Mededeling

Collapse
No announcement yet.

[email protected]

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    [email protected]

    Beste Nucia

    sinds gister heb ik een aantal virussen op mijn computer gekregen en daar ben ik niet echt blij mee, ik heb er in totaal 3 gevonden die mij problemen geven:
    - [email protected]
    - [email protected]
    - [email protected] trojan horse
    ik heb een aantal scanners mijn pc laten scannen waaronder NOD32 en AdAware SE maar dit heeft tot niets geleid.

    ik denk zelf dat het gekomen is doordat ik gister een beveilliginsprogramma heb verwijderd van mijn computer.
    hieronder heb ik de logfile van Hijackthis geplaatst

    Logfile of HijackThis v1.99.1
    Scan saved at 11:22:23, on 8-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Video Add-on\icthis.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC Tools AntiVirus\PCTAV.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    E:\downloads\CTDetctu.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\turbosearchsite.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Creative Detector U] "E:\downloads\CTDetctu.exe" /R
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S77A.tmp" /EF "HKCU"
    O4 - Startup: Registration The Settlers II - 10th Anniversary.LNK = C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: eset.reg
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108776108800
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    ik hoop dat ik jullie zo genoeg informatie heb gegeven,en heb de stille hoop dat jullie dit ook oplossen kunnen.
    alvast bedankt.

    metviendelijke groet,

    Eeuwe Hofman
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      uitslag RVAXO

      beste Smeenk

      bedank voor het snel reageren op mijn mail. nadat ik RVAXO heb gebruikt is dit het resultaat:

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\smdat32m.sys
      C:\WINDOWS\smdat32a.sys
      C:\WINDOWS\system32\actskn45.ocx
      C:\Documents and Settings\All Users\Menu Start\Online Security Guide.url
      C:\Documents and Settings\All Users\Menu Start\Security Troubleshooting.url
      C:\Documents and Settings\Asus\FAVORI~1\Online Security Test.url

      Uninstallers Rogue scanners:

      AntiSpywareShield uninstaller found

      Folders Found:

      C:\Program Files\VirusRanger
      C:\Program Files\AntiSpywareShield
      C:\Program Files\AntiSpyGolden 5.2
      C:\Program Files\Video Add-on
      C:\Program Files\Helper
      C:\Program Files\VirusProtect 3.9

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_awp_hz_enh.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_awp_vt_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_longspan_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_lowpitch_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_optimo_enh.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_optimo_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_rooflights_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_rw_wall_vt_std.zip
      C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\dwg_tilesupport_std.zip
      Folders Found:

      --------------RVAXO.exe finished----------------

      Ik hoop dat dit genoeg is om het probleem op te lossen.

      met vriendelijke groet,

      Eeuwe Hofman
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          Combofix

          Beste Smeenk

          ik heb alles gedaan wat er in u mail stond en dit is het resultaat
          hoop dat u er wat aan heeft.

          ComboFix 08-01-08.4 - Asus 2008-01-08 15:11:30.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.172 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Asus\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))
          .

          2008-01-08 15:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-08 11:19 . 2008-01-08 14:26 <DIR> d-------- C:\HJT
          2008-01-07 19:14 . 2008-01-07 19:14 <DIR> d-------- C:\Documents and Settings\Asus\Application Data\PC Tools
          2008-01-07 19:13 . 2008-01-08 14:25 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
          2008-01-07 19:13 . 2008-01-07 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
          2008-01-07 19:13 . 2007-09-17 13:38 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
          2008-01-07 19:13 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
          2008-01-07 19:13 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
          2008-01-07 15:15 . 2008-01-07 16:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-06 20:15 . 2008-01-07 09:07 45 --a------ C:\TEST.XML
          2007-12-18 17:34 . 2007-12-18 17:34 <DIR> d-------- C:\Program Files\Belastingdienst
          2007-12-10 15:33 . 2007-12-10 15:35 <DIR> d-------- C:\Program Files\KnightsAndMerchants

