Mededeling

Collapse
No announcement yet.

Pop-up's en geluid op laptop

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Pop-up's en geluid op laptop

    hallo
    ik heb laatste tijd veel last van pop-up's en er worden veel geluiden afgespeeld terwijl ik laptop niet gebruik alleen op bureaublad heb staan
    wie helpt?

  • #2
    de pop-up's komen terwijl er geen gebruik gemaakt wordt van IE er is wel altijd een LAN verbinding. wie helpt

    Comment


    • #3
      Maak een hijackthislog en post deze.
      Dan kunnen we zien wat er juist aan de hand is.

      Comment


      • #4
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:09:32, on 9-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
        C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        C:\WINDOWS\system32\drivers\KodakCCS.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\snmp.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\wbem\wmiapsrv.exe
        C:\Program Files\Apoint2K\Apoint.exe
        C:\Program Files\necmfk\necmfk.exe
        C:\Program Files\Apoint2K\HidFind.exe
        C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
        C:\Program Files\Apoint2K\Apntex.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
        C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        c:\program files\winamp toolbar\WinampTbServer.exe
        C:\WINDOWS\System32\Rundll32.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
        O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
        O4 - HKLM\..\Run: [NECMFK] "C:\Program Files\necmfk\necmfk.exe"
        O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
        O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
        O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
        O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
        O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
        O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171802809387
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
        O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
        O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
        O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
        O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
        O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

        --
        End of file - 14329 bytes

        Comment


        • #5
          Sluit alle open vensters.
          Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

          O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
          O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
          O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart


          Klik daarna op "Fix checked" en sluit HijackThis af.

          Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
          Plaats het op je bureaublad.
          Dubbelklik er op om het programma te starten.
          In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
          Volg de instructies op het scherm.
          Als het tooltje klaar is, opent er een logfile (combofix.txt).
          Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

          Comment


          • #6
            ComboFix 08-01-09.2 - Arjan van der Steege 2008-01-09 15:21:30.1 - NTFSx86
            Gestart vanuit: C:\Documents and Settings\Arjan van der Steege\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\sprt_ads.dll

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_NWSAPAGENT
            -------\NwSapAgent


            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
            .

            2008-01-09 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-08 23:08 . 2008-01-08 23:08 1,355 --a------ C:\WINDOWS\imsins.BAK
            2008-01-07 18:58 . 2008-01-09 15:10 <DIR> dr-h----- C:\Documents and Settings\Arjan van der Steege\Onlangs geopend
            2008-01-07 15:15 . 2008-01-07 15:15 <DIR> d-------- C:\Program Files\Lavasoft
            2008-01-07 15:14 . 2008-01-07 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Program Files\Trend Micro
            2008-01-02 20:18 . 2008-01-02 20:18 <DIR> d-------- C:\Program Files\SAGEM
            2008-01-02 20:18 . 2008-01-02 20:18 <DIR> d-------- C:\Documents and Settings\Arjan van der Steege\Application Data\InstallShield
            2008-01-02 20:18 . 2007-04-04 08:08 184,320 --a------ C:\WINDOWS\system32\coclassfast.dll
            2008-01-02 09:56 . 2008-01-02 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2008-01-01 22:36 . 2008-01-07 19:47 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
            2007-12-27 13:25 . 2008-01-09 15:08 <DIR> d-------- C:\Program Files\IntelligentAdvisor
            2007-12-27 12:08 . 2008-01-09 15:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2007-12-27 12:08 . 2008-01-09 15:30 1,409 --a------ C:\WINDOWS\QTFont.for
            2007-12-24 15:38 . 2008-01-08 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-08 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-01-07 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-01-07 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-01-06 15:49 --------- d-----w C:\Program Files\Winamp
            2008-01-06 15:49 --------- d-----w C:\Program Files\MP3 Remix
            2008-01-05 17:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
            2007-12-27 12:31 --------- d-----w C:\Program Files\Codemasters
            2007-12-25 19:35 --------- d-----w C:\Program Files\LimeWire
            2007-12-24 14:40 --------- d-----w C:\Program Files\Google
            2007-12-18 14:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
            2007-12-18 14:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
            2007-12-18 14:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
            2007-12-18 14:22 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
            2007-12-18 14:22 --------- d-----w C:\Program Files\Symantec
            2007-12-18 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
            2007-12-18 13:50 --------- d-----w C:\Program Files\Messenger Plus! Live
            2007-12-04 19:15 --------- d-----w C:\Program Files\Norton AntiVirus
            2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
            2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
            2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
            2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
            2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
            2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
            2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
            2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
            2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
            2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
            2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
            2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
            2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
            2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
            2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
            2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
            2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
            2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
            2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
            2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
            2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
            2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
            2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
            2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
            2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
            2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
            2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
            2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
            2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
            2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
            2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
            2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
            2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
            2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
            2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
            2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
            2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
            2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
            2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
            2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
            2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
            2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
            2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
            2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
            2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
            2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
            2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
            2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
            2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
            2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
            2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
            2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
            2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
            2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
            2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
            2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
            2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
            2007-12-11 22:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
            {EF99BD32-C1FB-11D2-892F-0090271D4F88}
            {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
            {2318C2B1-4965-11D4-9B18-009027A5CD4F}

