Mededeling

Collapse
No announcement yet.

Ongewenste paginas en achtergrond met spyware melding

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Ongewenste paginas en achtergrond met spyware melding

    [hijack][url=http://www.niele.nl/hijackthis/index.php]

    Logfile of HijackThis v1.99.1
    scan saved at 17:58:40, on 11-3-2008
    platform: windows xp sp2 (winnt 5.01.2600)
    msie: internet explorer v7.00 (7.00.6000.16608)
    browser: Internet Explorer 7.0
    ColorCoder Build: 4136


    Running Processes:
    c:\windows\system32\smss.exe
    c:\windows\system32\csrss.exe
    c:\windows\system32\winlogon.exe
    c:\windows\system32\services.exe
    c:\windows\system32\lsass.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    c:\windows\explorer.exe
    c:\windows\system32\svchost.exe
    c:\program files\lavasoft\ad-aware 2007\aawservice.exe
    c:\windows\system32\spoolsv.exe
    c:\windows\system32\cisvc.exe
    c:\program files\common files\microworld\agent\mwaser.exe
    c:\program files\common files\microworld\agent\mwagent.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\spyware doctor\pctsauxs.exe
    c:\program files\browser usb mouse\mouse32a.exe
    c:\program files\common files\real\update_ob\realsched.exe
    c:\program files\macrogaming\sweetim\sweetim.exe
    c:\windows\pixart\pac207\monitor.exe
    c:\windows\sysockeu.exe
    c:\program files\spyware doctor\pctstray.exe
    c:\windows\system32\ctfmon.exe
    c:\program files\spyware doctor\pctssvc.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\alg.exe
    c:\windows\system32\cidaemon.exe
    c:\program files\msn messenger\usnsvc.exe
    c:\documents and settings\hasan\mijn documenten\hj\hijackthis.exe

    R0 - hkcu\software\microsoft\internet explorer\main,start page = http://www.google.nl/
    R0 - hklm\software\microsoft\internet explorer\main,start page = http://home.sweetim.com
    R0 - hklm\software\microsoft\internet explorer\search,searchassistant =
    R0 - hklm\software\microsoft\internet explorer\search,customizesearch =
    R0 - hkcu\software\microsoft\internet explorer\main,local page = \blank.htm
    R0 - hklm\software\microsoft\internet explorer\main,local page =
    R0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
    F2 - reg:system.ini: shell=explorer.exe
    O2 - bho: acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
    O2 - bho: (no name) - {16975c1e-950b-f58a-b187-08ed8f89a6b0} - (no file)
    O2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    O2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
    O2 - bho: (no name) - {9b6465bd-fc01-4ad9-894c-05f74f486391} - (no file)
    O2 - bho: (no name) - {d3551e8b-a79b-4880-81fd-3e4b84367085} - (no file)
    O2 - bho: (no name) - {fbd29c3c-c642-4843-a627-6e54a947b511} - (no file)
    O3 - toolbar: (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file)
    O4 - HKLM\..\Run: [flmoffice4dmouse] "c:\program files\browser usb mouse\mouse32a.exe"
    O4 - HKLM\..\Run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    O4 - HKLM\..\Run: [sweetim] "c:\program files\macrogaming\sweetim\sweetim.exe"
    O4 - HKLM\..\Run: [monitor] c:\windows\pixart\pac207\monitor.exe
    O4 - HKLM\..\Run: [nerofiltercheck] c:\windows\system32\nerocheck.exe
    O4 - HKLM\..\Run: [1029bb4b-16a9-4e77-aa3d-96930bd68eec] "c:\windows\sysockeu.exe"
    O4 - HKLM\..\Run: [msdrive] "rundll32.exe" c:\windows\system32\drvfir.dll,startup
    O4 - HKLM\..\Run: [istray] "c:\program files\spyware doctor\pctstray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [sweetim] "c:\program files\macrogaming\sweetim\sweetim.exe"
    O4 - Global Startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe
    O6 - hkcu\software\policies\microsoft\internet explorer\restrictions present
    O8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office10\excel.exe/3000
    O9 - extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - extra 'tools' menuitem: uninstall bitdefender online scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O10 - unknown file in winsock lsp: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - unknown file in winsock lsp: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - unknown file in winsock lsp: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O10 - unknown file in winsock lsp: c:\program files\common files\pc tools\lsp\pctlsp.dll
    O11 - options group: [international] international*
    O16 - dpf: {070ca17a-4bd2-4612-83b4-32b1b9159b47} (ulivectrl control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
    O16 - dpf: {193c772a-87be-4b19-a7bb-445b226fe9a1} (ewidoonlinescan control) - http://downloads.ewido.net/ewidoonlinescan.cab
    O16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - http://by102fd.bay102.hotmail.msn.com/resources/msnpupld.cab
    O16 - dpf: {556dde35-e955-11d0-a707-000000521957} - http://www.xblock.com/download/[color=#0000ff]xclean_micro.exe[/color]
    O16 - dpf: {58ef1388-af07-4d13-a069-d107671b8819} - http://www.gamegarden.net/game/ggsecure.cab
    O16 - dpf: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (bdscanonline control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} - http://download.divx.com/player/divxbrowserplugin.cab
    O16 - dpf: {91f52a42-c10d-49a7-b941-882c657c604f} (installation helper object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/[color=#0000ff]instwact.dll[/color]
    O16 - dpf: {b49c4597-8721-4789-9250-315dfbd9f525} (iwinampactivex class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
    O16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab
    O16 - dpf: {c4925e65-7a1e-11d2-8bb4-00a0c9cc72c3} - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/install2.5/[color=#0000ff]installer.exe[/color]
    O16 - dpf: {d4323bf2-006a-4440-a2f5-27e3e7ab25f8} - http://3dlifeplayer.dl.3dvia.com/player/install/[color=#0000ff]installer.exe[/color]
    O16 - dpf: {e8f628b5-259a-4734-97ee-ba914d7be941} (driver agent activex control) - http://driveragent.com/files/driveragent.cab
    O16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab
    O18 - protocol: livecall - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
    O18 - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
    O20 - winlogon notify: wgalogon - c:\windows\system32\wgalogon.dll
    O20 - winlogon notify: xxyayxw - xxyayxw.dll (file missing)
    O21 - ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll
    O21 - ssodl: kernelcomponent - {afe6c5ee-0c8f-4790-8483-8f333497df34} - (no file)
    O23 - Service: ad-aware 2007 service (aawservice) - lavasoft - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
    O23 - Service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
    O23 - Service: mwagent - microworld technologies inc. - c:\program files\common files\microworld\agent\mwaser.exe
    O23 - Service: nmindexingservice - unknown owner - c:\program files\common files\ahead\lib\nmindexingservice.exe (file missing)
    O23 - Service: nvidia driver helper service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
    O23 - Service: pc tools auxiliary service (sdauxservice) - pc tools - c:\program files\spyware doctor\pctsauxs.exe
    O23 - Service: pc tools security service (sdcoreservice) - pc tools - c:\program files\spyware doctor\pctssvc.exe
    O23 - Service: sysenforce - unknown owner - c:\progra~1\trisna~1\ssi\sysenf~1.exe[/hijack]

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    AUB logjes plaatsen zonder kleurtjes, het is slecht leesbaar zo

    Comment


    • #3
      hallo smeenk

      bedankt voor je snelle hulp

      ik heb iets doms gedaan
      ik moest die "runme bestandje openen in veiligemodus maar heb ik nie gedaan perongeluk

      wat nu ?
      moet ik het gewoon opnieuw uitvoeren maar dan wel in de veiligemodus

      Comment


      • #4
        Gewoon opnieuw proberen, anders komen er geen logjes

        Comment


        • #5
          dit is de resultaat

          ---RVAXO.exe Updated: 2008-03-11---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\ccbeg.ini2
          C:\WINDOWS\system32\cdeeg.ini2
          C:\WINDOWS\system32\ehkmp.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\winver.bat
          C:\WINDOWS\system32\taskmgr.com

          Folders Found:
          C:\UGA6PM
          C:\Program Files\IE Extensions
          C:\Program Files\Common Files\AntiVirusScherm
          C:\Documents and Settings\hasan\Application Data\AntiVirusScherm

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Resultaat van deckard's


            Deckard's System Scanner v20071014.68
            Run by hasan on 2008-03-11 19:42:34
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            Successfully created a Deckard's System Scanner Restore Point.


