Mededeling

Collapse
No announcement yet.

Wie helpt mij alstublieft

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Wie helpt mij alstublieft

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:06:58, on 26-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\windows\System32\smss.exe
    D:\windows\system32\winlogon.exe
    D:\windows\system32\services.exe
    D:\windows\system32\lsass.exe
    D:\windows\system32\Ati2evxx.exe
    D:\windows\system32\svchost.exe
    D:\windows\System32\svchost.exe
    D:\windows\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\windows\Explorer.EXE
    D:\windows\system32\spoolsv.exe
    D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
    D:\windows\system32\PnkBstrB.exe
    D:\windows\system32\svchost.exe
    D:\windows\system32\wscntfy.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    D:\windows\system32\ctfmon.exe
    D:\program files\daemon tools\daemon.exe
    D:\program files\siber systems\robotaskbaricon.exe
    D:\Program Files\MailWasher Pro\MailWasher.exe
    D:\Program Files\NewsSearcher\NewsSearcher.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\Program Files\NewsLeecher\newsleecher.exe
    D:\Program Files\NewsLeecher\newsleecher.exe
    D:\Program Files\Avant Browser\avant.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] D:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] d:\program files\daemon tools\daemon.exe
    O4 - HKCU\..\Run: [RoboForm] d:\program files\siber systems\robotaskbaricon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = D:\Program Files\MailWasher Pro\MailWasher.exe
    O4 - Startup: NewsSearcher (2).lnk = D:\Program Files\NewsSearcher\NewsSearcher.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotogratis.nl/fotoalbum/foto_upload/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {C29A0936-5E0D-4C8E-BCE4-A106B75E037B} (MyDropTarget Class) - http://www.zude.com/DropTarget.cab
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\windows\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NT Online Protection - Unknown owner - D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
    O23 - Service: PnkBstrB - Unknown owner - D:\windows\system32\PnkBstrB.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\RpcSandraSrv.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPnPService - Magix AG - D:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 10708 bytes

    Als aanvulling op de bijgevoegde link nog: Het systeem zonder virusscanner loopt goed totdat er een virsuscanner geinstalleerd wordt of zoals nu dat ik probeer Spybot te draaien. Hij is dan heeeeeeeeeeeeeeeel traag en doet eingenlijk niets.

    De link naar de topic waar het probleem staat:
    http://www.nucia.eu/forum/showthread.php?t=32782

    Ik spannende afwachting,

    Rik Heres
    Labels: Geen
    • Citaat
  • #2
    Dag Rik,

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      wie help mij verder alstubleift deel 2

      Dank je wel voor de snelle reactie. Ik hoop dat het onderstaande de bedoeling is. Combofix.txt en Hijakthis.txt.

      Rik


      ComboFix 07-12-21.4 - RIK 2007-12-26 22:42:44.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.466 [GMT 1:00]
      Gestart vanuit: D:\Documents and Settings\RIK\Bureaublad\ComboFix.exe
      .
      The following files were disabled during the run:
      D:\Program Files\Radio Wizard\RRUserDLL.dll


      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
      .