            [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
            [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
            [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
            [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
            "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

            [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
            [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
            [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
            [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
            "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-03-14 21:37 185480]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 20:07 68856]
            "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 19:52 376912]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-02-27 10:27 135168]
            "NECMFK"="C:\Program Files\necmfk\necmfk.exe" [2004-01-23 12:41 62976]
            "ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-01-27 20:10 335872]
            "AGRSMMSG"="AGRSMMSG.exe" [2004-02-11 08:35 88363 C:\WINDOWS\AGRSMMSG.exe]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-12 22:10 151597]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-26 21:31 77824]
            "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
            "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 12:35 319488]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
            "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
            "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
            "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
            "Spyware Doctor"=""

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-24 15:38:41]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
            "AllowLegacyWebView"= 1 (0x1)
            "AllowUnhashedWebView"= 1 (0x1)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
            "NoViewOnDrive"= 0 (0x0)

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^CleanSweep Smart Sweep-Internet Sweep.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk
            backup=C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk
            backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^Arjan van der Steege^Menu Start^Programma's^Opstarten^Norton System Doctor.LNK]
            path=C:\Documents and Settings\Arjan van der Steege\Menu Start\Programma's\Opstarten\Norton System Doctor.LNK
            backup=C:\WINDOWS\pss\Norton System Doctor.LNKStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
            C:\Program Files\TomTom HOME\TomTomHOME.exe

            R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-01 10:02]
            R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
            R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2003-12-03 08:48]
            R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 15:36]
            R1 Ps2LedIF;Ps2LedIF;C:\WINDOWS\system32\drivers\ps2ledif.sys [2003-01-10 14:39]
            R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
            R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
            R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;C:\WINDOWS\system32\DRIVERS\Ps2Led.sys [2004-01-21 19:58]
            S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Arjan van der Steege\Mijn documenten\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\kerneld.wnt [2007-08-19 13:38]
            S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\3.tmp
            S3 nenum13E;nenum13E;C:\DOCUME~1\ARJANV~1\LOCALS~1\Temp\nenum13E.sys
            S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys [2002-11-26 17:16]
            S3 wlask48d;802.11b WLAN PC Card Service;C:\WINDOWS\system32\DRIVERS\wlask48d.sys [2004-01-06 11:33]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-01-09 14:27:04 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
            - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
            "2005-08-07 20:54:42 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
            "2008-01-09 14:00:00 C:\WINDOWS\Tasks\F67528E5A372C4AD.job"
            - c:\docume~1\arjanv~1\applic~1\dentfo~1\Medialongcopy.exe
            "2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
            - C:\WINDOWS\System32\OOBE\oobebaln.exe
            "2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
            - C:\WINDOWS\System32\OOBE\oobebaln.exe
            "2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
            - C:\WINDOWS\System32\OOBE\oobebaln.exe
            "2005-05-08 19:13:46 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
            "2007-12-21 22:05:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Arjan van der Steege.job"
            - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
            "2007-12-21 19:00:00 C:\WINDOWS\Tasks\Schijfopruiming.job"
            - C:\WINDOWS\system32\cleanmgr.exe
            "2008-01-07 19:00:00 C:\WINDOWS\Tasks\Systeemherstel.job"
            - C:\WINDOWS\system32\Restore\rstrui.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-09 15:42:00
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
            AppInit_DLLs = ??????????

