"=
    "D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\Outlook Express\\msimn.exe"=
    "D:\\program files hans\\PopTray 3.03\\PopTray.exe"=
    "D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\program files hans\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\support.com\\KPN\\hcenter.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
    "D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 16:40]
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
    R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 22:51]
    R3 uir1100a;UIR1100A;C:\WINDOWS\system32\DRIVERS\uir1100a.sys [2004-12-01 09:43]
    S2 HidCom;USB-HID -> COM Driver Service;C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 11:47]
    S3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
    S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
    S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
    S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
    S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
    S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7f3822-3621-11dc-b250-00805a49dd80}]
    \Shell\AutoRun\command - K:\InstallTomTomHOME.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-28 13:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-02 17:00:00 C:\WINDOWS\Tasks\SyncBack back-up D 18-08-2005.job"
    - D:\program files hans\SyncBack\SyncBack.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-05 10:33:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-05 10:34:35
    ComboFix-quarantined-files.txt 2008-04-05 08:34:24
    ComboFix2.txt 2008-04-05 08:03:06
    ComboFix3.txt 2008-04-04 18:11:00
    Pre-Run: 36,233,666,560 bytes beschikbaar
    Post-Run: 36,222,099,456 bytes beschikbaar
    .
    2008-03-20 16:08:27 --- E O F ---

  15. #35
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting folders>>log.txt
    FOR %%I in (
    C:\_OTMoveIt
    C:\qoobox) DO (
    IF EXIST %%I (
    RD /S /Q %%I
    IF EXIST %%I (
    ECHO %%I not deleted>>log.txt
    ) ELSE (
    ECHO %%I deleted>>log.txt)
    ) ELSE (
    ECHO %%I not found>>log.txt))
    START NOTEPAD.EXE log.txt

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

  16. #36

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    hierbij hel logfile
    Deleting folders
    C:\_OTMoveIt deleted
    C:\qoobox deleted

  17. #37
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Mooi zo

    Post nu eens een logje van Hijackthis ter controle

  18. #38

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    volgens mij hebben we succes hierbij het logje

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:55:25, on 5/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    D:\program files hans\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\program files hans\KeePass Password Safe\KeePass.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\program files hans\MSGTAG\MSGTAG.exe
    D:\program files hans\birthday\Birthday.exe
    D:\program files hans\PopTray 3.03\PopTray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\program files hans\Hijack This\HiJackThis_v2.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
    O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O15 - Trusted Zone: http://public.service.citroen.com
    O15 - Trusted Zone: http://service.citroen.com
    O15 - Trusted Zone: http://estim.citroen.inetpsa.com
    O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
    O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://service.citroen.inetpsa.com
    O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10561 bytes

  19. #39
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Dat was een taaie rakker (ik ook )

    Ga naar Start - Uitvoeren en geef het volgende in:
    Combofix /u
    Druk daarna op OK.
    Dit zal combofix verwijderen.
    Let op: tussen Combofix en /u hoort een spatie te staan.

    Dan mag je alle gebruikte programma's verwijderen

  20. #40

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows Vista Home Premium
    Antivirus
    Avast
    Firewall
    Windows Firewall
    Berichten
    34

    trojan

    Hallo Smeenk
    Ja dat was een taaie ik had het al opgegeven maar jij niet !!!!
    Petje af voor de volhouder .
    Ik had al een donatie gedaan maar zal er noch een doen omdat ik zo geweldig geholpen ben, hiervoor mijn hartelijke dank.

    Gr schijndel100

Pagina 2 van de 3 EersteEerste 123 LaatsteLaatste

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen