Mededeling

Collapse
No announcement yet.

Folderopties verdwenen naar melding virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Folderopties verdwenen naar melding virus

    Beste Nucia,

    Laatst heb ik een virusmelding gekregen door m'n virusscanner (ik gebruik Avast).
    Zoals altijd druk ik op de knop om het bestand in de viruskluis te zetten.
    Nadat avast deze handeling uitgevoerd heeft, kom ik erachter dat alle verborgen mappen niet meer zichtbaar zijn.
    Dus ik ga naar windows verkenner, ga naar extra en wil op mapopties drukken, blijkt deze weg te zijn.
    Ook in configuratiescherm zijn de mapopties niet meer terug te vinden.

    Na op internet gezocht te hebben naar een manier om dit terug te veranderen, is het mij gelukt door middel van het aanpassen van de registerwaarde noFolderOptions (welke op 1 stond en op 0 moet staan), mijn mapopties terug te krijgen.

    Nu blijkt echter dat, als ik mapopties open, de optie om verborgen mappen te weergeven verdwenen is.

    Hierbij de meldingen van Avast:

    4-1-2008 22:20:08 Niels 2964 Sign of "Win32:WinSpy-AU [Trj]" has been found in "C:\WINDOWS\display\services.exe" file.
    4-1-2008 22:19:23 SYSTEM 336 Sign of "Win32:WinSpy-AU [Trj]" has been found in "C:\WINDOWS\display\services.exe" file.
    4-1-2008 17:08:21 SYSTEM 336 Sign of "Win32:WinSpy-AU [Trj]" has been found in "C:\WINDOWS\display\services.exe" file.
    4-1-2008 17:08:19 SYSTEM 336 Sign of "Win32:Agent-KGP [Trj]" has been found in "C:\WINDOWS\hpeg.dll" file.
    4-1-2008 17:08:18 SYSTEM 336 Sign of "Win32:WinSpy-AX [Trj]" has been found in "C:\WINDOWS\enco.exe" file.
    4-1-2008 17:08:16 SYSTEM 336 Sign of "Win32:WinSpy-AU [Trj]" has been found in "C:\WINDOWS\display\services.exe" file.
    4-1-2008 17:08:11 SYSTEM 336 Sign of "Win32:WinSpy-AX [Trj]" has been found in "C:\DOCUME~1\Niels\LOCALS~1\Temp\Compress0\unir.exe" file.
    4-1-2008 17:08:08 SYSTEM 336 Sign of "Win32:WinSpy-AU [Trj]" has been found in "C:\DOCUME~1\Niels\LOCALS~1\Temp\Compress0\services.exe" file.
    4-1-2008 17:08:02 SYSTEM 336 Sign of "Win32:Agent-KGP [Trj]" has been found in "C:\DOCUME~1\Niels\LOCALS~1\Temp\Compress0\hpeg.dll" file.

    Ik heb alle bovenstaande locaties afgezocht, deze zijn allemaal verwijderdt.
    Ook heb ik de bestanden in kwestie gezocht op al m'n schijven, hier vond ik ook niks.
    Ik heb ook nog een virusscan uitgevoerd, deze had wel wat dingen gevonden, maar deze bestanden hadden niks met de hierbovenstaande te maken. Na het verwijderen van alle gevonden bestanden, is het probleem nog niet verholpen.

    Dan ook nog m'n hijack this logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:31:35, on 16-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\avast! Antivirus\aswUpdSv.exe
    D:\avast! Antivirus\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    D:\avast! Antivirus\ashMaiSv.exe
    D:\avast! Antivirus\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Perfect Process\ppshield.exe
    D:\AVAST!~1\ashDisp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\Niels\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\World of Warcraft\Curse Client\CurseClient.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\Niels\BUREAU~1\FXPDIN~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe
    O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Niels\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Niels\msn\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [CurseClient] D:\World of Warcraft\Curse Client\CurseClient.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Niels\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Niels\MP3\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Niels\MP3\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast! Antivirus\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\avast! Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast! Antivirus\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast! Antivirus\ashWebSv.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Niels\Eset\nod32krn.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Task Manager service (RTM) - Unknown owner - d:\niels\test\RTMService.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Niels\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Niels\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 12972 bytes


    Ik hoor graag jullie advies,

    Niels
    Last edited by Niels Schurink; 16-01-08, 14:01.