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-01-09 15:53:16 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-01-09 14:53:09
            .
            2007-12-18 16:14:52 --- E O F ---


            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 15:59:08, on 9-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\System32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            C:\WINDOWS\system32\drivers\KodakCCS.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\System32\snmp.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\cmd.exe
            C:\Program Files\Apoint2K\Apoint.exe
            C:\Program Files\necmfk\necmfk.exe
            C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
            C:\WINDOWS\AGRSMMSG.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\Apoint2K\HidFind.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\Apoint2K\Apntex.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
            C:\WINDOWS\System32\wbem\wmiapsrv.exe
            C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            c:\program files\winamp toolbar\WinampTbServer.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
            O4 - HKLM\..\Run: [NECMFK] "C:\Program Files\necmfk\necmfk.exe"
            O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
            O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
            O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
            O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
            O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
            O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
            O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
            O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
            O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
            O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
            O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171802809387
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
            O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
            O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
            O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
            O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

            --
            End of file - 13838 bytes

            Comment


            • #7
              Download reglooks.exe
              Plaats het op je bureaublad.
              Dubbelklik op reglooks.exe. Doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.

              Comment


              • #8
                REGLOOKS logfile

                version 0.977
                wo 09-01-2008 16:15:39,60
                running from: "C:\Documents and Settings\Arjan van der Steege\Bureaublad"

                --- SSODL regkeys ---

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"


                --- STS regkeys ---

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
                only standard or legit regkeys found


                --- USERINIT regkey ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
                "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


                --- SHELL regkey ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
                "Shell"="Explorer.exe"


                --- SYSTEM regkey ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
                "System"=""


                --- APPINIT_DLLS regkey ---

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
                "AppInit_DLLs"=""


                --- NOTIFY regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
                "WRNotifier" "DllName"="WRLogonNTF.dll"


                --- BOOTEXECUTE regkey ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
                BootExecute= autocheck autochk *\0SsiEfr.e\0lsdelete\0\0


                --- SHELLEXECUTEHOOKS regkey ---

                HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
                "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
                "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"


                --- HKLM\Run regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "Apoint"="\"C:\\Program Files\\Apoint2K\\Apoint.exe\""
                "NECMFK"="\"C:\\Program Files\\necmfk\\necmfk.exe\""
                "ATIPTA"="\"C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATIPTAXX.EXE\""
                "AGRSMMSG"="AGRSMMSG.exe"
                "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
                "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
                "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
                "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
                "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
                "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
                "osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
                "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
                "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
                [run\OptionalComponents]
                [run\OptionalComponents\IMAIL]
                "Installed"="1"
                [run\OptionalComponents\MAPI]
                "Installed"="1"
                "NoChange"="1"
                [run\OptionalComponents\MSFS]
                "Installed"="1"


                --- HKLM\RunOnce regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                no HKLM RunOnce keys found


                --- HKLM\RunOnceEx regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
                @=""


                --- HKLM\RunServices regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
                no HKLM RunServices keys found


                --- HKLM\RunServicesOnce regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                no HKLM RunServicesOnce keys found


                --- HKCU\Run regkeys ---

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
                "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
                "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
                "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""


                --- HKCU\RunOnce regkeys ---

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                no HKCU RunOnce keys found


                --- HKCU\RunOnceEx regkeys ---

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
                no HKCU RunOnceEx keys found


                --- HKCU\RunServices regkeys ---

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
                no HKCU RunServices keys found


                --- HKCU\RunServicesOnce regkeys ---

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                no HKCU RunServicesOnce keys found


                --- HKU\.DEFAULT\Run regkeys - Default user ---

                HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
                "Spyware Doctor"=""


                --- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

                HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
                "Spyware Doctor"=""


                --- HKU\S-1-5-19\Run regkeys - User Lokale service ---

                HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


                --- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

                HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


                --- HKLM\Explorer\Run regkeys ---

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                no HKLM Explorer\Run keys found