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-07 14:59 --------- d-----w C:\Documents and Settings\Asus\Application Data\EPSON
          2007-12-18 17:57 13,312 --s-a-w C:\WINDOWS\system32\fsehfcu.dll
          2007-12-12 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-03 18:08 --------- d-----w C:\Program Files\Windows Live Toolbar
          2007-12-03 17:42 --------- d-----w C:\Program Files\TGTSoft
          2007-11-19 18:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-11-19 18:27 --------- d-----w C:\Program Files\Google
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
          "Creative Detector U"="E:\downloads\CTDetctu.exe" [2006-06-27 10:45 110592]
          "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-01-25 07:00 179200]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
          "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-09 21:25 155648]
          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-09 21:13 114688]
          "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
          "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 09:20 69632]
          "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]
          "BearShare"="E:\Program Files\BearShare\BearShare.exe" [ ]
          "InstaFinderK"="C:\Program Files\INSTAFINK\InstaFinderK_inst.exe" [ ]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-03 17:37 949376]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
          "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-10-04 15:44 1082664]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
          AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22]
          BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2003-12-01 15:28:00]
          eset.reg [2006-02-07 14:44:02]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
          "UIHost"="LogonUI.EXE"

          S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys

          *Newly Created Service* - PROCEXP90
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-10-22 21:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-08 13:21:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
          - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-08 15:15:54
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-08 15:16:51
          .
          2007-12-12 20:52:35 --- E O F ---

          met vriendelijke groet,

          Eeuwe Hofman
          • Citaat

          Comment

          • #6
            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht
            • Citaat

            Comment

            • #7
              Uitslag zoek.exe

              hier het antwoord van zoek.exe

              ----a-w 13,330,224 2008-01-07 18:12:24 C:\Documents and Settings\Asus\Bureaublad\avinstall.exe
              ----a-w 1,495,616 2008-01-08 14:10:01 C:\Documents and Settings\Asus\Bureaublad\ComboFix.exe
              ----a-w 0 2008-01-07 17:25:52 C:\Documents and Settings\Asus\Bureaublad\SmitfraudFix.exe
              ----a-w 147,456 2008-01-08 14:43:36 C:\Documents and Settings\Asus\Bureaublad\zoek.exe
              ----a-w 49,152 2008-01-03 18:47:58 C:\Documents and Settings\Asus\Local Settings\Temp\vfind.exe
              ----a-w 50,688 2008-01-07 17:14:45 C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\ATF-Cleaner.exe
              ----a-w 218,112 2008-01-08 10:20:04 C:\HJT\HijackThis.exe
              ------r 127,954 2007-12-18 16:34:07 C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\hz2008u.exe
              ----a-w 706,431 2008-01-07 18:12:36 C:\Program Files\PC Tools AntiVirus\unins000.exe

              Entries: 9 (9)
              Directories: 0 Files: 9
              Bytes: 16,125,633 Blocks: 31,497
              =============
              --s-a-w 13,312 2007-12-18 17:57:23 C:\WINDOWS\system32\fsehfcu.dll

              Entries: 1 (0)
              Directories: 0 Files: 1
              Bytes: 13,312 Blocks: 26
              =============
              ----a-w 154 2007-12-19 19:27:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\College BE constructies.doc.url
              ----a-w 156 2008-01-08 14:34:59 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Opdracht Jurisprudentie.doc.url
              ----a-w 178 2008-01-08 14:35:36 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Week 1.7 Opdracht Politiek en Bestuur.doc.url
              ----a-w 149 2007-12-19 11:35:58 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\weekopdracht 2.6.doc.url
              ----a-w 127 2008-01-08 14:34:59 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_189670_1 op www.elo.nhl.nl.url
              ----a-w 127 2008-01-08 14:35:36 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_190380_1 op www.elo.nhl.nl.url
              ----a-w 127 2007-12-18 14:46:16 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_196663_1 op www.elo.nhl.nl.url
              ----a-w 123 2007-12-19 19:27:55 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_196878_1 op elo.nhl.nl.url
              ----a-w 127 2007-12-19 11:35:58 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_198462_1 op www.elo.nhl.nl.url
              ----a-w 259 2008-01-08 13:37:27 C:\Documents and Settings\Asus\Favorieten\HijackThis logs - Nucia - ASO forums.url
              ----a-w 49 2007-12-18 16:34:08 C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\www.toeslagen.nl.url
              ----a-w 60 2008-01-07 18:13:20 C:\Program Files\PC Tools AntiVirus\homepage.url