      2007-12-26 21:24 . 2007-12-26 22:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-26 21:06 . 2007-12-26 21:06 <DIR> d-------- D:\Program Files\Trend Micro
      2007-12-26 13:14 . 2007-12-26 20:40 <DIR> d-------- D:\Program Files\Hitman Pro
      2007-12-26 13:05 . 2007-12-26 20:40 <DIR> d-------- D:\Program Files\uRadio
      2007-12-26 12:08 . 2007-12-26 12:08 570,842 --a------ D:\Rvaxo2
      2007-12-25 20:21 . 2007-12-25 20:21 <DIR> d-------- D:\Program Files\LSP GAMES
      2007-12-25 14:22 . 2007-12-26 20:41 <DIR> dr-h----- D:\Documents and Settings\RIK\Onlangs geopend
      2007-12-25 13:29 . 2007-12-25 13:29 <DIR> d-------- D:\Kaspersky Internet Security 7 Activation Keys
      2007-12-25 13:26 . 2007-12-25 14:07 <DIR> d-------- D:\Kaspersky - Reset Trial (Int.Security v.7.0.0.125)
      2007-12-25 13:23 . 2007-12-25 14:07 <DIR> d-------- D:\Documents and Settings\RIK\Application Data\uTorrent
      2007-12-25 12:58 . 2007-12-25 12:58 82,258 --a------ D:\WINDOWS\system32\drivers\klin.dat
      2007-12-25 12:58 . 2007-12-25 12:58 82,258 --a------ D:\WINDOWS\system32\drivers\klick.dat
      2007-12-25 12:56 . 2007-12-25 12:56 <DIR> d-------- D:\kav
      2007-12-25 12:56 . 2007-12-26 01:53 326,176 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
      2007-12-25 12:56 . 2007-12-26 01:04 4,640 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
      2007-12-25 12:56 . 2007-12-26 01:04 2,828 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
      2007-12-25 12:56 . 2007-12-26 01:04 1,292 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
      2007-12-23 20:33 . 2007-12-23 20:33 <DIR> d-------- D:\DATA
      2007-12-23 15:34 . 2007-12-23 15:34 <DIR> d-------- D:\Documents and Settings\RIK\Application Data\ESET
      2007-12-23 11:54 . 2007-12-23 15:44 1,086 --a------ D:\WINDOWS\WINCMD.INI
      2007-12-23 11:33 . 2007-12-23 11:33 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Avant Profiles
      2007-12-22 17:10 . 2007-12-22 17:10 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
      2007-12-21 19:34 . 2007-12-21 19:34 <DIR> d-------- D:\Documents and Settings\LocalService\Bureaublad
      2007-12-21 19:34 . 2007-12-22 17:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
      2007-12-21 19:20 . 2007-12-21 19:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg7
      2007-12-21 13:31 . 2007-12-21 13:31 <DIR> d-------- D:\Program Files\Common Files\Symbian
      2007-12-21 00:12 . 2007-12-21 00:12 314,994 --a------ D:\virus.jpg
      2007-12-20 18:01 . 2007-12-23 14:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
      2007-12-20 18:01 . 2006-11-17 03:06 280 --a------ D:\WINDOWS\system32\epoPGPsdk.dll.sig
      2007-12-20 16:33 . 2007-12-20 16:33 150 -ra------ D:\WINDOWS\amunres.lsl
      2007-12-19 19:14 . 2007-12-26 01:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2007-12-19 14:34 . 2007-12-19 14:34 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
      2007-12-19 14:02 . 2007-12-19 14:24 16 --a------ D:\WINDOWS\system32\coh.cache
      2007-12-18 13:59 . 2007-12-19 14:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
      2007-12-18 13:58 . 2007-12-19 14:29 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
      2007-12-15 16:57 . 2007-12-15 16:57 <DIR> d-------- D:\TomTom.Mobile.v6.02.S60v3.SymbianOS9.1.Cracked-BiNPDA
      2007-12-15 16:11 . 2007-12-15 16:11 <DIR> d-------- D:\Program Files\MSBuild
      2007-12-15 16:08 . 2007-12-15 16:08 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
      2007-12-15 16:06 . 2007-12-15 16:06 <DIR> d-------- D:\Program Files\Reference Assemblies
      2007-12-15 16:05 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
      2007-12-13 16:46 . 2007-12-13 16:46 7,048 --a------ D:\Rvaxo6
      2007-12-12 23:12 . 2007-12-12 23:11 30,208 --a------ D:\WINDOWS\system32\drivers\ONLINENT.SYS
      2007-12-12 23:12 . 2007-12-12 23:11 12,416 --a------ D:\WINDOWS\system32\drivers\SCREENNT.SYS
      2007-12-12 23:12 . 2007-12-12 23:11 6,659 --a------ D:\WINDOWS\system32\drivers\EMLTDI.SYS
      2007-12-12 23:12 . 2007-12-12 23:12 0 --a------ D:\WINDOWS\sensor.INI
      2007-12-12 23:12 . 2007-12-12 23:12 0 --a------ D:\WINDOWS\hqstat.mtl
      2007-12-12 23:12 . 2007-12-12 23:12 0 --a------ D:\WINDOWS\hqstat.mnt
      2007-12-12 23:11 . 2007-12-20 16:18 <DIR> d-------- D:\Program Files\Quick Heal
      2007-12-12 16:55 . 2007-12-12 23:12 70 --a------ D:\WINDOWS\QH32.INI
      2007-12-12 15:51 . 2007-12-08 18:33 61,273 --a------ D:\vissen2.JPG
      2007-12-12 15:51 . 2007-12-08 18:33 59,699 --a------ D:\vissen.JPG
      2007-12-12 15:51 . 2007-12-08 18:33 40,616 --a------ D:\vissen3.JPG
      2007-12-11 20:19 . 2007-12-11 20:20 <DIR> d-------- D:\Program Files\IncrediFlash XTreme 1.2
      2007-12-11 20:19 . 2007-12-11 20:21 <DIR> d--h----- D:\Documents and Settings\RIK\Application Data\IFLTemp
      2007-12-11 19:07 . 2007-12-11 20:06 45,568 --a------ D:\Beste Tietia en Bert.doc
      2007-12-10 20:43 . 2007-12-10 20:43 <DIR> d-------- D:\Documents and Settings\RIK\Application Data\Deal or No Deal
      2007-12-10 20:33 . 2007-12-10 20:33 <DIR> d-------- D:\Program Files\Mindscape
      2007-12-09 18:11 . 2007-12-09 18:11 244 --ah----- D:\sqmnoopt04.sqm
      2007-12-09 18:11 . 2007-12-09 18:11 232 --ah----- D:\sqmdata04.sqm
      2007-12-08 00:58 . 2007-12-08 00:58 <DIR> d-------- D:\Program Files\Kaspersky Lab
      2007-12-07 21:33 . 2007-12-07 21:33 88 --a------ D:\WINDOWS\system32\vbxtreg32.dll
      2007-12-07 21:33 . 2007-12-07 21:33 88 --a------ D:\WINDOWS\system32\vbxtct32.dll
      2007-12-07 17:41 . 2007-12-07 17:41 244 --ah----- D:\sqmnoopt03.sqm
      2007-12-07 17:41 . 2007-12-07 17:41 232 --ah----- D:\sqmdata03.sqm
      2007-12-07 17:20 . 2007-12-07 17:20 244 --ah----- D:\sqmnoopt02.sqm
      2007-12-07 17:20 . 2007-12-07 17:20 232 --ah----- D:\sqmdata02.sqm
      2007-12-07 17:03 . 2007-12-07 17:03 244 --ah----- D:\sqmnoopt01.sqm
      2007-12-07 17:03 . 2007-12-07 17:03 232 --ah----- D:\sqmdata01.sqm
      2007-12-07 17:00 . 2007-12-07 17:00 244 --ah----- D:\sqmnoopt00.sqm
      2007-12-07 17:00 . 2007-12-07 17:00 232 --ah----- D:\sqmdata00.sqm
      2007-12-07 16:56 . 2007-12-07 16:56 <DIR> d-------- D:\Documents and Settings\RIK\Application Data\Key Metric Software
      2007-12-07 13:14 . 2007-12-07 13:14 <DIR> d-------- D:\Program Files\FolderSizes 4
      2007-12-07 13:14 . 2007-12-07 13:14 <DIR> d-------- D:\Program Files\Common Files\Key Metric Software
      2007-12-07 13:14 . 2007-12-07 13:14 <DIR> d--h----- D:\Documents and Settings\All Users\Application Data\{63C75C0E-9083-49A6-AE30-DFA581ABE11C}
      2007-12-04 16:37 . 2007-12-26 22:56 <DIR> d-------- D:\Program Files\Radio Wizard
      2007-12-04 16:37 . 2001-12-07 03:26 41,984 --a------ D:\WINDOWS\system32\APTRRNTm.dll
      2007-12-04 16:37 . 2001-12-07 03:26 36,864 --a------ D:\WINDOWS\system32\APTRRNTl.dll
      2007-12-02 22:44 . 2007-12-02 22:44 <DIR> d-------- D:\Program Files\Recuva
      2007-12-02 22:43 . 2007-12-02 22:43 <DIR> d-------- D:\Documents and Settings\RIK\Application Data\Phototools
      2007-12-02 22:19 . 2007-12-02 22:20 <DIR> d-------- D:\Program Files\System info
      2007-11-27 23:05 . 2007-11-27 23:05 26,397 --a------ D:\logozelda.jpg
      2007-11-27 23:05 . 2007-11-27 23:05 18,120 --a------ D:\zelda2.jpg
      2007-11-27 23:02 . 2007-11-27 23:02 17,409 --a------ D:\overview_zelda_20.jpg
      2007-11-27 22:59 . 2007-11-27 22:59 54,250 --a------ D:\zelda.bmp