                --- HKCU\Explorer\Run regkeys ---

                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                no HKCU Explorer\Run keys found


                --- Image File Execution regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
                no debuggers found


                --- BROWSER HELPER OBJECTS regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
                "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"
                "{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}" FILE ="C:\\Program Files\\Winamp Toolbar\\winamptb.dll"
                "{6548BF73-58FF-71D5-F97D-17C71E323709}" FILE ="C:\\Program Files\\IntelligentAdvisor\\IntelligentAdvisor-2.dll"
                "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\ssv.dll"
                "{AA58ED58-01DD-4d91-8333-CF10577473F7}" FILE ="c:\\program files\\google\\googletoolbar1.dll"
                "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" FILE ="C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.1.1119.1736\\swg.dll"


                --- TOOLBAR regkeys ---

                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
                "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"
                "{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" FILE ="C:\\Program Files\\Winamp Toolbar\\winamptb.dll"
                "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" FILE ="c:\\program files\\google\\googletoolbar1.dll"


                --- URLSEARCHHOOKS regkeys ---

                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
                "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"


                --- CONTEXTMENUHANDLERS regkeys ---

                HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
                "AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
                "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
                "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
                "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
                "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\PROGRA~1\\NORTON~1\\NavShExt.dll"
                "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
                "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

                HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
                "AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
                "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
                "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
                "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
                "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

                HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
                "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\PROGRA~1\\NORTON~1\\NavShExt.dll"
                "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


                --- ALTERNATESHELL regkey ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
                "AlternateShell"="cmd.exe"


                --- SAFEBOOT MINIMAL SERVICES ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
                no unknown services found


                --- SAFEBOOT NETWORK SERVICES ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
                nm
                nm.sys


                --- SERVICES ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
                "DisplayName"="IPv6-hulpservice"
                %SystemRoot%\system32\svchost.exe -k netsvcs

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aeaudio
                system32\drivers\aeaudio.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApfiltrService
                "DisplayName"="NEC VersaGlide Filter Driver"
                System32\DRIVERS\Apfiltr.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Asapi
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atiide
                System32\DRIVERS\atiide.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bridge
                "DisplayName"="MAC-brug"
                System32\DRIVERS\bridge.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BridgeMP
                "DisplayName"="MAC-brugminipoort"
                System32\DRIVERS\bridge.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\caboagp
                "DisplayName"="ATI Cabo AGP Filter"
                System32\DRIVERS\atisgkaf.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EverestDriver
                "DisplayName"="Lavalys EVEREST Kernel Driver"
                \??\C:\Documents and Settings\Arjan van der Steege\Mijn documenten\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\kerneld.wnt

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ikhfile
                "DisplayName"="File Security Kernel Anti-Spyware Driver"
                system32\drivers\ikhfile.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ikhlayer
                "DisplayName"="Kernel Anti-Spyware Driver"
                system32\drivers\ikhlayer.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MFKGTKEY
                \SystemRoot\system32\drivers\mfkgtkey.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nenum13E
                "DisplayName"="nenum13E"
                \??\C:\DOCUME~1\ARJANV~1\LOCALS~1\Temp\nenum13E.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\papycpu
                \SystemRoot\system32\drivers\papycpu.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\papyjoy
                \SystemRoot\system32\drivers\papyjoy.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTL8023
                "DisplayName"="Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver"
                System32\DRIVERS\Rtlnic51.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDhelper
                "DisplayName"="PC Tools Spyware Doctor"
                C:\Program Files\Spyware Doctor\sdhelp.exe

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNCT511
                "DisplayName"="PC Camera (6005 CIF)"
                system32\DRIVERS\snct511.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SoundMAX Agent Service (default
                "DisplayName"="SoundMAX Agent Service"
                C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TIEHDUSB
                system32\drivers\tiehdusb.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wlask48d
                "DisplayName"="802.11b WLAN PC Card Service"
                System32\DRIVERS\wlask48d.sys

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{1CE72AE3-C4E9-436F-BB40-D46D827890C0}
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3F9CF9BD-369C-43C4-BACD-09AD41CD639B}
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{5F9422CB-E5CE-446F-BABB-A5980F4B3BB0}
                no imagepath value found