              Entries: 12 (12)
              Directories: 0 Files: 12
              Bytes: 1,636 Blocks: 12
              =============
              ----a-w 989 2007-12-18 16:34:13 C:\Documents and Settings\All Users\Bureaublad\HZ 2008.lnk
              ----a-w 2,137 2008-01-07 16:23:23 C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
              ----a-w 661 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Bureaublad\PC Tools AntiVirus.lnk
              ----a-w 2,265 2008-01-07 08:07:06 C:\Documents and Settings\All Users\Menu Start\Programma's\Apple Software Update.lnk
              ----a-w 1,013 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008 Help.lnk
              ----a-w 827 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008 verwijderen.lnk
              ----a-w 1,013 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008.lnk
              ----a-w 1,065 2007-12-18 16:34:08 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\www.toeslagen.nl.lnk
              ----a-w 702 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools AntiVirus Help.lnk
              ----a-w 581 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools Antivirus Homepage.lnk
              ----a-w 673 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools AntiVirus.lnk
              ----a-w 692 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\Uninstall PC Tools AntiVirus.lnk
              ----a-w 1,602 2008-01-07 16:29:04 C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk
              ----a-w 1,034 2007-12-19 09:42:21 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Save Drawing As\Ontwerp wasserstrasse SJ.dwg.lnk
              ----a-w 617 2007-12-19 12:40:35 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Select File\steiger_en_walbeschoeiing[1].dwg.lnk
              ----a-w 955 2007-12-19 12:42:06 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Select File\Trappen1.dwg.lnk
              ----a-w 907 2008-01-07 08:08:00 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
              ----a-w 679 2008-01-07 18:13:20 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools AntiVirus.lnk
              ----a-w 902 2008-01-07 08:08:00 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
              ----a-w 781 2007-12-17 15:00:21 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Agenda_en_notulen_week_5_periode_2.lnk
              ----a-w 386 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\BE.lnk
              ----a-w 726 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\BE_grondmechanica_les_4.lnk
              ----a-w 314 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Bureaublad.lnk
              ----a-w 444 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Lesrooster.lnk
              ----a-w 536 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Mijn ontvangen bestanden.lnk
              ----a-w 873 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.dotm (2).lnk
              ----a-w 873 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.dotm.lnk
              ----a-w 873 2008-01-06 19:42:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.lnk
              ----a-w 763 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Sjablonen (2).lnk
              ----a-w 763 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Sjablonen.lnk
              ----a-w 763 2007-12-17 15:01:48 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Templates.lnk
              ----a-w 478 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Week 2.6.lnk
              ----a-w 612 2007-12-17 15:17:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Werk.lnk
              ----a-w 792 2008-01-07 17:18:34 C:\Documents and Settings\Asus\Bureaublad\Snelkoppeling naar ATF-Cleaner.lnk
              ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Deze computer (2).lnk
              ----a-w 104 2008-01-07 18:18:31 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Deze computer.lnk
              ----a-w 104 2008-01-07 17:58:37 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (2).lnk
              ----a-w 104 2008-01-07 17:58:38 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (3).lnk
              ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (4).lnk
              ----a-w 104 2008-01-07 17:58:35 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer.lnk
              ----a-w 353 2008-01-07 17:59:11 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn documenten (2).lnk
              ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn netwerklocaties (2).lnk