            -- Last 5 Restore Point(s) --
            79: 2008-03-11 18:42:42 UTC - RP404 - Deckard's System Scanner Restore Point
            78: 2008-03-11 16:46:29 UTC - RP403 - Controlepunt van systeem
            77: 2008-03-10 11:07:16 UTC - RP402 - Installed Ad-Aware 2007
            76: 2008-03-10 10:43:21 UTC - RP401 - Installed AVG 7.5
            75: 2008-03-10 10:39:15 UTC - RP400 - Removed AVG 7.5


            -- First Restore Point --
            1: 2007-12-28 12:52:55 UTC - RP326 - Controlepunt van systeem


            Backed up registry hives.
            Performed disk cleanup.



            -- HijackThis (run as hasan.exe) -----------------------------------------------

            Unable to find log (file not found); running clone.
            -- HijackThis Clone ------------------------------------------------------------


            Emulating logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 2008-03-11 19:44:34
            Platform: Windows XP Service Pack 2 (5.01.2600)
            MSIE: Internet Explorer (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\system32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Browser USB MOUSE\mouse32a.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
            C:\WINDOWS\PixArt\PAC207\Monitor.exe
            C:\WINDOWS\sysockeu.exe
            C:\Program Files\Spyware Doctor\pctsTray.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\WINDOWS\system32\cisvc.exe
            C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
            C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
            C:\WINDOWS\system32\nvsvc32.exe
            C:\Program Files\Spyware Doctor\pctsAuxs.exe
            C:\Program Files\Spyware Doctor\pctsSvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\alg.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Documents and Settings\hasan\Bureaublad\dss.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
            O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
            O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
            O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
            O3 - Toolbar: (no name) - SITEguard - (no file)
            O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
            O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
            O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
            O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
            O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
            O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
            O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
            O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
            O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
            O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
            O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
            O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
            O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} () - http://www.xblock.com/download/xclean_micro.exe
            O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} () - http://www.gamegarden.net/game/ggsecure.cab
            O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://download.divx.com/player/DivXBrowserPlugin.cab
            O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
            O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} () - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
            O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
            O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
            O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df34} - (no file)
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
            O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
            O23 - Service: SysEnforce - Unknown owner - C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe


            --
            End of file - 9578 bytes

            -- File Associations -----------------------------------------------------------

            .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
            .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R1 SLEE_13_DRIVER (Steganos Live Encryption Engine 13 [Driver]) - c:\windows\system32\drivers\slee13.sys
            R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>

            S3 alcan5ln (SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)) - c:\windows\system32\drivers\alcan5ln.sys <Not Verified; THOMSON; SpeedTouch USB>
            S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
            S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
            S3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
            S3 ovt530 (Hercules Webcam Deluxe) - c:\windows\system32\drivers\ov530vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 530>
            S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
            S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            R2 MWAgent - c:\program files\common files\microworld\agent\mwaser.exe <Not Verified; MicroWorld Technologies Inc.; eScan>

            S2 SysEnforce - c:\progra~1\trisna~1\ssi\sysenf~1.exe
            S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


            -- Device Manager: Disabled ----------------------------------------------------

            Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
            Description: SCSI/RAID Host Controller
            Device ID: ACPI\PNPA000\4&5D18F2DF&0
            Manufacturer: (Standard mass storage controllers)
            Name: SCSI/RAID Host Controller
            PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
            Service: as2zxx4j