  • #2
    Dag Niels,

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Hierbij de logjes:

      Combofix

      ComboFix 08-01-16.4 - Niels 2008-01-16 19:59:26.2 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Niels\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
      .

      2008-01-16 14:33 . 2008-01-16 19:45 <DIR> dr-h----- C:\Documents and Settings\Niels\Onlangs geopend
      2008-01-15 12:54 . 2008-01-15 12:54 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\Wireshark
      2008-01-14 16:38 . 2008-01-14 16:38 462 --a------ C:\sec.bat
      2008-01-11 14:58 . 2008-01-11 14:58 <DIR> d-------- C:\Documents and Settings\Niels\.msf3
      2008-01-10 21:06 . 2008-01-11 14:28 <DIR> d-------- C:\Documents and Settings\Niels\Application Data\gtk-2.0
      2008-01-10 19:21 . 2008-01-01 14:19 1,335,808 --a------ C:\WINDOWS\system32\nmap.exe
      2008-01-10 19:10 . 1998-01-03 14:37 59,392 --a------ C:\WINDOWS\system32\nc.exe
      2008-01-09 17:12 . 2008-01-11 20:23 <DIR> d-------- C:\Documents and Settings\Niels\.zenmap
      2008-01-09 16:37 . 2008-01-01 14:19 <DIR> d-------- C:\nmap
      2008-01-09 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-08 17:45 . 2007-08-27 15:30 572,928 --a------ C:\WINDOWS\system32\gpedit.dll
      2008-01-08 17:45 . 2007-08-27 15:30 300,032 --a------ C:\WINDOWS\system32\appmgr.dll
      2008-01-08 17:45 . 2007-08-27 15:30 200,192 --a------ C:\WINDOWS\system32\gptext.dll
      2008-01-08 17:45 . 2007-08-27 15:30 175,616 --a------ C:\WINDOWS\system32\appmgmts.dll
      2008-01-08 17:45 . 2007-08-27 15:30 118,272 --a------ C:\WINDOWS\system32\fde.dll
      2008-01-08 17:45 . 2007-08-27 15:30 74,752 --a------ C:\WINDOWS\system32\fdeploy.dll
      2008-01-08 17:45 . 2007-08-27 15:30 34,339 --a------ C:\WINDOWS\system32\gpedit.msc
      2008-01-04 21:04 . 2008-01-04 21:04 <DIR> d-------- C:\WINDOWS\system32\Y_ZippedF
      2008-01-04 21:04 . 2008-01-04 21:04 <DIR> d-------- C:\WINDOWS\system32\Y_Plugins
      2008-01-04 21:04 . 2008-01-04 21:04 282,726 --a------ C:\WINDOWS\system32\msnmsgrs.exe
      2008-01-04 20:21 . 2008-01-04 20:21 2,581 -r-hs---- C:\WINDOWS\PCGWIN32.LI5
      2008-01-04 20:05 . 2008-01-04 20:05 1,584 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
      2008-01-04 17:08 . 2008-01-04 22:20 <DIR> d-------- C:\WINDOWS\display
      2008-01-04 17:08 . 2008-01-04 17:08 <DIR> d-------- C:\Program Files\Accessories
      2008-01-04 17:08 . 2007-08-01 11:56 26 --a------ C:\WINDOWS\refsdm.dll
      2007-12-25 12:47 . 2007-12-25 12:47 <DIR> d-------- C:\Program Files\Common Files\Application
      2007-12-25 12:47 . 2007-12-25 12:47 <DIR> d-------- C:\Program Files\Common Files\Ankiro
      2007-12-25 12:46 . 2008-01-16 19:36 <DIR> d-------- C:\Program Files\SPAMfighter
      2007-12-20 13:02 . 2007-12-20 15:57 73 --a------ C:\WINDOWS\2pic.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-16 18:35 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
      2008-01-16 18:35 --------- d-----w C:\Program Files\Perfect Process
      2008-01-16 18:28 66,904 ----a-w C:\Documents and Settings\Antoinette 2\Application Data\wklnhst.dat
      2008-01-16 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-15 18:29 41,570 ----a-w C:\Documents and Settings\Niels\Application Data\wklnhst.dat
