Mededeling

Collapse
No announcement yet.

Niet te verwijderen Core.Cache.dsk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Niet te verwijderen Core.Cache.dsk

    Ik heb last van Popups. Dit komt door core.cache.dsk. Ik heb het al geprobeerd met combofix, door dat CFScript.txt in combofix te plaatsen maar dat ging niet, core.cache.dsk stond er na een herstart nog gewoon. Ik hoop dat jullie me kunnen helpen. Hier mijn Logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:49:01, on 29-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    --
    End of file - 9251 bytes
    Last edited by SjoerdPas; 29-01-08, 18:01. Reden: Verbetering

  • #2
    Hallo SjoerdPas,

    Ik ben 'Begeleid helper' en ga je log analyseren. - Ik post z.s.m. een antwoord.
    Spyware op je pc? Post een HijackThis log.
    Houd je Java software up-to-date!


    Comment


    • #3
      Oke, dank je wel.

      Comment


      • #4
        Hallo SjoerdPas,

        1. Zet Windows Defender even uit.
        Windows Defender kan de fix verstoren, daarom zetten we hem tijdelijk uit.
        • Open Windows Defender,
        • Klik op Tools.
        • Klik op General Settings.
        • Scroll naar Real Time Protection Options
        • Haal het vinkje weg bij Turn on Real Time Protection (recommended)
        • Klik Save
        • Sluit Windows Defender


        Als we klaar zijn kan je de Windows Defender weer aanzetten.

        2. Start HijackThis en kies voor 'Do a system scan only'.
        Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan, indien aanwezig:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
        Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

        3. Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

        Download Java Runtime Environment (JRE) 6u4.
        • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
        • Klik op de "Download" knop aan de rechterkant.
        • In het uitklapmenu rechts naast Platform, selecteer Windows
        • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
        • De pagina zal herladen.
        • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        4. Download Combofix en sla het op je bureaublad op.

        Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' te typen.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

        Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

        - Niek
        Spyware op je pc? Post een HijackThis log.
        Houd je Java software up-to-date!


        Comment


        • #5
          Gedaan wat je zei, alleen de link van Combofix werkte niet, dus heb ik even een andere gezocht. Hier heb je de logjes:


          ComboFix 08-01-29.3 - Sjoerd 2008-01-29 21:09:02.3 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1465 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Sjoerd\Bureaublad\ComboFix.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\temp\tn3
          C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))
          .