            -- Files created between 2008-02-11 and 2008-03-11 -----------------------------

            2008-03-11 19:34:59 0 d-------- C:\RVAXO
            2008-03-11 19:07:53 731863 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-03-11 16:35:08 0 d-------- C:\WINDOWS\BDOSCAN8
            2008-03-10 20:53:17 293312 --a------ C:\WINDOWS\system32\mllml.dll
            2008-03-10 15:38:15 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
            2008-03-10 15:35:09 8576 --a------ C:\WINDOWS\system32\drivers\hnaujcjyshsv.sys <Not Verified; Panda Software International; RKPavProc Driver>
            2008-03-10 13:59:59 0 d-------- C:\WINDOWS\system32\ActiveScan
            2008-03-10 12:07:25 0 d-------- C:\Program Files\Lavasoft
            2008-03-10 12:07:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-03-10 11:43:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
            2008-03-09 12:25:11 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
            2008-03-09 12:25:06 0 d-------- C:\Program Files\Trisnap Technologies
            2008-03-08 00:49:12 164 --a------ C:\install.dat
            2008-03-08 00:35:25 0 d-------- C:\Documents and Settings\cscontrol\Application Data\Real
            2008-03-08 00:35:10 0 d-------- C:\Documents and Settings\cscontrol\Application Data\Identities
            2008-03-08 00:34:26 0 d--h----- C:\Documents and Settings\cscontrol\Local Settings
            2008-03-08 00:34:26 0 dr------- C:\Documents and Settings\cscontrol\Favorieten
            2008-03-08 00:34:26 0 d--hs---- C:\Documents and Settings\cscontrol\Cookies
            2008-03-08 00:34:26 0 d-------- C:\Documents and Settings\cscontrol\Bureaublad
            2008-03-08 00:34:26 0 dr-h----- C:\Documents and Settings\cscontrol\Application Data
            2008-03-08 00:34:26 0 d---s---- C:\Documents and Settings\cscontrol\Application Data\Microsoft
            2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\Sjablonen
            2008-03-08 00:34:25 0 dr-h----- C:\Documents and Settings\cscontrol\SendTo
            2008-03-08 00:34:25 0 dr-h----- C:\Documents and Settings\cscontrol\Onlangs geopend
            2008-03-08 00:34:25 2097152 --a------ C:\Documents and Settings\cscontrol\NTUSER.DAT
            2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\Netwerkprinteromgeving
            2008-03-08 00:34:25 0 d--h----- C:\Documents and Settings\cscontrol\NetHood
            2008-03-08 00:34:25 0 dr------- C:\Documents and Settings\cscontrol\Mijn documenten
            2008-03-08 00:34:25 0 dr------- C:\Documents and Settings\cscontrol\Menu Start
            2008-03-08 00:30:04 8634368 --a------ C:\WINDOWS\system32\ProfUIS281n.dll <Not Verified; FOSS Software, Inc.; Professional User Interface Suite>
            2008-03-08 00:30:04 262144 --a------ C:\WINDOWS\system32\ProfSkin281n.dll <Not Verified; FOSS Software, Inc.; Professional User Interface Suite>
            2008-03-07 19:31:15 0 dr-h----- C:\$VAULT$.AVG
            2008-03-06 21:26:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
            2008-03-06 21:25:38 0 d-------- C:\Program Files\Common Files\iS3
            2008-03-06 21:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
            2008-03-06 21:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-03-06 20:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
            2008-03-06 18:31:51 0 d-------- C:\Program Files\Common Files\PC Tools
            2008-03-06 18:05:19 0 d-------- C:\Program Files\Spyware Doctor
            2008-03-06 17:56:31 0 d-------- C:\Documents and Settings\hasan\Application Data\Sunbelt Software
            2008-03-06 17:40:25 20992 --a------ C:\WINDOWS\sysounrk.exe
            2008-03-06 17:40:24 35840 --a------ C:\WINDOWS\sysockeu.exe
            2008-03-06 17:40:24 3072 --a------ C:\WINDOWS\ftebh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
            2008-03-06 17:40:24 1409 --a------ C:\WINDOWS\fbdzj.exe
            2008-02-25 16:05:54 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
            2008-02-25 16:05:54 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
            2008-02-25 16:05:54 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
            2008-02-25 16:05:54 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
            2008-02-25 16:05:54 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
            2008-02-25 16:05:51 0 d-------- C:\Program Files\Ahead
            2008-02-24 17:30:15 0 d-------- C:\Program Files\SoftwareClub.ws
            2008-02-24 17:30:11 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
            2008-02-23 11:33:10 0 d-------- C:\Program Files\Magic Lens Max
            2008-02-23 11:33:10 0 d-------- C:\Documents and Settings\hasan\Application Data\Magic Lens Max
            2008-02-18 18:37:46 0 d-------- C:\Program Files\ARWizard3
            2008-02-11 19:36:50 0 d-------- C:\Program Files\FrameShow