              ----a-w 104 2008-01-07 17:58:48 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn netwerklocaties.lnk
              ----a-w 576 2008-01-08 14:16:29 C:\Documents and Settings\Asus\Mijn documenten\Mijn Gedeelde Mappen.lnk
              ----a-w 1,170 2007-12-18 09:25:52 C:\Documents and Settings\Asus\Onlangs geopend\885.lnk
              ----a-w 970 2008-01-07 08:12:11 C:\Documents and Settings\Asus\Onlangs geopend\AD66.lnk
              ----a-w 1,270 2008-01-07 08:15:37 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 052.lnk
              ----a-w 1,231 2007-12-18 09:26:26 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 144.lnk
              ----a-w 1,231 2007-12-18 09:24:45 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 162.lnk
              ----a-w 907 2007-12-17 15:00:21 C:\Documents and Settings\Asus\Onlangs geopend\Agenda_en_notulen_week_5_periode_2.lnk
              ----a-w 668 2008-01-08 13:43:45 C:\Documents and Settings\Asus\Onlangs geopend\BE.lnk
              ----a-w 852 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Onlangs geopend\BE_grondmechanica_les_4.lnk
              ----a-w 964 2007-12-17 15:25:03 C:\Documents and Settings\Asus\Onlangs geopend\Factuur J.Schilstra 17-12-2007.lnk
              ----a-w 498 2008-01-08 10:30:16 C:\Documents and Settings\Asus\Onlangs geopend\hijackthis .lnk
              ----a-w 352 2008-01-08 14:17:52 C:\Documents and Settings\Asus\Onlangs geopend\HJT.lnk
              ----a-w 924 2007-12-17 11:07:35 C:\Documents and Settings\Asus\Onlangs geopend\Hoerenveen.lnk
              ----a-w 1,016 2008-01-07 15:01:07 C:\Documents and Settings\Asus\Onlangs geopend\img024.lnk
              ----a-w 1,035 2008-01-08 13:43:45 C:\Documents and Settings\Asus\Onlangs geopend\LEEUWARDEN-WTC-Slauwerhof[1].dwg.lnk
              ----a-w 510 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Onlangs geopend\Lesrooster.lnk
              ----a-w 1,072 2007-12-18 09:28:01 C:\Documents and Settings\Asus\Onlangs geopend\Leuke foto's.lnk
              ----a-w 354 2008-01-08 14:17:52 C:\Documents and Settings\Asus\Onlangs geopend\log.txt.lnk
              ----a-w 689 2008-01-07 16:19:34 C:\Documents and Settings\Asus\Onlangs geopend\Mijn afbeeldingen.lnk
              ----a-w 518 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Onlangs geopend\Mijn ontvangen bestanden.lnk
              ----a-w 564 2008-01-07 16:22:10 C:\Documents and Settings\Asus\Onlangs geopend\Mijn video's.lnk
              ----a-w 815 2008-01-07 16:22:09 C:\Documents and Settings\Asus\Onlangs geopend\MOV00043.lnk
              ----a-w 1,057 2008-01-08 14:40:55 C:\Documents and Settings\Asus\Onlangs geopend\Normal.dotm.lnk
              ----a-w 634 2007-12-19 09:18:11 C:\Documents and Settings\Asus\Onlangs geopend\Ontwerp wasserstrasse SJ.lnk
              ----a-w 1,475 2007-12-18 09:28:01 C:\Documents and Settings\Asus\Onlangs geopend\P1010136.lnk
              ----a-w 1,160 2007-12-19 11:53:43 C:\Documents and Settings\Asus\Onlangs geopend\Parkeergarageventilatie_turn_key_voor_u_opgeleverd[1].lnk
              ----a-w 891 2008-01-07 08:15:37 C:\Documents and Settings\Asus\Onlangs geopend\Poppenwier.lnk
              ----a-w 882 2007-12-19 13:18:01 C:\Documents and Settings\Asus\Onlangs geopend\Prettige_Kerstdagen![1].lnk
              ----a-w 1,207 2007-12-17 15:01:47 C:\Documents and Settings\Asus\Onlangs geopend\Services invoice with hours and rate.lnk
              ----a-w 811 2008-01-08 14:40:55 C:\Documents and Settings\Asus\Onlangs geopend\Sjablonen.lnk
              ----a-w 310 2007-12-18 15:12:22 C:\Documents and Settings\Asus\Onlangs geopend\stedenbouw wtc plan (2).lnk
              ----a-w 318 2007-12-19 09:39:06 C:\Documents and Settings\Asus\Onlangs geopend\stedenbouw wtc plan.lnk
              ----a-w 811 2007-12-17 15:01:48 C:\Documents and Settings\Asus\Onlangs geopend\Templates.lnk
              ----a-w 829 2008-01-07 16:19:34 C:\Documents and Settings\Asus\Onlangs geopend\verkeerskunde.lnk
              ----a-w 425 2007-12-19 09:18:11 C:\Documents and Settings\Asus\Onlangs geopend\wasserstrasse.lnk
              ----a-w 189 2007-12-19 09:39:07 C:\Documents and Settings\Asus\Onlangs geopend\WATERHOOFD (F).lnk
              ----a-w 940 2007-12-19 11:34:35 C:\Documents and Settings\Asus\Onlangs geopend\Week 2.2.lnk
              ----a-w 528 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Onlangs geopend\Week 2.6.lnk
              ----a-w 1,040 2007-12-19 11:34:24 C:\Documents and Settings\Asus\Onlangs geopend\Week opdracht BE week 2.2 BE.lnk
              ----a-w 594 2007-12-17 15:25:03 C:\Documents and Settings\Asus\Onlangs geopend\Werk.lnk