          2008-01-29 21:09 . 2008-01-29 21:09 <DIR> d-------- C:\Temp\tn3
          2008-01-29 20:59 . 2008-01-29 20:59 <DIR> d-------- C:\Program Files\Java
          2008-01-29 20:59 . 2008-01-29 20:59 <DIR> d-------- C:\Program Files\Common Files\Java
          2008-01-29 20:59 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2008-01-29 20:57 . 2008-01-29 21:02 <DIR> dr-h----- C:\Documents and Settings\Sjoerd\Onlangs geopend
          2008-01-29 17:47 . 2008-01-29 17:47 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-29 17:16 . 2008-01-29 21:11 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
          2008-01-29 15:25 . 2008-01-29 16:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
          2008-01-29 15:25 . 2008-01-29 15:25 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\SUPERAntiSpyware.com
          2008-01-29 15:25 . 2008-01-29 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2008-01-29 10:35 . 2008-01-29 11:08 164 --a------ C:\WINDOWS\wininit.ini
          2008-01-29 10:17 . 2008-01-29 10:17 86,144 --a------ C:\WINDOWS\system32\drivers\dxgthkk.sys
          2008-01-29 10:16 . 2008-01-29 10:16 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
          2008-01-29 10:16 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
          2008-01-29 10:13 . 2008-01-29 10:13 <DIR> d-------- C:\Program Files\Lavasoft
          2008-01-28 22:42 . 2008-01-28 22:49 <DIR> d-------- C:\RVAXO(2)
          2008-01-28 21:40 . 2008-01-28 21:40 <DIR> d-------- C:\Program Files\Lavasoft(2)
          2008-01-28 21:40 . 2008-01-28 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-28 18:35 . 2008-01-29 11:19 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
          2008-01-28 18:06 . 2008-01-28 18:09 3,876 --a------ C:\WINDOWS\microsoftup.exe
          2008-01-27 16:47 . 2008-01-27 16:47 <DIR> d-------- C:\Program Files\VistaExperience.org
          2008-01-27 16:44 . 2008-01-27 16:46 <DIR> d-------- C:\Program Files\Windows Sidebar
          2008-01-27 16:43 . 2008-01-27 16:43 <DIR> d-------- C:\WINDOWS\l2schemas
          2008-01-27 16:42 . 2007-07-27 06:09 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
          2008-01-27 16:34 . 2008-01-27 16:34 <DIR> d-------- C:\Program Files\Alky for Applications
          2008-01-27 16:34 . 2008-01-27 16:35 <DIR> d-------- C:\c09667dfe59db53a27
          2008-01-27 16:32 . 2007-07-28 12:00 16,384 --a------ C:\WINDOWS\system32\lcid.exe
          2008-01-27 15:40 . 2008-01-27 15:40 <DIR> d-------- C:\Program Files\SlySoft
          2008-01-25 16:17 . 2008-01-25 16:17 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\DVDFab
          2008-01-25 16:09 . 2008-01-25 16:11 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
          2008-01-25 15:55 . 2008-01-25 15:56 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
          2008-01-25 14:29 . 2008-01-25 14:29 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\SMSSender
          2008-01-24 17:37 . 2008-01-24 17:37 <DIR> d-------- C:\Program Files\CCleaner
          2008-01-23 15:41 . 2008-01-23 15:41 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
          2008-01-22 12:26 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
          2008-01-21 17:22 . 2008-01-21 17:22 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\ESET
          2008-01-21 17:21 . 2008-01-21 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
          2008-01-19 19:26 . 2008-01-28 22:56 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\VMware
          2008-01-19 19:24 . 2008-01-29 20:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
          2008-01-19 19:23 . 2007-10-08 09:27 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
          2008-01-19 19:23 . 2007-10-08 09:26 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
          2008-01-19 19:23 . 2007-10-08 09:26 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
          2008-01-19 19:23 . 2007-10-08 09:26 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
          2008-01-19 19:23 . 2007-10-08 09:26 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
          2008-01-19 19:23 . 2007-10-08 09:27 25,008 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
          2008-01-19 19:23 . 2007-10-08 09:27 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
          2008-01-19 19:23 . 2007-10-08 09:26 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
          2008-01-19 19:23 . 2007-10-08 09:26 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
          2008-01-19 19:23 . 2007-10-08 09:26 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
          2008-01-19 19:22 . 2008-01-19 19:22 1,024 --a------ C:\.rnd
          2008-01-19 19:21 . 2008-01-19 19:21 <DIR> d-------- C:\Program Files\VMware
          2008-01-19 19:21 . 2008-01-19 19:21 <DIR> d-------- C:\Program Files\Common Files\VMware
          2008-01-19 19:21 . 2008-01-29 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
          2008-01-19 16:42 . 2008-01-19 16:45 <DIR> d-------- C:\Program Files\ShellExView
          2008-01-19 16:42 . 2008-01-19 16:42 39,424 --a------ C:\WINDOWS\zipinst.exe
          2008-01-17 15:58 . 2008-01-17 16:32 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\RipIt4Me
          2008-01-17 15:44 . 2008-01-17 15:44 <DIR> d-------- C:\Program Files\DVD Decrypter
          2008-01-16 21:43 . 2008-01-16 21:43 <DIR> d-------- C:\Program Files\Auslogics
          2008-01-16 21:43 . 2008-01-16 21:47 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\Auslogics
          2008-01-16 20:49 . 2008-01-16 22:10 <DIR> d-------- C:\Program Files\1 Click PC Fix
          2008-01-13 12:20 . 2008-01-13 12:20 73 --a------ C:\WINDOWS\EurekaLog.ini
          2008-01-13 12:19 . 2008-01-20 16:51 <DIR> d-------- C:\Program Files\Weather Pulse
          2008-01-13 12:19 . 2008-01-13 16:29 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\Weather Pulse
          2008-01-09 15:22 . 2008-01-25 16:17 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\Vso
          2008-01-09 15:22 . 2008-01-25 15:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
          2008-01-09 15:22 . 2008-01-25 15:56 47,360 --a------ C:\Documents and Settings\Sjoerd\Application Data\pcouffin.sys
          2008-01-09 14:43 . 2008-01-09 14:45 <DIR> d-------- C:\Program Files\Hide IP Platinum
          2008-01-09 14:03 . 2008-01-09 14:45 <DIR> d-------- C:\WINDOWS\vf_hip
          2008-01-07 18:28 . 2008-01-09 15:13 <DIR> d-------- C:\VAIO
          2008-01-06 20:30 . 2008-01-06 20:30 <DIR> d-------- C:\Program Files\Windows Defender
          2008-01-05 19:09 . 2008-01-29 14:01 <DIR> d-------- C:\Program Files\SpywareBlaster
          2008-01-05 17:56 . 2008-01-05 17:58 <DIR> d-------- C:\BackUpMSNCleaner
          2008-01-03 15:00 . 2008-01-03 15:18 <DIR> d-------- C:\Documents and Settings\Sjoerd\Application Data\OfficeUpdate12
          2008-01-02 18:22 . 2008-01-29 14:46 <DIR> d-------- C:\VundoFix Backups
          2008-01-02 16:21 . 2008-01-02 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-29 19:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-29 14:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
          2008-01-28 17:34 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\uTorrent
          2008-01-28 17:10 --------- d-----w C:\Program Files\Yahoo!
          2008-01-28 15:25 --------- d-----w C:\Program Files\Opera
          2008-01-26 14:29 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\LimeWire
          2008-01-25 18:55 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
          2008-01-25 15:09 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\URSoft