            -- Find3M Report ---------------------------------------------------------------

            2008-03-11 19:09:16 0 d-------- C:\Program Files\Common Files
            2008-03-10 18:36:03 0 d-------- C:\Documents and Settings\hasan\Application Data\VoipStunt
            2008-03-10 16:18:42 0 d-------- C:\Program Files\MSN Messenger
            2008-03-10 16:09:56 0 d-------- C:\Program Files\Browser USB MOUSE
            2008-03-07 20:55:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2008-03-06 18:06:34 364330 --a------ C:\WINDOWS\system32\perfh013.dat
            2008-03-06 18:06:34 53418 --a------ C:\WINDOWS\system32\perfc013.dat
            2008-02-25 16:05:54 0 d-------- C:\Program Files\Common Files\Ahead
            2008-02-04 16:37:08 0 d-------- C:\Documents and Settings\hasan\Application Data\VoipRaider
            2008-02-03 12:10:51 0 d--h----- C:\Program Files\InstallShield Installation Information
            2008-01-31 14:02:21 0 d-------- C:\Documents and Settings\hasan\Application Data\Gizmo Project
            2008-01-30 22:14:36 0 d-------- C:\Program Files\Artword Editor
            2008-01-30 22:14:00 0 d-------- C:\Documents and Settings\hasan\Application Data\ArtWord
            2008-01-25 22:39:28 0 d-------- C:\Documents and Settings\hasan\Application Data\Ahead
            2008-01-22 12:39:08 0 d-------- C:\Program Files\VoipRaider.com
            2008-01-19 20:16:31 0 d-------- C:\Program Files\Quick All Audio Converter
            2008-01-19 19:01:26 5 --a------ C:\WINDOWS\youtubex.dll
            2008-01-19 17:33:30 0 d-------- C:\Program Files\MOJOSOFT
            2008-01-19 17:33:30 0 d-------- C:\Documents and Settings\hasan\Application Data\mojosoft
            2008-01-16 15:49:54 0 d-------- C:\Documents and Settings\hasan\Application Data\DAEMON Tools
            2008-01-12 14:30:41 0 d-------- C:\Documents and Settings\hasan\Application Data\GeoVid
            2008-01-12 14:28:27 0 d-------- C:\Program Files\Common Files\GeoVid
            2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
            2008-01-07 20:39:35 23336 --a------ C:\Documents and Settings\hasan\Application Data\GDIPFONTCACHEV1.DAT
            2008-01-01 19:29:40 322 --a------ C:\Documents and Settings\hasan\Application Data\Taxi4.MCS
            2007-12-23 17:22:33 200704 --a------ C:\WINDOWS\system32\FOYGqsJVxB.dll
            2007-12-22 13:33:39 126 --a------ C:\WINDOWS\snake.DAT
            2007-12-12 15:36:16 0 --a------ C:\WINDOWS\system32\Ultra.dll


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6465BD-FC01-4AD9-894C-05F74F486391}]

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3551E8B-A79B-4880-81FD-3E4B84367085}]

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBD29C3C-C642-4843-A627-6E54A947B511}]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "FLMOFFICE4DMOUSE"="C:\Program Files\Browser USB MOUSE\mouse32a.exe" [16-04-2007 20:04]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25-04-2007 21:46]
            "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27-12-2006 15:53]
            "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [03-11-2006 10:01]
            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
            "1029BB4B-16A9-4E77-AA3D-96930BD68EEC"="C:\WINDOWS\sysockeu.exe" [06-03-2008 17:40]
            "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 00:03]
            "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27-12-2006 15:53]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 9:01:04]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "SynchronousMachineGroupPolicy"=0 (0x0)
            "SynchronousUserGroupPolicy"=0 (0x0)