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{E12AD28B-29EE-42CD-ACFE-1DDCEF7ADC8D}
                no imagepath value found


                --- SECURITYPROVIDERS regkey ---

                HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
                "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


                --- SVCHOST regkey ---

                HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
                LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
                NetworkService: DnsCache\0\0
                netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuaus erv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0\0
                rpcss: RpcSs\0\0
                imgsvc: StiSvc\0\0
                termsvcs: TermService\0\0
                HTTPFilter: HTTPFilter\0\0
                DcomLaunch: DcomLaunch\0TermService\0\0
                Usnsvc: usnsvc\0\0
                WudfServiceGroup: WUDFSvc\0\0


                --- WOW-CMDLINE regkeys ---

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
                "cmdline" = %SystemRoot%\system32\ntvdm.exe
                "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


                --- DNS SERVER regkeys ---

                no "NameServer" values found


                --- STARTUP FOLDERS ---

                C:\Documents and Settings\Arjan van der Steege\Menu Start\Programma's\Opstarten\desktop.ini
                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk


                --- TASK SCHEDULER JOBS ---

                C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
                C:\WINDOWS\tasks\Critical Battery Alarm Program.job
                C:\WINDOWS\tasks\F67528E5A372C4AD.job
                C:\WINDOWS\tasks\Herinnering voor registratie 1.job
                C:\WINDOWS\tasks\Herinnering voor registratie 2.job
                C:\WINDOWS\tasks\Herinnering voor registratie 3.job
                C:\WINDOWS\tasks\Low Battery Alarm Program.job
                C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Arjan van der Steege.job
                C:\WINDOWS\tasks\Schijfopruiming.job
                C:\WINDOWS\tasks\Systeemherstel.job


                --- File associations ---

                .BAT files: ("%1" %*)
                .COM files: ("%1" %*)
                .EXE files: ("%1" %*)
                .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
                .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
                .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
                .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
                .PIF files: ("%1" %*)
                .REG files: (regedit.exe "%1")
                .SCR files: ("%1" /S)
                .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
                .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


                FINISHED

                Comment


                • #9
                  Download sophos-anti-rootkit: http://www.sophos.com/products/free-...i-rootkit.html
                  Plaatst het op je bureaublad.
                  Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap C:\Program Files\Sophos\Sophos Anti-Rootkit)
                  Wanneer de installatie succesvol is verlopen krijg je hiervan een melding.
                  Klik op JA/YES om het programma te starten.
                  Zorg dat aangevinkt zijn:
                  - Running processes
                  - Windows Registry
                  - Local Hard Drives
                  Klik op de knop "Start Scan".

                  Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
                  Ga naar Start - Uitvoeren en tik in: %temp%\sarscan.log
                  Er opent een kladblokbestandje. Post de inhoud van dit bestand.

                  Comment


                  • #10
                    Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc
                    Started logging on 9-1-2008 at 16:40:15
                    Stopped logging on 9-1-2008 at 16:55:33

                    Comment


                    • #11
                      Niets gevonden.
                      Zijn er nog problemen?

                      Comment


                      • #12
                        ja er zijn nog steeds pop-ups en komt dan een bericht rechtsonder in het scherm met de tekst "Ad served by intelligent advisor" maar ik hoor geen geluiden meer

                        Comment


                        • #13
                          Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                          Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                          Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                          • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                          • Klik vervolgens op de toets Scan Settings.
                            Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                            Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                          • Klik dan op de toets OK.
                          • Start nu het scannen door op de tekst My Computer te klikken.


                            Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                          • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                            Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                          Post dit rapport in je volgende bericht.