      2008-01-14 19:43 57,856 ----a-w C:\Documents and Settings\Wim\Application Data\wklnhst.dat
      2008-01-13 17:15 --------- d-----w C:\Documents and Settings\Lineke\Application Data\Slide
      2008-01-11 15:02 --------- d-----w C:\Documents and Settings\Niels\Application Data\LimeWire
      2008-01-09 16:12 --------- d-----w C:\Program Files\WinPcap
      2008-01-08 14:56 26,984 ----a-w C:\Documents and Settings\Lineke\Application Data\wklnhst.dat
      2008-01-08 14:16 111,952 -c--a-w C:\Documents and Settings\Lineke\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-06 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-01-05 16:26 --------- d-----w C:\Documents and Settings\Antoinette 2\Application Data\LimeWire
      2008-01-05 11:16 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-20 13:40 --------- d-----w C:\Documents and Settings\Lineke\Application Data\LimeWire
      2007-12-18 16:05 --------- d-----w C:\Program Files\Messenger Plus! Live
      2007-12-16 11:39 111,952 -c--a-w C:\Documents and Settings\Antoinette 2\Application Data\GDIPFONTCACHEV1.DAT
      2007-12-07 14:40 --------- d-----w C:\Program Files\iPod
      2007-12-07 14:38 --------- d-----w C:\Program Files\QuickTime
      2007-12-07 08:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-07 08:38 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
      2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
      2007-11-23 08:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SurfRight
      2007-11-23 08:17 --------- d-----w C:\Program Files\SurfRight
      2007-11-19 03:31 88,696 ----a-w C:\WINDOWS\system32\Packet.dll
      2007-11-19 03:31 68,224 ----a-w C:\WINDOWS\system32\WanPacket.dll
      2007-11-19 03:31 34,064 ----a-w C:\WINDOWS\system32\drivers\npf.sys
      2007-11-19 03:31 240,248 ----a-w C:\WINDOWS\system32\wpcap.dll
      2007-11-11 19:55 111,952 -c--a-w C:\Documents and Settings\Wim\Application Data\GDIPFONTCACHEV1.DAT
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-15 14:30 111,952 -c--a-w C:\Documents and Settings\Niels\Application Data\GDIPFONTCACHEV1.DAT
      2006-11-15 19:34 21,584 ----a-w C:\Documents and Settings\Niels\kill.exe
      2006-09-28 15:28 340 -c-ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
      2006-09-28 15:28 2,233 -c--a-w C:\Documents and Settings\Niels\hpothb07.dat
      2006-01-13 15:47 808 -c-ha-w C:\Documents and Settings\Wim\hpothb07.dat
      2006-01-13 15:47 159 -c-ha-w C:\Documents and Settings\Wim.WOONKAMER\hpothb07.dat
      2005-09-01 12:38 284 -c--a-w C:\Documents and Settings\Antoinette 2\Application Data\ViewerApp.dat
      2005-06-07 15:26 111 -c--a-w C:\Program Files\rs.abc
      2005-04-17 11:23 364 -c-ha-w C:\Documents and Settings\Niels\Application Data\hpothb07.dat
      2005-04-17 11:22 0 -c-ha-w C:\Documents and Settings\Administrator\hpothb07.dat
      2005-01-03 13:48 182 -c-ha-w C:\Documents and Settings\Lineke\hpothb07.dat
      2004-10-23 18:56 346 -c-ha-w C:\Documents and Settings\Antoinette 2\hpothb07.dat
      .
      <pre>
      ----a-w 360,448 2004-10-02 11:21:08 C:\Documents and Settings\Niels\Bureaublad\Spelletjes\Cheats RS2\Cheats RS2\Ultimate Cheat Pack\Miners\Sythe's Powerminer .exe
      </pre>