              Entries: 83 (83)
              Directories: 0 Files: 83
              Bytes: 62,763 Blocks: 166
              =============

              met vriendelijke groet,

              eeuwe Hofman
              • Citaat

              Comment

              • #8
                Open hijackthis, klik 'config' (rechts onderaan)
                Kies de tab 'misc Tools' bovenaan.
                Kies 'delete a file on reboot'
                In het veld, kopieer en plak het volgend lijntje:

                C:\WINDOWS\system32\fsehfcu.dll

                Klik open.
                Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
                Klik ja/ok

                Je pc zal nu rebooten.

                Gebruik zoek.exe na de herstart van je PC nog maar eens en post het logje
                • Citaat

                Comment

                • #9
                  Uitslag Hijackthis

                  Hier de uitslag van de 2de zoek.exe
                  succes

                  ----a-w 13,330,224 2008-01-07 18:12:24 C:\Documents and Settings\Asus\Bureaublad\avinstall.exe
                  ----a-w 1,495,616 2008-01-08 14:10:01 C:\Documents and Settings\Asus\Bureaublad\ComboFix.exe
                  ----a-w 0 2008-01-07 17:25:52 C:\Documents and Settings\Asus\Bureaublad\SmitfraudFix.exe
                  ----a-w 147,456 2008-01-08 14:43:36 C:\Documents and Settings\Asus\Bureaublad\zoek.exe
                  ----a-w 49,152 2008-01-03 18:47:58 C:\Documents and Settings\Asus\Local Settings\Temp\vfind.exe
                  ----a-w 50,688 2008-01-07 17:14:45 C:\Documents and Settings\Asus\Mijn documenten\Mijn ontvangen bestanden\ATF-Cleaner.exe
                  ----a-w 218,112 2008-01-08 10:20:04 C:\HJT\HijackThis.exe
                  ------r 127,954 2007-12-18 16:34:07 C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\hz2008u.exe
                  ----a-w 706,431 2008-01-07 18:12:36 C:\Program Files\PC Tools AntiVirus\unins000.exe

                  Entries: 9 (9)
                  Directories: 0 Files: 9
                  Bytes: 16,125,633 Blocks: 31,497
                  =============
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =============
                  ----a-w 154 2007-12-19 19:27:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\College BE constructies.doc.url
                  ----a-w 156 2008-01-08 14:34:59 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Opdracht Jurisprudentie.doc.url
                  ----a-w 178 2008-01-08 14:35:36 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Week 1.7 Opdracht Politiek en Bestuur.doc.url
                  ----a-w 149 2007-12-19 11:35:58 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\weekopdracht 2.6.doc.url
                  ----a-w 127 2008-01-08 14:34:59 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_189670_1 op www.elo.nhl.nl.url
                  ----a-w 127 2008-01-08 14:35:36 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_190380_1 op www.elo.nhl.nl.url
                  ----a-w 127 2007-12-18 14:46:16 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_196663_1 op www.elo.nhl.nl.url
                  ----a-w 123 2007-12-19 19:27:55 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_196878_1 op elo.nhl.nl.url
                  ----a-w 127 2007-12-19 11:35:58 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\_198462_1 op www.elo.nhl.nl.url
                  ----a-w 259 2008-01-08 13:37:27 C:\Documents and Settings\Asus\Favorieten\HijackThis logs - Nucia - ASO forums.url
                  ----a-w 49 2007-12-18 16:34:08 C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\www.toeslagen.nl.url
                  ----a-w 60 2008-01-07 18:13:20 C:\Program Files\PC Tools AntiVirus\homepage.url