                          Comment


                          • #14
                            -------------------------------------------------------------------------------
                            KASPERSKY ONLINE SCANNER REPORT
                            Wednesday, January 09, 2008 10:31:28 PM
                            Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
                            Kaspersky Online Scanner version: 5.0.98.0
                            Kaspersky Anti-Virus database last update: 9/01/2008
                            Kaspersky Anti-Virus database records: 504887
                            -------------------------------------------------------------------------------

                            Scan Settings:
                            Scan using the following antivirus database: extended
                            Scan Archives: true
                            Scan Mail Bases: true

                            Scan Target - My Computer:
                            C:\
                            D:\

                            Scan Statistics:
                            Total number of scanned objects: 62292
                            Number of viruses found: 5
                            Number of infected objects: 6
                            Number of suspicious objects: 0
                            Duration of the scan process: 01:47:22

                            Infected Object Name / Virus Name / Last Action
                            C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\11CF363B.TMP Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
                            C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\101_1771.JPG Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArtSmall.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{14230F0B-DAF1-4233-978F-40AAB959E93F}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{14230F0B-DAF1-4233-978F-40AAB959E93F}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{9598667B-F31D-4CD9-8BAD-89765EFE59EC}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{9598667B-F31D-4CD9-8BAD-89765EFE59EC}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Allereerst moet je je naam veranderen in gouranga.doc Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\ESBK.mb Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\ESBK.mbb Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Folder.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\herwin\CanstagebiedersenNedleerlingenjan05.doc Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\herwin\naamloos.bmp Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Jantje Smit & Normaal - Zuiderzee ballade.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Jantje Smit & Ome Henk - Arie In Zijn Ferrari.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\K4 - Klein geil sletje (K3 parodie)(1).mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas & Gea Hulshof - Drie blauwe stenen.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Achter de regenboog.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Een traan op elke wang.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Ik hou steeds meer van jou.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Kom en hou me in je armen.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Kristal der Heimat.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en gea - zeg mij waarom.wma Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Dan Gaan De Lichten Aan.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof - de waarheid.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas En Gea Hulshof - Drink Het Bier Lekker Hier.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Gran Canaria.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof - Heb je mij niet meer nodig(1).mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas En Gea Hulshof - Huil Maar Niet Vanavond.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Ik zal dansen op je bruiloft.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Jij wil vrij zijn.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Steeds weer huil je(1).mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Steeds weer huil je.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof-Een meisje als jij.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Lucas en Gea-In het kleine cafeetje.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Marco Borsato - De Speeltuin.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Marco Borsato - Dromen zijn be.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\marco bosato - de waarheid.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Thumbs.db Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Waterlelies.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Winter.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Zonsondergang.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\0 Zo Ver Weg - Starkoo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArtSmall.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{559A27D6-885C-46D3-AF50-5B5206EEF9C6}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{559A27D6-885C-46D3-AF50-5B5206EEF9C6}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{6E564A22-748A-4624-9849-03A2C75F865C}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{6E564A22-748A-4624-9849-03A2C75F865C}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A0BF2D5A-5616-4CEC-8EA8-CA04099E0BC8}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A0BF2D5A-5616-4CEC-8EA8-CA04099E0BC8}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A2A359EF-F96D-4CB8-BA62-DE5DF43334D2}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A2A359EF-F96D-4CB8-BA62-DE5DF43334D2}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{BFCC5385-0BC9-400D-88DA-A09B89CB3A8C}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{BFCC5385-0BC9-400D-88DA-A09B89CB3A8C}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\ALTIJD LAZERUS - Knocking on Heavens Door.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Always Hardcore-Technohead.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Bassdusche - Ziggy X.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Een Teken Van Leven - De Kast.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Explode - Jordan & Baker.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Fantasy World - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Fly on the wings of love - XTM ft. Ania.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Folder.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Forever & Ever - Parla & Pardoux ft. Deniz.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Forever Young - Alphaville.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Hardcore Feelings - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Have You Ever Been Mellow 2002 - Fortezza ft. Amanda.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Het Feestfestival - Altijd Lazerus.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Het Is Een Nacht - Guus Meeuwis & Vagant.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Hymn - Gigi D'Agostino.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Met mien ogen dicht - Jannes.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Moonlight Shadow - DJ Mystik.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\More Than A Feeling - Jan Wayne.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Move Your Body - Staccato.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\music.bmp Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\music.wma Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Nobody Listen To Techno - Base Attack.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Nog Een Keer - Volumia.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\On & On - Yanou ft. Fo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Poison - Groove Coverage.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Raak - De Kast.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Rainbow High In The Sky - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Right Here Waiting - Full Gainer ft. Scotty.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Have not heard recently.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to late at night.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to on Weekends.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- One Audio CD worth.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- One Data CD-R worth.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks -- yet to be played.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks -- yet to be rated.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\High bitrate media in my library.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Low bitrate media in my library.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks I dislike.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks I have not rated.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks with content protection.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\So Happy Together (Hardcore Remix)-poogie bear.