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-26 21:56 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-26 21:56 --------- d-----w D:\Documents and Settings\RIK\Application Data\MailWasherPro
      2007-12-25 19:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
      2007-12-25 13:27 --------- d-----w D:\Program Files\XP Tools
      2007-12-25 13:25 --------- d-----w D:\Program Files\Winamp Toolbar
      2007-12-23 11:12 --------- d-----w D:\Program Files\Total Command UP
      2007-12-21 12:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
      2007-12-19 18:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2007-12-15 15:16 --------- d-----w D:\Documents and Settings\RIK\Application Data\Avant Profiles
      2007-12-15 15:13 --------- d-----w D:\Program Files\Nokia
      2007-12-15 15:11 --------- d-----w D:\Program Files\Avant Browser
      2007-12-07 14:26 --------- d-----w D:\Program Files\Easy Travel Benelux
      2007-12-04 15:37 286,720 ----a-w D:\windows\iun506.exe
      2007-12-04 13:04 46,532 ----a-w D:\Documents and Settings\RIK\Application Data\mdb.bin
      2007-12-04 12:45 --------- d-----w D:\Program Files\HEMA Fotoservice
      2007-12-02 21:43 --------- d-----w D:\Program Files\Phototools
      2007-12-02 14:56 9,344 ----a-w D:\windows\system32\drivers\NSDriver.sys
      2007-12-02 14:56 8,320 ----a-w D:\windows\system32\drivers\AWRTRD.sys
      2007-12-02 14:48 --------- d-----w D:\Documents and Settings\RIK\Application Data\Video DVD Maker PRO
      2007-11-25 14:24 --------- d-----w D:\Documents and Settings\LocalService\Application Data\Ahead
      2007-11-22 22:17 --------- d-----w D:\Documents and Settings\RIK\Application Data\Nokia
      2007-11-22 20:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nokia
      2007-11-22 20:41 --------- d-----w D:\Program Files\Common Files\Nokia
      2007-11-22 20:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations
      2007-11-22 19:56 --------- d-----w D:\Program Files\SimpleCenter
      2007-11-22 19:56 --------- d-----w D:\Program Files\Common Files\i4j_jres
      2007-11-22 19:55 --------- d-----w D:\Documents and Settings\RIK\Application Data\PC Suite
      2007-11-22 19:52 --------- d-----w D:\Program Files\Common Files\PCSuite
      2007-11-20 20:41 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
      2007-11-20 20:41 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
      2007-11-19 19:27 --------- d-----w D:\Program Files\WYSIWYG Web Builder 4.0
      2007-11-19 16:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
      2007-11-19 16:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
      2007-11-19 16:14 --------- d-----w D:\Program Files\ViceVersa Pro 2
      2007-11-16 18:08 --------- d-----w D:\Program Files\Winamp
      2007-11-16 17:40 --------- d-----w D:\Program Files\Common Files\Ahead
      2007-11-16 17:36 --------- d-----w D:\Program Files\Nero
      2007-11-16 16:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
      2007-11-16 15:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Winamp Toolbar
      2007-11-15 22:01 --------- d-----w D:\Documents and Settings\RIK\Application Data\Launchy
      2007-11-14 17:27 --------- d-----w D:\Documents and Settings\RIK\Application Data\Microsoft Games
      2007-11-14 14:06 53,768 ----a-w D:\windows\system32\drivers\epfwtdi.sys
      2007-11-14 14:06 50,696 ----a-w D:\windows\system32\drivers\epfw.sys
      2007-11-14 14:06 30,728 ----a-w D:\windows\system32\drivers\epfwndis.sys
      2007-11-14 14:04 27,656 ----a-w D:\windows\system32\drivers\easdrv.sys
      2007-11-14 14:03 33,800 ----a-w D:\windows\system32\drivers\eamon.sys
      2007-11-11 22:41 66,872 ----a-w D:\windows\system32\PnkBstrA.exe
      2007-11-11 22:41 22,328 ----a-w D:\windows\system32\drivers\PnkBstrK.sys
      2007-11-11 22:41 22,328 ----a-w D:\Documents and Settings\RIK\Application Data\PnkBstrK.sys
      2007-11-11 22:41 103,736 ----a-w D:\windows\system32\PnkBstrB.exe
      2007-11-09 18:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\TuneUp Software
      2007-11-07 11:37 --------- d-----w D:\Program Files\Ultimate Screen Clock
      2007-11-07 11:19 737,280 ----a-w D:\windows\iun6002.exe
      2007-11-07 11:05 --------- d-----w D:\Program Files\Yahoo!
      2007-11-05 20:21 --------- d--h--w D:\Program Files\Zero G Registry
      2007-10-31 22:16 --------- d-----w D:\Documents and Settings\RIK\Application Data\Nero
      2007-10-31 21:21 --------- d-----w D:\Program Files\Data Design Interactive
      2007-10-28 19:16 --------- d-----w D:\Program Files\IncrediMail
      2007-10-28 11:22 --------- d-----w D:\Program Files\The Logo Creator v5
      2007-10-27 20:25 --------- d-----w D:\Program Files\TuneUp Utilities 2007
      2007-10-27 20:23 --------- d-----w D:\Documents and Settings\RIK\Application Data\TuneUp Software
      2007-10-27 20:22 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
      2007-10-27 19:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
      2007-10-27 19:18 --------- d-----w D:\Program Files\Common Files\Adobe
      2007-10-27 19:17 --------- d-----w D:\Program Files\Common Files\Control Panels
      2007-10-27 19:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\ALM
      2007-10-27 18:17 --------- d-----w D:\Program Files\Bonjour
      2007-10-27 18:13 --------- d-----w D:\Program Files\Common Files\Macrovision Shared
      2007-05-28 13:34 16 ---ha-w D:\Program Files\mxfilerelatedcache.mxc2
      .