      ((((((((((((((((((((((((((((( [email protected]_15.26.41,15 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2007-12-08 23:46:22 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll
      + 2007-12-08 23:46:24 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
      + 2007-12-08 23:36:30 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
      + 2008-01-02 00:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
      + 2007-12-08 23:36:44 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll
      + 2008-01-02 00:00:00 124,272 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll
      + 2008-01-02 00:00:00 914,800 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll
      + 2007-12-08 23:46:32 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll
      + 2008-01-02 00:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat
      + 2008-01-02 00:00:00 402,652 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat
      + 2008-01-02 00:00:00 2,570,338 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat
      + 2008-01-02 00:00:00 437,760 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat
      + 2008-01-02 00:00:00 1,011,347 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat
      + 2008-01-02 00:00:00 68,399 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat
      + 2008-01-02 00:00:00 3,294 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat
      + 2008-01-02 00:00:00 997,731 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat
      + 2008-01-02 00:00:00 570,966 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat
      + 2008-01-02 00:00:00 151,040 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat
      + 2008-01-02 00:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat
      + 2008-01-02 00:00:00 5,556,894 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat
      + 2008-01-02 00:00:00 392,489 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat
      + 2008-01-02 00:00:00 19,052,778 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat
      + 2008-01-02 00:00:00 1,907,495 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat
      + 2008-01-02 00:00:00 5,451,386 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat
      - 2008-01-09 14:09:54 1,400,832 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
      + 2008-01-16 18:58:35 1,433,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
      - 2008-01-09 14:09:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-16 18:58:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      - 2008-01-09 14:09:54 1,400,832 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
      + 2008-01-16 18:58:36 1,429,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
      - 2008-01-09 14:09:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      + 2008-01-16 18:58:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      - 2008-01-09 14:09:54 8,286,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUser.dat
      + 2008-01-16 18:58:37 10,817,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUser.dat
      + 2008-01-16 18:58:37 172,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      + 2008-01-16 18:58:37 8,757,248 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\ntuser.dat
      + 2008-01-16 18:58:37 409,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
      + 2004-05-26 02:07:50 1,153,417 ----a-w C:\WINDOWS\system32\cygwin1.dll
      - 2006-08-17 12:30:16 727,040 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      + 2007-11-07 09:30:24 727,040 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      - 2007-09-15 11:24:14 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
      + 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
      - 2007-09-15 11:24:14 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
      + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
      - 2007-06-29 00:01:48 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
      + 2007-10-11 09:01:42 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
      + 2008-01-16 12:22:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_140.dat
      + 2008-01-16 12:23:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3d8.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "MessengerPlus3"="D:\Niels\msn\MsgPlus.exe" [2007-01-26 17:18 190024]
      "CurseClient"="D:\World of Warcraft\Curse Client\CurseClient.exe" [2007-10-15 05:09 478208]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 14:30 335872]
      "Dit"="Dit.exe" [2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe]
      "ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]
      "Perfect Process shield"="C:\Program Files\Perfect Process\ppshield.exe" [2003-12-09 00:36 1322496]
      "avast!"="D:\AVAST!~1\ashDisp.exe" [2007-12-04 14:00 79224]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "CHotkey"="mHotkey.exe" [2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
      "iTunesHelper"="D:\Niels\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "AllowLegacyWebView"= 1 (0x1)
      "AllowUnhashedWebView"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="logonui.exe"

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk
      backup=C:\WINDOWS\pss\Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
      backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
      backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Niels^Menu Start^Programma's^Opstarten^Glassy Clock.lnk]
      path=C:\Documents and Settings\Niels\Menu Start\Programma's\Opstarten\Glassy Clock.lnk
      backup=C:\WINDOWS\pss\Glassy Clock.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      --a--c--- 2006-09-14 21:09 157592 D:\DAEMON Tools\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2007-11-15 13:11 267048 D:\Niels\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
      --------- 2004-02-19 10:09 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon RealTime Antivirus]
      C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
      C:\WINDOWS\mrofinu1000726.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
      D:\IObit SmartDefrag\IObit SmartDefrag.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
      -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2005-07-08 19:08 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
      --a------ 2007-03-14 16:52 3770024 C:\Program Files\TomTom HOME\TomTomHOME.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
      --a--c--- 2004-01-12 20:40 69632 D:\Ulead Photo Express 5 SE\calcheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
      C:\program files\voipbuster.com\voipbuster\voipbuster.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
      \Shell\AutoRun\command - L:\autorun.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-11 13:05:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-16 15:51:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1096210216.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-16 20:11:27
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\HKCYDLL.dll
      .
      Voltooingstijd: 2008-01-16 20:18:23
      ComboFix-quarantined-files.txt 2008-01-16 19:18:17
      ComboFix2.txt 2008-01-09 14:27:05
      .
      2008-01-09 16:35:56 --- E O F ---


      Hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:20:55, on 16-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      D:\avast! Antivirus\aswUpdSv.exe
      D:\avast! Antivirus\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\bgsvcgen.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      D:\avast! Antivirus\ashMaiSv.exe
      D:\avast! Antivirus\ashWebSv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\Dit.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Perfect Process\ppshield.exe
      D:\AVAST!~1\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      D:\Niels\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\WINDOWS\system32\ctfmon.exe
      D:\World of Warcraft\Curse Client\CurseClient.exe
      C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      D:\HiJackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\Niels\BUREAU~1\FXPDIN~1\FlashFXP\IEFlash.dll
      O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe
      O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "D:\Niels\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "D:\Niels\msn\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [CurseClient] D:\World of Warcraft\Curse Client\CurseClient.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-21-3897761601-4006936342-2311898829-1013\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Antoinette 2')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
      O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
      O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Niels\ICQToolbar\toolbaru.dll/SEARCH.HTML
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Niels\MP3\MediaManager\grab.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
      O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast! Antivirus\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - D:\avast! Antivirus\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast! Antivirus\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast! Antivirus\ashWebSv.exe
      O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Niels\Eset\nod32krn.exe (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Remote Task Manager service (RTM) - Unknown owner - d:\niels\test\RTMService.exe (file missing)
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Niels\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Niels\Spyware Doctor\swdsvc.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      --
      End of file - 13039 bytes
      Last edited by Niels Schurink; 16-01-08, 20:30.

      Comment


      • #4
        Sluit alle open vensters.
        Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

        R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
        R3 - URLSearchHook: (no name) - - (no file)
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


        Klik daarna op "Fix checked" en sluit HijackThis af.

        Voer een onlinescan uit met de ESET Online Scanner.
        Vink aan: YES, I accept the Terms Of Use.
        Klik op de knop Start.
        Klik daarna op de knop Install.
        Klik op Start.

        De scanner zal nu initialiseren en updaten.
        Vink Remove found threats NIET aan, tenzij dit gevraagd wordt.
        Klik op de knop Scan.

        Wacht geduldig af tot de scan voltooid is, dit kan een tijdje duren.
        Wanneer de scan klaar is, klik je op de tab Details.
        Kopiëer en plak de inhoud van dit venster in je volgende post.
        (Je vindt dit ook terug als C:\Program Files\EsetOnlineScanner\log.txt)


        Start HijackThis opnieuw, maak een nieuwe log en post deze.