                  Entries: 12 (12)
                  Directories: 0 Files: 12
                  Bytes: 1,636 Blocks: 12
                  =============
                  ----a-w 989 2007-12-18 16:34:13 C:\Documents and Settings\All Users\Bureaublad\HZ 2008.lnk
                  ----a-w 2,137 2008-01-07 16:23:23 C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
                  ----a-w 661 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Bureaublad\PC Tools AntiVirus.lnk
                  ----a-w 2,265 2008-01-07 08:07:06 C:\Documents and Settings\All Users\Menu Start\Programma's\Apple Software Update.lnk
                  ----a-w 1,013 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008 Help.lnk
                  ----a-w 827 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008 verwijderen.lnk
                  ----a-w 1,013 2007-12-18 16:34:07 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\HZ 2008.lnk
                  ----a-w 1,065 2007-12-18 16:34:08 C:\Documents and Settings\All Users\Menu Start\Programma's\Belastingdienst\Huur- en zorgtoeslag\2008\www.toeslagen.nl.lnk
                  ----a-w 702 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools AntiVirus Help.lnk
                  ----a-w 581 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools Antivirus Homepage.lnk
                  ----a-w 673 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\PC Tools AntiVirus.lnk
                  ----a-w 692 2008-01-07 18:13:20 C:\Documents and Settings\All Users\Menu Start\Programma's\PC Tools AntiVirus\Uninstall PC Tools AntiVirus.lnk
                  ----a-w 1,602 2008-01-07 16:29:04 C:\Documents and Settings\All Users\Menu Start\Programma's\Systeembeheer\Computerbeheer.lnk
                  ----a-w 1,034 2007-12-19 09:42:21 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Save Drawing As\Ontwerp wasserstrasse SJ.dwg.lnk
                  ----a-w 617 2007-12-19 12:40:35 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Select File\steiger_en_walbeschoeiing[1].dwg.lnk
                  ----a-w 955 2007-12-19 12:42:06 C:\Documents and Settings\Asus\Application Data\Autodesk\AutoCAD 2006\R16.2\enu\Recent\Select File\Trappen1.dwg.lnk
                  ----a-w 907 2008-01-07 08:08:00 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
                  ----a-w 679 2008-01-07 18:13:20 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools AntiVirus.lnk
                  ----a-w 902 2008-01-07 08:08:00 C:\Documents and Settings\Asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
                  ----a-w 781 2007-12-17 15:00:21 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Agenda_en_notulen_week_5_periode_2.lnk
                  ----a-w 386 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\BE.lnk
                  ----a-w 726 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\BE_grondmechanica_les_4.lnk
                  ----a-w 314 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Bureaublad.lnk
                  ----a-w 444 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Lesrooster.lnk
                  ----a-w 536 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Mijn ontvangen bestanden.lnk
                  ----a-w 873 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.dotm (2).lnk
                  ----a-w 873 2008-01-08 14:56:22 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.dotm.lnk
                  ----a-w 873 2008-01-06 19:42:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Normal.lnk
                  ----a-w 763 2008-01-08 14:40:56 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Sjablonen (2).lnk
                  ----a-w 763 2008-01-08 14:56:22 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Sjablonen.lnk
                  ----a-w 763 2007-12-17 15:01:48 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Templates.lnk