      ((((((((((((((((((((((((((((( [email protected]_15.45.29.00 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2000-08-31 07:00:00 163,328 ----a-w D:\windows\erdnt\subs\ERDNT.EXE
      + 2007-03-13 09:57:10 163,328 ----a-w D:\windows\erdnt\subs\ERDNT.EXE
      + 2007-12-25 15:58:11 180,656 ----a-w D:\windows\pchealth\helpctr\Config\Cache\Professional_32_1043.dat
      + 2007-12-25 15:58:11 180,656 ----a-w D:\windows\pchealth\helpctr\Config\Cache\Professional_32_1043.dat.bak
      - 2007-12-21 23:21:18 32,768 ----a-w D:\windows\system32\config\systemprofile\Cookies\index.dat
      + 2007-12-26 00:27:57 32,768 ----a-w D:\windows\system32\config\systemprofile\Cookies\index.dat
      - 2007-12-21 23:19:25 32,768 ----a-w D:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
      + 2007-12-26 00:27:57 32,768 ----a-w D:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
      - 2007-12-25 13:09:40 308,296 ----a-w D:\windows\system32\Restore\rstrlog.dat
      + 2007-12-26 19:43:12 848,856 ----a-w D:\windows\system32\Restore\rstrlog.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="D:\windows\system32\ctfmon.exe" [2004-08-04 00:03]
      "DAEMON Tools"="d:\program files\daemon tools\daemon.exe" [2007-04-03 23:29]
      "RoboForm"="d:\program files\siber systems\robotaskbaricon.exe" [2007-05-28 08:41]
      "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 D:\WINDOWS\system32\HdAShCut.exe]
      "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-07-09 00:10]
      "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-31 13:54]
      "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
      "NSLauncher"="D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]
      "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