        Comment


        • #5
          Hierbij de resultaten van de scan:

          # version=4
          # OnlineScanner.ocx=1.0.0.56
          # OnlineScannerDLLA.dll=1, 0, 0, 51
          # OnlineScannerDLLW.dll=1, 0, 0, 51
          # OnlineScannerUninstaller.exe=1, 0, 0, 49
          # vers_standard_module=2802 (20080117)
          # vers_arch_module=1.063 (20080117)
          # vers_adv_heur_module=1.060 (20070601)
          # EOSSerial=b317d26a23167d4ab137490776d6a9f4
          # end=finished
          # remove_checked=false
          # unwanted_checked=false
          # utc_time=2008-01-17 07:31:13
          # local_time=2008-01-17 08:31:13 (+0100, West-Europa (standaardtijd))
          # country="Netherlands"
          # osver=5.1.2600 NT Service Pack 2
          # scanned=689829
          # found=3
          # scan_time=10777
          # nod_component=NOD32MOD_WINNT_DUTCH_BASE Build:0x11080220 (NOD32 voor Windows NT/2000/XP/2003 - Basis)
          # nod_component=NOD32MOD_WINNT_DUTCH_INET Build:0x11080220 (NOD32 voor Windows NT/2000/XP/2003 - Internetondersteuning)
          # nod_component=NOD32MOD_WINNT_DUTCH_STANDARD Build:0x11080220 (NOD32 for Windows NT/2000/XP/2003 - Standaard component)
          C:\RECYCLER\S-1-5-21-3897761601-4006936342-2311898829-1013\Dc1239.exe Win32/TrojanDownloader.Adload.NES trojan 8F5A0FA49D322C4568C73BB07817EC9E
          C:\RECYCLER\S-1-5-21-3897761601-4006936342-2311898829-1013\Dc1240.exe Win32/TrojanDownloader.Adload.NES trojan 8F5A0FA49D322C4568C73BB07817EC9E
          C:\WINDOWS\system32\msnmsgrs.exe Win32/VB.ASW trojan 2E6E483871D2A1F40052DFF399BD206B



          Dan hierbij nog een nieuw hijackthis logje:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:12:58, on 17-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          D:\avast! Antivirus\aswUpdSv.exe
          D:\avast! Antivirus\ashServ.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\system32\bgsvcgen.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\System32\snmp.exe
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINDOWS\System32\svchost.exe
          D:\avast! Antivirus\ashMaiSv.exe
          D:\avast! Antivirus\ashWebSv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\WINDOWS\Dit.exe
          C:\WINDOWS\CNYHKey.exe
          C:\Program Files\Perfect Process\ppshield.exe
          D:\AVAST!~1\ashDisp.exe
          C:\WINDOWS\mHotkey.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
          D:\Niels\iTunes\iTunesHelper.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\WINDOWS\system32\ctfmon.exe
          D:\World of Warcraft\Curse Client\CurseClient.exe
          C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          D:\HiJackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\Niels\BUREAU~1\FXPDIN~1\FlashFXP\IEFlash.dll
          O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
          O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe
          O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "D:\Niels\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MessengerPlus3] "D:\Niels\msn\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [CurseClient] D:\World of Warcraft\Curse Client\CurseClient.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-21-3897761601-4006936342-2311898829-1013\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Antoinette 2')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
          O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
          O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Niels\ICQToolbar\toolbaru.dll/SEARCH.HTML
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Niels\MP3\MediaManager\grab.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
          O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPUpld.cab
          O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
          O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
          O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
          O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
          O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast! Antivirus\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - ALWIL Software - D:\avast! Antivirus\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast! Antivirus\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast! Antivirus\ashWebSv.exe
          O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Niels\Eset\nod32krn.exe (file missing)
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Remote Task Manager service (RTM) - Unknown owner - d:\niels\test\RTMService.exe (file missing)
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Niels\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Niels\Spyware Doctor\swdsvc.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
          O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

          --
          End of file - 12787 bytes

          Comment


          • #6
            Zijn er nog problemen nu?

            Comment


            • #7
              Er zijn nog steeds opties verdwenen in het mapopties menu, waaronder verborgen mappen weergeven aan/uit.

              ik heb geen idee hoe ik deze opties terug kan krijgen.