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayxw]
            xxyayxw.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
            @="Service"

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
            @="Service"

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
            @="Volume shadow copy"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msmsgs]
            C:\Documents and Settings\hasan\Local Settings\Temp\ir_ext_temp_1\AutoPlay\Docs\MSN passwords\MSN\Msn messanger.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
            "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized




            -- End of Deckard's System Scanner: finished at 2008-03-11 19:46:47 ------------

            Comment


            • #7
              Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
              R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
              O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
              O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
              O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
              O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
              O3 - Toolbar: (no name) - SITEguard - (no file)
              O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
              O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
              O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
              O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
              O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
              O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
              O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
              O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df34} - (no file)

              Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

              Herstart je computer en post een nieuw logje van Hijackthis ter controle

              Comment


              • #8
                dit is de resultaat

                Logfile of HijackThis v1.99.1
                Scan saved at 16:58:44, on 12-3-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16608)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\csrss.exe
                C:\WINDOWS\SYSTEM32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Browser USB MOUSE\mouse32a.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\WINDOWS\PixArt\PAC207\Monitor.exe
                C:\Program Files\Spyware Doctor\pctsTray.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\WINDOWS\system32\cisvc.exe
                C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
                C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\Program Files\Spyware Doctor\pctsAuxs.exe
                C:\Program Files\Spyware Doctor\pctsSvc.exe
                C:\WINDOWS\System32\svchost.exe
                C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
                C:\Documents and Settings\hasan\Mijn documenten\hj\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                O11 - Options group: [INTERNATIONAL] International*
                O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
                O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab
                O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
                O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
                O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
                O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
                O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE




                *R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                *R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - (no file)
                O2 - BHO: (no name) - {9B6465BD-FC01-4AD9-894C-05F74F486391} - (no file)
                O2 - BHO: (no name) - {D3551E8B-A79B-4880-81FD-3E4B84367085} - (no file)
                O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
                O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
                O3 - Toolbar: (no name) - SITEguard - (no file)
                O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
                O4 - HKLM\..\Run: [1029BB4B-16A9-4E77-AA3D-96930BD68EEC] "C:\WINDOWS\sysockeu.exe"
                O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
                *O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
                *O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKCU)
                O20 - Winlogon Notify: xxyayxw - C:\WINDOWS\system32\xxyayxw.dll (file missing)
                *O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
                O21 - SSODL: KernelComponent - {afe6c5ee-0c8f-4790-8483-8f333497df3


                *= dingen die er niet bij stonden
                er waren nog paar die er niet bij stonden maar die ben ik vergeten
                maar de rest heb ik wel gefixt Ik hoop dat we het goede kant op gaan
                ik wil weer mijn snelle pc terug zonder die klote spyware
                bedankt nog dat je me helpt

                Comment


                • #9
                  Verwijder deze bestanden:
                  C:\WINDOWS\sysounrk.exe
                  C:\WINDOWS\sysockeu.exe
                  C:\WINDOWS\ftebh.exe
                  C:\WINDOWS\fbdzj.exe

                  Vertel welke problemen je nog ondervindt

                  Comment


                  • #10
                    moet ik dat bij c/windows wissen
                    dus gewoon naar mijn computer etc?

                    mijn problemen zijn : trage pc, mijn achtrgrond is nu gelukt
                    maar ik heb nu Thumbs.db op mijn bureaublad en ik weet niet hoe dat daar komt en ook een map met %userprofiele%
                    Deze twee dingen staan ook op mijn afbeeldingen
                    en ze zijn doorzichtig bijvoolbeld als je iets kopieert op knipt dan wordt het toch eventjes doorzichtig zo iets is het . het blijft doorzichtig
                    als ik het wil vewijdere dan zegt die dat sommige dingen niet kunnen werken dus heb ik het niet verwijderd ik dacht ik vraag het gewoon effe.
                    ik heb met spywaredoctor paar scans uitgevoerd en wat dingen verwijderd.
                    maar je bent super want mijn achtergrond kan ik nu gewoon wijzigen
                    ik hoop dat als ik hem herstart dat die dan gewoon zelfde belijft
                    en ongewenste pagina zijn nu ook weg aleen beetje trage pc

                    Comment


                    • #11
                      ik klik op deze computer en dan C
                      ik zie nu dat heel veel mappen doorzichtig zijn hoe komt dat?