          2008-01-25 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
          2008-01-22 14:08 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\FileZilla
          2008-01-22 13:56 --------- d-----w C:\Program Files\FileZilla Client
          2008-01-20 13:24 --------- d-----w C:\Program Files\Casema SnelHelp
          2008-01-17 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
          2008-01-07 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-06 21:09 --------- d-----w C:\Program Files\PartyGaming
          2008-01-06 21:07 --------- d-----w C:\Program Files\Sony Ericsson
          2008-01-06 21:05 --------- d-----w C:\Program Files\Bluetooth Remote Control
          2008-01-06 21:04 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\Tobit
          2008-01-03 17:10 --------- d-----w C:\Program Files\MessengerDiscovery
          2007-12-25 15:15 --------- d-----w C:\Program Files\WIDCOMM
          2007-12-25 13:59 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\Salling Software AB
          2007-12-25 13:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
          2007-12-25 13:48 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\Teleca
          2007-12-25 13:38 --------- d-----w C:\Program Files\Common Files\Teleca Shared
          2007-12-25 13:38 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\Sony Ericsson
          2007-12-25 13:37 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
          2007-12-25 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
          2007-12-25 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
          2007-12-25 13:29 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\U3
          2007-12-23 13:55 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\Media Player Classic
          2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
          2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
          2007-12-21 07:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
          2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
          2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
          2007-12-19 20:16 --------- d-----w C:\Program Files\Wise Disk Cleaner
          2007-12-19 20:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
          2007-12-19 19:52 --------- d-----w C:\Program Files\Windows Installer Clean Up
          2007-12-19 19:52 --------- d-----w C:\Program Files\MSECACHE
          2007-12-19 19:20 --------- d-----w C:\Program Files\Realtek
          2007-12-19 19:09 --------- d-----w C:\Program Files\Common Files\ATI
          2007-12-19 19:09 --------- d-----w C:\Program Files\ATI Multimedia
          2007-12-19 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-19 18:39 --------- d-----w C:\Program Files\Terminator
          2007-12-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
          2007-12-19 17:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander
          2007-12-19 17:18 --------- d-----w C:\Program Files\X10 Hardware
          2007-12-19 17:18 --------- d-----w C:\Program Files\Common Files\X10
          2007-12-17 17:36 --------- d-----w C:\Program Files\Messenger Plus! Live
          2007-12-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
          2007-12-16 16:53 --------- d-----w C:\Program Files\Lavalys
          2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Sjoerd\Application Data\vlc
          2007-12-14 18:48 --------- d-----w C:\Program Files\VideoLAN
          2007-12-08 15:29 --------- d-----w C:\Program Files\Sandboxie
          2007-12-05 16:30 4,632,576 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
          2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
          2007-12-03 15:06 --------- d-----w C:\Program Files\MSXML 6.0
          2007-12-03 15:05 --------- d-----w C:\Program Files\MSBuild
          2007-12-03 15:02 --------- d-----w C:\Program Files\Reference Assemblies
          2007-12-02 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
          2007-11-30 17:42 16,858,624 ----a-w C:\WINDOWS\RTHDCPL.exe
          2007-11-30 17:14 --------- d-----w C:\Program Files\MSN Messenger
          2007-11-30 15:12 --------- d-----w C:\Program Files\Microsoft Bootvis
          2007-11-30 14:43 --------- d-----w C:\Program Files\Windows Live
          2007-11-30 14:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
          2007-11-20 17:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
          2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
          "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
          "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-27 15:38 1670080]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-09-26 12:15 1232384]
          "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
          "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
          "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
          "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
          backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
          backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Casema SnelHelp.lnk]
          backup=C:\WINDOWS\pss\Casema SnelHelp.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Sjoerd^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
          backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
          --a------ 2005-07-14 14:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
          --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
          --a------ 2008-01-23 18:04 89024 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
          --a------ 2006-04-05 22:03 1622016 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C++Builder 5#Autostart]
          --a------ 2006-04-04 07:06 1878528 C:\Program Files\ContiFtpServer\ContiFtpServ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray]
          C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
          --a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
          --a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
          --a------ 2007-03-22 19:29 39264 C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
          --a------ 2007-10-19 19:05 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
          --a------ 2007-04-17 13:28 7247408 C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
          --a------ 2007-09-09 10:00 438359 C:\PROGRA~1\Casema SnelHelp\SmartBridge\MotiveSB.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
          --a------ 2007-06-29 19:16 1373480 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
          C:\Program Files\PokerOffice\POEngine.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
          --a------ 2007-11-30 18:42 16858624 C:\WINDOWS\RTHDCPL.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
          --a------ 2007-12-06 13:39 370176 C:\Program Files\Sandboxie\SbieCtrl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
          --a------ 2007-09-26 12:15 1232384 C:\Program Files\Windows Sidebar\sidebar.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
          -ra------ 2007-06-13 08:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
          --a------ 2008-01-04 17:21 2089808 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
          --a------ 2007-10-08 09:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
          --a------ 2007-10-08 09:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
          --a------ 2007-05-14 23:22 35328 C:\Program Files\Winamp\winampa.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClicker.exe]
          C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock2 driver]