              Comment


              • #8
                Verwijder dit bestand: C:\WINDOWS\system32\msnmsgrs.exe


                Download Dial-A-Fix: http://wiki.djlizard.net/Dial-a-fix#Download_Dial-a-fix
                en plaats het op je bureaublad.
                Dubbelklik op Dial-a-fix.exe om het programma te starten.
                Klik op Policies, klik op Scan.
                Worden er restricties gevonden, dan klik je op Remove.

                Comment


                • #9
                  Er werden geen restricties gevonden.
                  helaas

                  Comment


                  • #10
                    Ik vreesde het al.

                    Is het probleem enkel aanwezig op deze account, of ook bij andere accounts?

                    Comment


                    • #11
                      Hallo marckie,

                      Het probleem is op alle accounts aanwezig.
                      Ik vroeg mij af of er ergens in het register een sleutel aanwezig is waar dit soort dingen gewijzigd kunnen worden, dit omdat er ook een 'noFolderOptions' aanwezig is (welke waarschijnlijk door het virus veranderd was).

                      ook heb ik even naar de bestanden die door m'n virusscanner gevonden zijn gezocht op het internet, en het enige programma dat hpeg.dll gebruikt is Winspy. Het services.exe bestand zou een teken van Winspy-AU bevatten (over winspy-AU is echter niks op internet te vinden)
                      wel heb ik wat info gevonden op megasecurity.org, enkele van de bestanden die (hier) genoemd worden, bevinden zich wel op m'n computer, niet in de c:\windows\ folder, maar wel in de c:\windows\system32 folder. Daarom ben ik er niet zeker van of het van windows zelf is of van een virus..

                      Hier heb ik ook nog wat gevonden.. de regwaarde HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                      Hidden
                      2 wordt veranderd.. dit zou het probleem kunnen oplossen.. ik weet alleen niet of ik dit in een 0 of een 1 moet veranderen.

                      Niels
                      Last edited by Niels Schurink; 18-01-08, 17:26.

                      Comment


                      • #12
                        Je kan proberen, beide waarden, maar ik vrees dat dit je probleem niet zal oplossen.

                        Comment


                        • #13
                          Er is een probleem, als ik de waarde namelijk verander, dan regedit afsluit, naar mapopties ga en dan weer ga kijken in regedit, dan blijkt het dat de registerwaarde weer in een 2 is veranderd.
                          Er is dus nog steeds iets actief dat m'n register aan past.
                          Heb hitman pro ook nog even laten draaien.. deze heeft hier en daar ook nog wat bestanden verwijderd, maar helaas het probleem blijft aanhouden.
                          Het begint er ondertussen een beetje hopeloos uit te zien...
                          Maar misschien heb je nog ideeën .

                          Comment


                          • #14
                            Open een kladblokbestand.
                            Kopieer onderstaande code in dit kladblokbestand.
                            Ga naar Bestand - Opslaan als.
                            Bij "Opslaan in" kies je: Bureaublad
                            Bij "Bestandsnaam" zet je: look.bat
                            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                            Klik op de knop Opslaan.
                            Code:
                            regedit /e look.txt " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder" 
                            start notepad look.txt
                            Dubbelklik op look.bat en post de inhoud van de logfile die opent.

                            Comment


                            • #15
                              hier de logfile:

                              Windows Registry Editor Version 5.00

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
                              "Type"="group"
                              "Text"="@shell32.dll,-30498"
                              "Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
                              00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
                              48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
                              00
                              "HelpID"="shell.hlp#51140"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewSta te]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30506"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="ClassicViewState"
                              "CheckedValue"=dword:00000000
                              "UncheckedValue"=dword:00000001
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51076"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelIn MyComputer]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons"
                              "Text"="@shell32.dll,-30497"
                              "Type"="checkbox"
                              "ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}"
                              "CheckedValue"=dword:00000000
                              "UncheckedValue"=dword:00000001
                              "DefaultValue"=dword:00000001
                              "HKeyRoot"=dword:80000001
                              "HelpID"="shell.hlp#51150"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30507"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="SeparateProcess"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51079"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess \Policy]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess \Policy\SeparateProcess]
                              @=""