      D:\Documents and Settings\RIK\Menu Start\Programma's\Opstarten\
      MailWasherPro.lnk - D:\Program Files\MailWasher Pro\MailWasher.exe [2007-08-20 20:09:18]
      NewsSearcher (2).lnk - D:\Program Files\NewsSearcher\NewsSearcher.exe [2006-09-21 20:50:24]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
      @=""

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Uniblue RegistryBooster 2"=D:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
      "Uniblue SpyEraser"="D:\Program Files\SpyEraser\SpyEraser.exe" -m
      "Device Detection"=D:\Program Files\HEMA Fotoservice\dd.exe
      "CTFMON.EXE"=D:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "PCSuiteTrayApplication"=D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      "Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      "TrueImageMonitor.exe"=D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
      "KEMailKb"=D:\PROGRA~1\Keyboard\KEMailKb.EXE
      "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      "SunJavaUpdateSched"="D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" -atboottime
      "WinampAgent"=D:\Program Files\Winamp\winampa.exe
      "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

      R0 HWFProt;Hywave File Protector HWFProt;D:\windows\system32\Drivers\HWFProt.sys [2003-05-11 15:20]
      R0 ScreenNT;ScreenNT;D:\windows\system32\drivers\ScreenNT.sys [2007-12-12 23:11]
      R0 snapman;Acronis Snapshots Manager;D:\windows\system32\DRIVERS\snapman.sys [2007-06-10 10:10]
      R0 timounter;Acronis TrueImage Backup Archive Explorer;D:\windows\system32\DRIVERS\timntr.sys [2007-06-10 10:11]
      R1 easdrv;easdrv;D:\windows\system32\DRIVERS\easdrv.sys [2007-11-14 15:04]
      R1 epfwtdi;epfwtdi;D:\windows\system32\DRIVERS\epfwtdi.sys [2007-11-14 15:06]
      R2 eamon;EAMON;D:\windows\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
      R2 EMLSS;EMLSS;D:\windows\system32\drivers\emltdi.sys [2007-12-12 23:11]
      R2 epfw;epfw;D:\windows\system32\DRIVERS\epfw.sys [2007-11-14 15:06]
      R2 OnlineNT;OnlineNT;D:\PROGRA~1\QUICKH~1\ONLINENT.SYS [2007-12-12 23:11]
      R2 tifsfilter;Acronis TrueImage FS Filter;D:\windows\system32\DRIVERS\tifsfilt.sys [2007-06-10 10:11]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;D:\windows\System32\svchost.exe -k netsvcs
      R3 AEAudioService;AEAudio Service;D:\windows\system32\drivers\AEAudio.sys [2005-07-09 00:10]
      R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;D:\windows\system32\Drivers\DKbFltr.sys [2006-05-15 09:56]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
      S3 UPnPService;UPnPService;D:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-21 17:27:44 D:\windows\Tasks\1-Klick-Wartung.job"
      - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2007-08-13 12:40:47 D:\windows\Tasks\Uniblue SpyEraser.job"
      - D:\Program Files\SpyEraser\SpyEraser.exe
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-26 22:57:17
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2007-12-26 22:57:52 - machine was rebooted
      D:\ComboFix2.txt ... 2007-12-26 12:46
      D:\ComboFix3.txt ... 2007-12-25 15:46


      =====================================================

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:00:20, on 26-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      D:\windows\System32\smss.exe
      D:\windows\system32\winlogon.exe
      D:\windows\system32\services.exe
      D:\windows\system32\lsass.exe
      D:\windows\system32\Ati2evxx.exe
      D:\windows\system32\svchost.exe
      D:\windows\System32\svchost.exe
      D:\windows\system32\Ati2evxx.exe
      D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      D:\windows\Explorer.EXE
      D:\windows\system32\spoolsv.exe
      D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      D:\Program Files\Analog Devices\Core\smax4pnp.exe
      D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      D:\Program Files\Winamp\winampa.exe
      D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
      D:\windows\system32\ctfmon.exe
      D:\program files\daemon tools\daemon.exe
      D:\program files\siber systems\robotaskbaricon.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      D:\WINDOWS\ATKKBService.exe
      D:\Program Files\Bonjour\mDNSResponder.exe
      D:\Program Files\MailWasher Pro\MailWasher.exe
      D:\Program Files\NewsSearcher\NewsSearcher.exe
      D:\Program Files\Common Files\LightScribe\LSSrvc.exe
      D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
      D:\windows\system32\PnkBstrB.exe
      D:\windows\system32\svchost.exe
      D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      D:\Program Files\NewsLeecher\newsleecher.exe
      D:\Program Files\NewsLeecher\newsleecher.exe
      D:\windows\system32\wscntfy.exe
      D:\windows\system32\wuauclt.exe
      D:\windows\system32\notepad.exe
      D:\Program Files\Avant Browser\avant.exe
      D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
      O4 - HKCU\..\Run: [ctfmon.exe] D:\windows\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools] d:\program files\daemon tools\daemon.exe
      O4 - HKCU\..\Run: [RoboForm] d:\program files\siber systems\robotaskbaricon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: MailWasherPro.lnk = D:\Program Files\MailWasher Pro\MailWasher.exe
      O4 - Startup: NewsSearcher (2).lnk = D:\Program Files\NewsSearcher\NewsSearcher.exe
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
      O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotogratis.nl/fotoalbum/foto_upload/ImageUploader4.cab
      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
      O16 - DPF: {C29A0936-5E0D-4C8E-BCE4-A106B75E037B} (MyDropTarget Class) - http://www.zude.com/DropTarget.cab
      O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\windows\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
      O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
      O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NT Online Protection - Unknown owner - D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
      O23 - Service: PnkBstrB - Unknown owner - D:\windows\system32\PnkBstrB.exe
      O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\Win32\RpcDataSrv.exe
      O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\RpcSandraSrv.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: UPnPService - Magix AG - D:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

      --
      End of file - 11293 bytes
      • Citaat

      Comment

      • #4
        Ik zie niet direct rare zaken in je log, maar wat is dit:
        D:\Kaspersky Internet Security 7 Activation Keys
        D:\Kaspersky - Reset Trial (Int.Security v.7.0.0.125)
        • Citaat

        Comment

        • #5
          vervolg

          Wat ik nu zo vreemd vind is dat alles goed werkt, totdat ik een virusscanner zoals NOD of Kaspersky of Mcafee instaleer. Dan is alles weer kompleet van slag en blijven zaken hangen.