          R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-10-18 18:28]
          R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
          R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-10-18 18:28]
          R1 dxgthkk;dxgthkk;C:\WINDOWS\system32\drivers\dxgthkk.sys [2008-01-29 10:17]
          R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
          R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-08-07 12:33]
          R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-12-29 06:03]
          R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-12-06 14:43]
          R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-10-08 09:27]
          R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 11:45]
          S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 21:04]
          S3 memsysdrv;Memory System;C:\WINDOWS\system32\drivers\memsysdrv.sys [2007-06-06 22:26]
          S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
          S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
          S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
          S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
          S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
          S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-29 10:16]
          S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\"

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{344208da-0a08-11dc-903f-0019db717c12}]
          \Shell\AutoRun\command - R:\LaunchU3.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f09c31e-3463-11dc-9094-001a2a28eafe}]
          \Shell\AutoRun\command - Q:\LaunchU3.exe -a


          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
          RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-29 09:16:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
          - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
          "2008-01-29 20:00:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-29 21:12:16
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
          -> C:\Program Files\Unlocker\UnlockerHook.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Unlocker\UnlockerAssistant.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\WINDOWS\system32\bgsvcgen.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Sandboxie\SbieSvc.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
          C:\WINDOWS\system32\vmnat.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\WINDOWS\system32\vmnetdhcp.exe
          C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-01-29 21:14:12 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-29 20:14:06
          ComboFix2.txt 2008-01-29 16:46:59
          ComboFix3.txt 2008-01-29 16:26:28
          .
          2008-01-25 14:39:25 --- E O F ---




          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:17:43, on 29-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Unlocker\UnlockerAssistant.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\WINDOWS\system32\bgsvcgen.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Sandboxie\SbieSvc.exe
          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
          C:\WINDOWS\system32\vmnat.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\WINDOWS\system32\vmnetdhcp.exe
          C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
          O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: BTTray.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
          O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
          O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
          O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
          O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
          O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
          O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

          --
          End of file - 9136 bytes

          Comment


          • #6
            Ik weet niet hoe het komt, maar na het opnieuw opstarten van de scannen worden mijn systemtray pictogrammen niet meer verborgen. Dus er komt geen pijltje meer die het verbergt. Terwijl bij "Niet-actieve pictogrammen opruimen" wel een vinkje staat.

            Comment


            • #7
              Hoi Niek, Alles is opgelost d.m.v. Systeemherstel, maar toch wil ik je heel erg bedanken voor je hulp.

              Groetjes,

              Sjoerd

              Comment


              • #8
                Graag gedaan! - Indien er opnieuw problemen optreden, open gewoon een nieuw topic.
                Spyware op je pc? Post een HijackThis log.
                Houd je Java software up-to-date!


                Comment

                Sorry, you are not authorized to view this page
                Working...
                X