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCa che]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30517"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="DisableThumbnailCache"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51155"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30514"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="FolderContentsInfoTip"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000001

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30511"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="FriendlyTree"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "HelpID"="shell.hlp#51149"
                              "DefaultValue"=dword:00000001

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
                              "Text"="@shell32.dll,-30499"
                              "Type"=""
                              "Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
                              00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
                              48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
                              00
                              "HelpID"="shell.hlp#51131"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "Text"="@shell32.dll,-30501"
                              "Type"="radio"
                              "CheckedValue"=dword:00000002
                              "ValueName"="Hidden"
                              "DefaultValue"=dword:00000002
                              "HKeyRoot"=dword:80000001
                              "HelpID"="shell.hlp#51104"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "Text"="@shell32.dll,-30500"
                              "Type"="radio"
                              "CheckedValue"=dword:00000001
                              "ValueName"="Hidden"
                              "DefaultValue"=dword:00000002
                              "HKeyRoot"=dword:80000001
                              "HelpID"="shell.hlp#51105"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30503"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="HideFileExt"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000001
                              "HelpID"="shell.hlp#51101"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30509"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="NoNetCrawling"
                              "CheckedValue"=dword:00000000
                              "UncheckedValue"=dword:00000001
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51147"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Pol icy]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Pol icy\NoNetCrawling]
                              @=""

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowser s]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30513"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="PersistBrowsers"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "HelpID"="shell.hlp#51152"
                              "DefaultValue"=dword:00000000

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30512"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="ShowCompColor"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000001
                              "HelpID"="shell.hlp#51130"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30504"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
                              "ValueName"="FullPath"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51100"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAd dress]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30505"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
                              "ValueName"="FullPathAddress"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000001
                              "HelpID"="shell.hlp#51107"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30502"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="ShowInfoTip"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "DefaultValue"=dword:00000001
                              "HelpID"="shell.hlp#51102"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30508"
                              "WarningIfNotDefault"="@shell32.dll,-28964"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="ShowSuperHidden"
                              "CheckedValue"=dword:00000000
                              "UncheckedValue"=dword:00000001
                              "DefaultValue"=dword:00000000
                              "HelpID"="shell.hlp#51103"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Po licy]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Po licy\DontShowSuperHidden]
                              @=""

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets]
                              "Text"="Paren webpagina's en -mappen beheren"
                              "Type"="group"
                              "Bitmap"="C:\\WINDOWS\\System32\\\\SHELL32.DLL,4"
                              "HelpID"="TBD"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
                              "Text"="Het paar als een enkel bestand weergeven en beheren"
                              "Type"="radio"
                              "CheckedValue"=dword:00000000
                              "ValueName"="NoFileFolderConnection"
                              "DefaultValue"=dword:00000000
                              "HKeyRoot"=dword:80000001
                              "HelpID"="TBD"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHID E]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
                              "Text"="Beide gedeelten weergeven maar als een enkel bestand beheren"
                              "Type"="radio"
                              "CheckedValue"=dword:00000002
                              "ValueName"="NoFileFolderConnection"
                              "DefaultValue"=dword:00000000
                              "HKeyRoot"=dword:80000001
                              "HelpID"="TBD"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE]
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
                              "Text"="Beide gedeelten weergeven en individueel beheren"
                              "Type"="radio"
                              "CheckedValue"=dword:00000001
                              "ValueName"="NoFileFolderConnection"
                              "DefaultValue"=dword:00000000
                              "HKeyRoot"=dword:80000001
                              "HelpID"="TBD"

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarrica de]
                              "Type"="checkbox"
                              "Text"="@shell32.dll,-30510"
                              "HKeyRoot"=dword:80000001
                              "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
                              "ValueName"="WebViewBarricade"
                              "CheckedValue"=dword:00000001
                              "UncheckedValue"=dword:00000000
                              "HelpID"="shell.hlp#51148"
                              "DefaultValue"=dword:00000000

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X