                  ----a-w 478 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Week 2.6.lnk
                  ----a-w 612 2007-12-17 15:17:54 C:\Documents and Settings\Asus\Application Data\Microsoft\Office\Recent\Werk.lnk
                  ----a-w 792 2008-01-07 17:18:34 C:\Documents and Settings\Asus\Bureaublad\Snelkoppeling naar ATF-Cleaner.lnk
                  ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Deze computer (2).lnk
                  ----a-w 104 2008-01-07 18:18:31 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Deze computer.lnk
                  ----a-w 104 2008-01-07 17:58:37 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (2).lnk
                  ----a-w 104 2008-01-07 17:58:38 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (3).lnk
                  ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer (4).lnk
                  ----a-w 104 2008-01-07 17:58:35 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Internet Explorer.lnk
                  ----a-w 353 2008-01-07 17:59:11 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn documenten (2).lnk
                  ----a-w 104 2008-01-07 18:18:42 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn netwerklocaties (2).lnk
                  ----a-w 104 2008-01-07 17:58:48 C:\Documents and Settings\Asus\Bureaublad\Ongebruikte bureaubladpictogrammen\Mijn netwerklocaties.lnk
                  ----a-w 576 2008-01-08 15:04:22 C:\Documents and Settings\Asus\Mijn documenten\Mijn Gedeelde Mappen.lnk
                  ----a-w 1,170 2007-12-18 09:25:52 C:\Documents and Settings\Asus\Onlangs geopend\885.lnk
                  ----a-w 970 2008-01-07 08:12:11 C:\Documents and Settings\Asus\Onlangs geopend\AD66.lnk
                  ----a-w 1,270 2008-01-07 08:15:37 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 052.lnk
                  ----a-w 1,231 2007-12-18 09:26:26 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 144.lnk
                  ----a-w 1,231 2007-12-18 09:24:45 C:\Documents and Settings\Asus\Onlangs geopend\Afbeelding 162.lnk
                  ----a-w 907 2007-12-17 15:00:21 C:\Documents and Settings\Asus\Onlangs geopend\Agenda_en_notulen_week_5_periode_2.lnk
                  ----a-w 668 2008-01-08 13:43:45 C:\Documents and Settings\Asus\Onlangs geopend\BE.lnk
                  ----a-w 852 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Onlangs geopend\BE_grondmechanica_les_4.lnk
                  ----a-w 964 2007-12-17 15:25:03 C:\Documents and Settings\Asus\Onlangs geopend\Factuur J.Schilstra 17-12-2007.lnk
                  ----a-w 498 2008-01-08 10:30:16 C:\Documents and Settings\Asus\Onlangs geopend\hijackthis .lnk
                  ----a-w 352 2008-01-08 14:44:57 C:\Documents and Settings\Asus\Onlangs geopend\HJT.lnk
                  ----a-w 924 2007-12-17 11:07:35 C:\Documents and Settings\Asus\Onlangs geopend\Hoerenveen.lnk
                  ----a-w 1,016 2008-01-07 15:01:07 C:\Documents and Settings\Asus\Onlangs geopend\img024.lnk
                  ----a-w 1,035 2008-01-08 13:43:45 C:\Documents and Settings\Asus\Onlangs geopend\LEEUWARDEN-WTC-Slauwerhof[1].dwg.lnk
                  ----a-w 510 2008-01-06 19:42:10 C:\Documents and Settings\Asus\Onlangs geopend\Lesrooster.lnk
                  ----a-w 1,072 2007-12-18 09:28:01 C:\Documents and Settings\Asus\Onlangs geopend\Leuke foto's.lnk
                  ----a-w 354 2008-01-08 14:17:52 C:\Documents and Settings\Asus\Onlangs geopend\log.txt.lnk
                  ----a-w 481 2008-01-08 14:44:57 C:\Documents and Settings\Asus\Onlangs geopend\log.txt2.txt.lnk
                  ----a-w 689 2008-01-07 16:19:34 C:\Documents and Settings\Asus\Onlangs geopend\Mijn afbeeldingen.lnk
                  ----a-w 518 2007-12-19 19:28:49 C:\Documents and Settings\Asus\Onlangs geopend\Mijn ontvangen bestanden.lnk
                  ----a-w 564 2008-01-07 16:22:10 C:\Documents and Settings\Asus\Onlangs geopend\Mijn video's.lnk