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Somewhere Over The Rainbow - Cosmic Gate.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Stuck On You - Mark 'oh.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\02_Music_added_in_the_last_month.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\04_Music_played_in_the_last_month.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\09_Music_played_the_most.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\10_All_Music.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\11_All_Pictures.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\12_All_Video.wpl Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\The Wave - Cosmic Gate.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Together In Wonderland - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Turn Me On - Kevin Little.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Viva La Vida - Captain Jack.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArtSmall.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Folder.jpg Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Negende symfonie van Beethoven (Scherzo).wma Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\New Stories (Highway Blues).wma Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Thumbs.db Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Wereld zonder jou (duet met Trijntje oosterhuis) - Marco Borsato.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\When You Sleep - Paddy Kelly.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Where Are You - Mario Lopez.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Wonderfull Days - Mark Oh.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\X2X We Want More - Brooklyn Bounce.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Xanadu - Party Animals.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\You're Free - Yomanda.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Your Smile - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn muziek\Zelfs je naam is mooi - Henk Westbroek.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Mijn video's\Desktop.ini Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\mp3Henk Wijngaard - Het Zwarte Asfalt.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Ne-Yo - Sexy Love.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Nederlandse - Piratenhits-(HETE ZOMERHITS tr9 margarita.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Normaal - Oerend Hard.MP3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Piraten - Henk Wijngaard - 120 Varkens Naar Beiroet.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Piraten Hits - Gebroeders Brouwer - Trompet Sirtaki ( instrumentaal ).mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Piratenhits - Gebroeders Ko - Nanu.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Piratenhits - Sytse Scheeringa - Mien olde Puch.mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Radio online setup.exe Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Stageverslag Selles Auto.doc Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Turbo Hits-Piraten-Henkie - De Fiets Van Piet Van Pa(1).mp3 Object is locked skipped
                            C:\Documents and Settings\All Users\Documenten\Zangavondgehandicapten25okt.doc Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Cookies\index.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\iamarjan1[email protected]\real\members.stg Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Geschiedenis\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_1398.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_13a0.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_e40.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF1954.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF196F.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF2C12.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF2C34.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFD4EA.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFD50C.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFF9C7.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFFB15.tmp Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\NTUSER.DAT Object is locked skipped
                            C:\Documents and Settings\Arjan van der Steege\ntuser.dat.LOG Object is locked skipped
                            C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                            C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                            C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                            C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                            C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                            C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                            C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                            C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                            C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                            C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                            C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
                            C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
                            C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll Infected: not-a-virus:AdWare.Win32.Agent.zi skipped
                            C:\Program Files\IntelligentAdvisor\IntelligentAdvisor.dat Object is locked skipped
                            C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
                            C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
                            C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP881\A0115492.exe Infected: not-a-virus:AdWare.Win32.Relevant.b skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP882\A0115554.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP882\A0115563.dll Infected: not-a-virus:AdWare.Win32.Agent.yr skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP883\A0116526.dll Infected: not-a-virus:AdWare.Win32.Agent.zi skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP883\A0116540.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
                            C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP899\change.log Object is locked skipped
                            C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
                            C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                            C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                            C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                            C:\WINDOWS\Sti_Trace.log Object is locked skipped
                            C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
                            C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
                            C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
                            C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                            C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
                            C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                            C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
                            C:\WINDOWS\system32\config\SAM Object is locked skipped
                            C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                            C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                            C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                            C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                            C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
                            C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                            C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                            C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
                            C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                            C:\WINDOWS\system32\h323log.txt Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                            C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                            C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat Object is locked skipped
                            C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
                            C:\WINDOWS\wiadebug.log Object is locked skipped
                            C:\WINDOWS\wiaservc.log Object is locked skipped
                            C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                            Scan process completed.

                            Comment


                            • #15
                              Zijn er nog problemen?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X