          Die 2 dingen zijn torrents voor het eventueel terugzetten van de trailperiode van Kasparsky.

          Ik wil natuurlijk weer heel graag een virusscanner draaien echter het gaat telkens fout. Ook het instaleren van Hitman pro loopt uiteindelijk gewoon vast. SPybot daarintegen werkt wel.

          Hebben jullie nog tips of een vermoeden hoe dit kan?

          BEdankt Rik
          • Citaat

          Comment

          • #6
            Het zijn een soort "cracks" zeg maar.
            Dat zijn zaken die vaak vergezeld zijn van malware. Dit soort zaken kan je best niet gebruiken, het is vragen om problemen.

            Doe dit:Opruiming van cookies en tijdelijke internetbestanden:
            Sluit alle open vensters van Internet Explorer.
            Ga naar het Configuratiescherm en dubbelklik op Internet-opties.
            Het venster "Eigenschappen voor Internet" voor internet zal openen.
            Ga naar het tabblad Algemeen.
            Klik op de knop Cookies verwijderen, en in het venster dat opent klik je op OK.
            Klik nu op de knop Bestanden verwijderen.
            In het venster dat opent vink je ook aan "Ook alle offline items verwijderen".
            Klik op de knop OK.

            Blokkeer ook nog de indirecte of third party cookies:
            Op het tabblad Privacy klik je op de knop geavanceerd.
            Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
            Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
            Bij Indirecte cookies kies je voor "Blokkeren".
            Klik op OK.
            Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

            Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
            Ga naar Start, kies Uitvoeren en tik in: cleanmgr
            Druk daarna op OK en Schijfopruiming zal gestart worden.
            Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
            Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
            Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
            - Tijdelijke internetbestanden
            - Prullenbak
            - Tijdelijke bestanden
            Klik daarna op OK.

            Download Dr.Web CureIt en plaats het op je bureaublad: cureit.exe.

            Dubbelklik op cureit.exe, en klik daarna op Start om het programma een snelle scan te laten uitvoeren.
            Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
            Wordt er wat gevonden, dan laat je CureIt dit repareren.
            - Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
            Daarna zal het hoofdvenster zichtbaar worden.
            - Kies bovenaan in het menu Optie voor Taal en wijzig deze naar Dutch (Nederlands), indien deze anders ingesteld staat.
            - In het menu Opties kies je voor Instellingen veranderen (F9).
            Op het tabblad "Scan" haal je het vinkje weg bij Heuristic Analyse.
            Druk op Toepassen.
            Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: Alle bestanden.
            Op het tabblad "Acties" stel je het volgende in bij Malware:
            -Adware: Verplaats
            -Dialers: Verplaats
            -Jokes: Rapportage
            -Riskware: Rapportage
            -Hacktools: Verplaats
            Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
            - Geïnfecteerde objecten: Repareer
            - Onrepareerbare: Verplaats
            - Verdachte objecten: Rapportage
            Haal dan het vinkje weg bij: Prompt bij actie.
            Druk op Toepassen.
            Druk daarna op OK.
            Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
            - Selecteer Volledige scan
            Klik op de groene pijl aan de rechterkant om de scan te starten.
            Indien de geïnfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\Quarantine.
            - Als de scan klaar is kies je in het menu voor Bestand voor Rapportagelijst opslaan en sla je de log op op je bureaublad.
            - Sluit daarna Dr.Web Cureit.

            Herstart je computer.
            Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.

            Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
            Post ook een nieuwe hijackthislog.
            • Citaat

            Comment

            • #7
              wie help mij verder alstublieft deel 3

              Hier de log van cureit:

              RVAXO3 D:\ Tool.ShutDown.11 Verplaatst.
              install.exe D:\DOWNLOAD\SPEL ONGEINSTALLEERD\PINBALL_COLLECTION-01\WILDFIRE\DEVILS ISLAND Trojan.MulDrop.4165 Verwijderd.
              SetupDTSB.exe D:\Program Files\DAEMON Tools Adware.SaveNow Verplaatst.
              VBAOL11.CHM\html/olobjAddressEntries.htm D:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modificatie van VBS.Petik
              VBAOL11.CHM D:\Program Files\Microsoft Office\OFFICE11\1043 Archief bevat geinfecteerde objecten Verplaatst.
              Windows_Commander_FTP_Password_RIPPER.exe D:\Program Files\Total Command UP\PLUGINS\Tools\FtpPasswordRipper Tool.PassView.21 Verplaatst.
              Close.Combat.First.to.Fight.Plus.3.Trainer-SAEB.exe D:\spel\First to Fight\Close[1].Combat.First.to.Fight.Plus.3.Trainer-SAEB Tool.GameCrack Verplaatst.
              A0059010.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP221 Tool.ShutDown.11 Verplaatst.
              A0062358.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP227 Tool.ShutDown.11 Verplaatst.
              A0062758.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP229 Trojan.MulDrop.4165 Verwijderd.
              A0062786.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP229 Adware.SaveNow Verplaatst.
              A0062787.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP229 Tool.PassView.21 Verplaatst.
              A0062788.exe D:\System Volume Information\_restore{92E254D1-D838-4C8D-82F0-69902D0D26F5}\RP229 Tool.GameCrack Verplaatst.

              ========================================================

              En Hier van Hijackthis:
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 21:19:43, on 28-12-2007
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              D:\windows\System32\smss.exe
              D:\windows\system32\winlogon.exe
              D:\windows\system32\services.exe
              D:\windows\system32\lsass.exe
              D:\windows\system32\Ati2evxx.exe
              D:\windows\system32\svchost.exe
              D:\windows\System32\svchost.exe
              D:\windows\system32\Ati2evxx.exe
              D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              D:\windows\Explorer.EXE
              D:\windows\system32\spoolsv.exe
              D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
              D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
              D:\WINDOWS\ATKKBService.exe
              D:\Program Files\Bonjour\mDNSResponder.exe
              D:\Program Files\Common Files\LightScribe\LSSrvc.exe
              D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
              D:\windows\system32\PnkBstrB.exe
              D:\windows\system32\svchost.exe
              D:\windows\system32\wscntfy.exe
              D:\Program Files\Analog Devices\Core\smax4pnp.exe
              D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
              D:\Program Files\Winamp\winampa.exe
              D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
              D:\windows\system32\ctfmon.exe
              D:\program files\daemon tools\daemon.exe
              D:\program files\siber systems\robotaskbaricon.exe
              D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              D:\Program Files\MailWasher Pro\MailWasher.exe
              D:\Program Files\NewsSearcher\NewsSearcher.exe
              D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
              D:\Program Files\NewsLeecher\newsleecher.exe
              D:\Program Files\NewsLeecher\newsleecher.exe
              D:\Program Files\Avant Browser\avant.exe
              D:\windows\system32\wuauclt.exe
              D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
              O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
              O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
              O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
              O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
              O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
              O4 - HKCU\..\Run: [ctfmon.exe] D:\windows\system32\ctfmon.exe
              O4 - HKCU\..\Run: [DAEMON Tools] d:\program files\daemon tools\daemon.exe
              O4 - HKCU\..\Run: [RoboForm] d:\program files\siber systems\robotaskbaricon.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: MailWasherPro.lnk = D:\Program Files\MailWasher Pro\MailWasher.exe
              O4 - Startup: NewsSearcher (2).lnk = D:\Program Files\NewsSearcher\NewsSearcher.exe
              O8 - Extra context menu item: Converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
              O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
              O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\windows\system32\shdocvw.dll
              O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
              O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
              O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
              O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
              O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
              O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
              O10 - Unknown file in Winsock LSP: d:\program files\spyware doctor\filterlsp.dll
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotogratis.nl/fotoalbum/foto_upload/ImageUploader4.cab
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
              O16 - DPF: {C29A0936-5E0D-4C8E-BCE4-A106B75E037B} (MyDropTarget Class) - http://www.zude.com/DropTarget.cab
              O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
              O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
              O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\windows\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
              O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common\Database\bin\fbserver.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
              O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
              O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
              O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NT Online Protection - Unknown owner - D:\PROGRA~1\QUICKH~1\ONLNSVC.EXE
              O23 - Service: PnkBstrB - Unknown owner - D:\windows\system32\PnkBstrB.exe
              O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\Win32\RpcDataSrv.exe
              O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2c\RpcSandraSrv.exe
              O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
              O23 - Service: UPnPService - Magix AG - D:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
              O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

              --
              End of file - 11260 bytes

              Heel erg bedankt tot zover!!!!!!
              Echt werelds !!!
              • Citaat

              Comment

              • #8
                Dag Rik,

                Sluit alle open vensters.
                Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

                Klik daarna op "Fix checked" en sluit HijackThis af.

                Zijn er nog problemen?
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X