                  ----a-w 815 2008-01-07 16:22:09 C:\Documents and Settings\Asus\Onlangs geopend\MOV00043.lnk
                  ----a-w 1,057 2008-01-08 14:56:22 C:\Documents and Settings\Asus\Onlangs geopend\Normal.dotm (2).lnk
                  ----a-w 1,057 2008-01-08 14:40:55 C:\Documents and Settings\Asus\Onlangs geopend\Normal.dotm.lnk
                  ----a-w 634 2007-12-19 09:18:11 C:\Documents and Settings\Asus\Onlangs geopend\Ontwerp wasserstrasse SJ.lnk
                  ----a-w 1,475 2007-12-18 09:28:01 C:\Documents and Settings\Asus\Onlangs geopend\P1010136.lnk
                  ----a-w 1,160 2007-12-19 11:53:43 C:\Documents and Settings\Asus\Onlangs geopend\Parkeergarageventilatie_turn_key_voor_u_opgeleverd[1].lnk
                  ----a-w 891 2008-01-07 08:15:37 C:\Documents and Settings\Asus\Onlangs geopend\Poppenwier.lnk
                  ----a-w 882 2007-12-19 13:18:01 C:\Documents and Settings\Asus\Onlangs geopend\Prettige_Kerstdagen![1].lnk
                  ----a-w 1,207 2007-12-17 15:01:47 C:\Documents and Settings\Asus\Onlangs geopend\Services invoice with hours and rate.lnk
                  ----a-w 811 2008-01-08 14:56:22 C:\Documents and Settings\Asus\Onlangs geopend\Sjablonen.lnk
                  ----a-w 310 2007-12-18 15:12:22 C:\Documents and Settings\Asus\Onlangs geopend\stedenbouw wtc plan (2).lnk
                  ----a-w 318 2007-12-19 09:39:06 C:\Documents and Settings\Asus\Onlangs geopend\stedenbouw wtc plan.lnk
                  ----a-w 811 2007-12-17 15:01:48 C:\Documents and Settings\Asus\Onlangs geopend\Templates.lnk
                  ----a-w 829 2008-01-07 16:19:34 C:\Documents and Settings\Asus\Onlangs geopend\verkeerskunde.lnk
                  ----a-w 425 2007-12-19 09:18:11 C:\Documents and Settings\Asus\Onlangs geopend\wasserstrasse.lnk
                  ----a-w 189 2007-12-19 09:39:07 C:\Documents and Settings\Asus\Onlangs geopend\WATERHOOFD (F).lnk
                  ----a-w 940 2007-12-19 11:34:35 C:\Documents and Settings\Asus\Onlangs geopend\Week 2.2.lnk
                  ----a-w 528 2007-12-19 12:01:32 C:\Documents and Settings\Asus\Onlangs geopend\Week 2.6.lnk
                  ----a-w 1,040 2007-12-19 11:34:24 C:\Documents and Settings\Asus\Onlangs geopend\Week opdracht BE week 2.2 BE.lnk
                  ----a-w 594 2007-12-17 15:25:03 C:\Documents and Settings\Asus\Onlangs geopend\Werk.lnk

                  Entries: 85 (85)
                  Directories: 0 Files: 85
                  Bytes: 64,301 Blocks: 170
                  =============


                  met vriendelijke groet,

                  Eeuwe Hofman
                  • Citaat

                  Comment

                  • #10
                    Probleem zou volgens mij voorbij moeten zijn

                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Ga naar Start - Uitvoeren en geef hier het volgende in:
                    Combofix /U
                    Druk daarna op OK.
                    Let op: Er moet een spatie tussen Combofix en /U zitten.

                    Dit zal Combofix deïnstalleren.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle
                    • Citaat

                    Comment

                    • #11
                      Het is gelukt

                      Beste Smeeks

                      Bedankt voor alles want ik zat er wel mee aan, maar het is volgens mij nu ook helemaal opgelost.

                      Ik hoop dat ik jullie niet weer nodig heb, voor problemen met mijn pc maar als het wel gebeurd zijn jullie de eersten waarmee ik contact opneem.

                      Met vriendelijke groet,

                      Eeuwe Hofman
                      • Citaat

                      Comment

                      • #12
                        Graag gedaan hoor
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X