                      Comment


                      • #12
                        Verborgen bestanden en mappen worden weergegeven.
                        Lees hier maar eens: http://users.telenet.be/marcvn/spyware/1117602.htm
                        Om dit ongedaan te maken moet je de omgekeerde bewerking kiezen.

                        Die bestanden moet je gewoon opzoeken met je verkenner, daarna rechtsklikken en voor verwijderen kiezen.

                        Daarna doe je dit:

                        Je Java software is verouderd.
                        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                        • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                        • Herhaal dit tot alle oudere versies verdwenen zijn.
                        • Na het verwijderen van alle oudere versies, herstart je pc.
                        • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Post als laatste nog een nieuw logje van Hijackthis ter controle

                        Comment


                        • #13
                          hoi smeenk

                          hee super man mijn achtergrond is helemaal toppie nu
                          die doorzichtige mappen kan ik dus gewoon verijdere toch?
                          jaa ik wil altijd alles zeker weten

                          mijn pc is soms snel en soms loopt die evve vast
                          bv als ik internet site open

                          en deze dingen kan ik nie vinde

                          Verwijder deze bestanden:
                          C:\WINDOWS\sysounrk.exe
                          C:\WINDOWS\sysockeu.exe
                          C:\WINDOWS\ftebh.exe
                          C:\WINDOWS\fbdzj.exe



                          dit is mijn nieuwe logje

                          Logfile of HijackThis v1.99.1
                          Scan saved at 19:16:49, on 12-3-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\csrss.exe
                          C:\WINDOWS\SYSTEM32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Browser USB MOUSE\mouse32a.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\WINDOWS\PixArt\PAC207\Monitor.exe
                          C:\Program Files\Spyware Doctor\pctsTray.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\WINDOWS\system32\cisvc.exe
                          C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
                          C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
                          C:\WINDOWS\system32\nvsvc32.exe
                          C:\Program Files\Spyware Doctor\pctsAuxs.exe
                          C:\Program Files\Spyware Doctor\pctsSvc.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\wbem\wmiprvse.exe
                          C:\WINDOWS\System32\alg.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Documents and Settings\hasan\Mijn documenten\hj\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser USB MOUSE\mouse32a.exe"
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
                          O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                          O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                          O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                          O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
                          O11 - Options group: [INTERNATIONAL] International*
                          O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
                          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
                          O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                          O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} - http://www.gamegarden.net/game/ggsecure.cab
                          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
                          O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
                          O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
                          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                          O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
                          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                          O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
                          O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                          O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

                          Comment


                          • #14
                            Oorspronkelijk geplaatst door feniks Bekijk Berichten
                            die doorzichtige mappen kan ik dus gewoon verijdere toch?
                            jaa ik wil altijd alles zeker weten
                            Waarom wil je die verwijderen?
                            Lijkt me niet zo verstandig, die mappen en bestanden zijn niet voor niets verborgen.
                            Als je die gaat verwijderen help je je hele systeem naar de vernieling

                            Heb je wel naar die link gekeken:


                            Ik schreef dat je de omgekeerde bewerking moest doen:
                            Ga naar Start en klik op Deze computer.
                            In de menubalk selecteer je Extra en dan Mapopties.
                            Selecteer de tab Weergave.
                            Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
                            Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
                            Klik op Ja om dit te bevestigen.
                            Klik op OK.
                            Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.(dat vinkje haal je nu dus weg)
                            Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).(Dat vinkje plaats je nu dus weer terug)
                            Klik op Ja om dit te bevestigen.
                            Klik op OK.

                            Duidelijker kan ik volgens mij niet zijn

                            Comment


                            • #15
                              dat is duidelijk jahh
                              jahh sry ik moet gewoon heel zeker zijn snap je het zit in me

                              maar is die logje nou goed?

                              deze dingen die ik van jou moest verwijdere kan ik niet vinde
                              ze zitten niet in c;windows.
                              misschien in system32 of ergens anders

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X