Installeer hijackthis.exe bijv. in C:\Program Files\Hijackthis
Dit in verband met de backups die dit programma maakt.

Start HijackThis

Klik op "Open the Misc Tools section".
Klik nu op "Open Uninstall Manager"
Daarna klik je aan de rechterkant op "Save list..."
Sla het bestand op en post daarna de inhoud van het kladblokbestand dat verschijnt.

Hier komt het:
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Nederlands
ADSL Support Wizard
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3.0
AVG Anti-Spyware 7.5
Camera Suite
CCleaner (remove only)
ClearSkinFX for Digital Cameras
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Microsoft Office 2000 SR-1 Standard
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
Mozilla Thunderbird (2.0.0.12)
Nero 7 Essentials
Nikon View 6
NOD32 Antivirus System
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Update Manager
WordPerfect Office X3

Ik kan geen boosdoener vinden in het lijstje van geinstalleerde software.

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [first readme] "C:\ProgramData\Send active active.j9q02tx"
O4 - HKCU\..\Run: [blue delete title meow] "C:\ProgramData\Corn Thunk Lite.21ahm"

Klik op 'Fix checked' om de items te verwijderen.

Sluit hijackthis.

Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: Verborgen bestanden en mappen weergeven

Druk daarna op Toepassen gevolgd door Ok.

Verwijder de volgende bestanden:
C:\ProgramData\Send active active.j9q02tx
C:\ProgramData\Corn Thunk Lite.21ahm

Post ter controle een nieuw log van Hijackthis.

Hoi Steggel,
Ik heb alles gedaan wat je schreef, behalve:

Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestandenverbergen (aanbevolen)

Hier kreeg ik de volgende melding en durfde niet door te gaan Deze bestanden zijn nodig om windows te starten en kunnen uitvoeren. Als u deze bestanden verwijderd of bewerkt, werkt uw computer mogelijk niet meer. Weet u zeker dat u deze bestanden wilt weergeven?
Heb dus maar op "nee"geklikt.....

Het volgende hijackThis bestand:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:13, on 28-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KPN\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] "C:\Program Files\GoogleEULA\EULALauncher.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [first readme] "C:\ProgramData\Send active active.jscu7"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

--
End of file - 7769 bytes

Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [first readme] "C:\ProgramData\Send active active.jscu7"

Klik op 'Fix checked' om de items te verwijderen.

Lukt het wel om de bestanden te verwijderen met de verkenner?

C:\ProgramData\Send active active.j9q02tx
C:\ProgramData\Send active active.jscu7
C:\ProgramData\Corn Thunk Lite.21ahm

Ja, het is wel gelukt om bestanden te verwijderen via verkenner.
Heb verder alles gedaan zoals je hebt omschreven.
Helaas gaan de reclames gewoon door......
Herinner me opeens dat ik gisteren ook een scan heb laten doen door spyware docter. Volgens deze was er sprake van een trojan-downloader.agent.DUJ. Maar omdat ik vervolgens moest betalen om deze te laten verwijderen, vertrouwde ik het niet helemaal.
Wel fijn dat je me helpt, ik leer er ook nog eens wat van, groet, Floor

post nog eens een nieuw log van hijackthis.

hier komt ie......(durf niet te vroeg te juichen, maar ik heb al een minuut of 5 geen reclame gezien......)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:39, on 28-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KPN\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Joki\AppData\Local\Zylom Games\Bookworm Deluxe\Bookworm.exe
C:\Users\Joki\AppData\Local\Zylom Games\Bookworm Deluxe\Bookworm.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] "C:\Program Files\GoogleEULA\EULALauncher.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [first readme] "C:\ProgramData\Send active active.oynm3"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

--
End of file - 7968 bytes

Toch te vroeg gejuigd.......

"first readme" komt steeds terug met een ander bestand.

Maar eens iets anders proberen.

Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Hier de combofix resultaten:

ComboFix 08-03-27.1 - Joki 2008-03-28 20:39:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.309 [GMT 1:00]
Gestart vanuit: C:\Users\Joki\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-28 16:30 . 2008-03-28 16:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 14:55 . 2008-03-28 14:55 <DIR> d-------- C:\Users\Joki\AppData\Roaming\Grisoft
2008-03-28 14:55 . 2008-03-28 14:55 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-28 14:55 . 2008-03-28 14:55 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-28 14:55 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-27 19:51 . 2008-03-27 19:51 0 --ah----- C:\ProgramData.LOG2
2008-03-27 19:51 . 2008-03-27 19:51 0 --ah----- C:\ProgramData.LOG1
2008-03-27 18:58 . 2008-03-27 18:58 164 --a------ C:\install.dat
2008-03-27 17:02 . 2008-03-27 19:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-27 16:35 . 2008-03-28 18:35 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-27 16:35 . 2008-03-28 18:35 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-27 14:38 . 2008-03-27 14:38 156,674,811 --a------ C:\Windows\MEMORY.DMP
2008-03-26 17:30 . 2008-03-26 17:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-26 17:30 . 2008-03-26 17:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-26 17:30 . 2008-03-26 17:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 13:12 . 2008-03-26 13:13 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-26 13:12 . 2008-03-26 13:13 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-26 13:12 . 2008-03-26 13:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-26 13:11 . 2008-03-26 13:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 12:51 . 2008-03-26 13:01 <DIR> d-------- C:\Program Files\Hitman Pro
2008-03-25 17:41 . 2008-03-25 17:41 <DIR> d-------- C:\Program Files\CCleaner
2008-03-24 19:14 . 2008-03-24 19:14 <DIR> d-------- C:\Users\All Users\up hold blue delete
2008-03-24 19:14 . 2008-03-24 19:14 <DIR> d-------- C:\Users\All Users\MoveHoldCopy
2008-03-24 19:14 . 2008-03-24 19:14 <DIR> d-------- C:\ProgramData\up hold blue delete
2008-03-24 19:14 . 2008-03-24 19:14 <DIR> d-------- C:\ProgramData\MoveHoldCopy
2008-03-24 18:56 . 2008-03-27 19:17 <DIR> d-------- C:\Users\Joki\Incomplete
2008-03-24 18:56 . 2008-03-24 20:55 <DIR> d-------- C:\Users\Joki\AppData\Roaming\LimeWirePlus
2008-03-24 17:09 . 2008-03-24 18:48 <DIR> d-------- C:\Program Files\Kyodai Mahjongg 2006
2008-03-24 16:17 . 2008-03-24 16:59 <DIR> d-------- C:\Program Files\Kyodai
2008-03-23 19:24 . 2008-03-23 19:24 <DIR> d-------- C:\Users\Joki\AppData\Roaming\SpinTop
2008-03-23 19:24 . 2008-03-27 19:50 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-23 19:24 . 2008-03-27 19:50 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-11 19:28 . 2008-03-11 19:28 <DIR> d-------- C:\Users\Joki\AppData\Roaming\DAEMON Tools
2008-03-11 19:09 . 2008-03-11 19:31 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-05 13:03 . 2008-03-05 13:03 <DIR> d-------- C:\Users\All Users\SupportSoft
2008-03-05 13:03 . 2008-03-05 13:03 <DIR> d-------- C:\ProgramData\SupportSoft
2008-03-05 13:02 . 2008-03-05 13:03 <DIR> d-------- C:\Program Files\KPN
2008-03-05 13:02 . 2008-03-05 13:03 261 --a------ C:\Windows\{B0CDD92B-588D-475B-A77C-DD674ED537D8}_WiseFW.ini
2008-03-05 12:33 . 2008-03-05 12:33 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-03-04 16:29 . 2008-03-04 16:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 19:27 . 2008-03-01 19:27 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-01 19:27 . 2008-03-01 19:27 1,409 --a------ C:\Windows\QTFont.for
2008-03-01 19:26 . 2008-03-01 19:26 <DIR> d-------- C:\Program Files\iTunes
2008-03-01 19:26 . 2008-03-01 19:26 <DIR> d-------- C:\Program Files\iPod
2008-03-01 19:24 . 2008-03-01 19:24 <DIR> d-------- C:\Program Files\QuickTime

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 21:07 --------- d-----w C:\Program Files\Java
2008-03-27 15:35 --------- d-----w C:\Program Files\Google
2008-03-24 15:15 --------- d-----w C:\Program Files\PopCap Games
2008-03-11 18:35 --------- d-----w C:\Program Files\ESET
2008-03-01 18:26 --------- d-----w C:\ProgramData\Apple Computer
2008-02-27 19:00 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-13 16:36 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 16:36 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 16:35 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 16:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 16:35 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 16:35 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 16:35 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 16:35 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 16:35 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 16:32 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:32 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 16:32 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 16:32 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:32 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 16:30 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 16:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 16:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 16:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-30 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 20:28 --------- d-----w C:\Program Files\ArcSoft
2008-01-11 15:23 9,282 ----a-w C:\Program Files\INSTALL.LOG
2008-01-09 17:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 12:09 28,672 ----a-w C:\Windows\System32\qttask.exe
2008-01-03 07:55 298,104 ----a-w C:\Windows\System32\imon.dll
2008-01-02 21:03 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-02 21:03 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-02 21:03 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-02 21:02 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-02 21:02 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-02 21:01 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-02 21:01 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-02 21:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-02 21:00 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-02 21:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-02 21:00 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-02 21:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-02 21:00 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-02 21:00 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-02 21:00 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-02 21:00 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-02 21:00 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-02 20:59 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-02 20:59 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-02 20:59 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-02 20:58 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-02 20:58 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-02 20:58 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-02 20:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-02 20:55 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-01-02 20:55 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-02 20:55 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-02 20:55 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-01-02 20:54 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:54 633,856 ----a-w C:\Windows\System32\user32.dll
2008-01-02 20:54 2,026,496 ----a-w C:\Windows\System32\win32k.sys
2008-01-02 20:40 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 20:40 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 20:40 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 20:40 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 20:39 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 20:39 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 20:39 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 20:39 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 20:39 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2001-05-24 10:59 162,304 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:27 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-27 16:35 68856]
"first readme"="C:\ProgramData\Send active active.oynm3" [2008-03-28 18:52 143376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 14:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 11:00 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 20:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 20:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 20:13 81920]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-04 23:01 77892]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-10 14:51 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 15:54 16896]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-03 08:55 949376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"KPN"="C:\Program Files\KPN\bin\sprtcmd.exe" [2007-10-23 11:36 198184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-27 16:35:40 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 17:15:56 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2008-01-03 13:09:56 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2B60A73C-45F5-4D0A-998E-57ED37958B37}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{671B219B-EB53-407C-97F3-455ABE2619FE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{86B4F626-052B-472F-8BB3-048B63560E61}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B895D58E-0005-41BF-BB05-F28B3338DEB5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{58A2A86E-671E-442F-B6BE-B02E30B4B926}"= UDP:C:\Program Files\KPN\agent\bin\bcont.exe:bcont.exe
"{5B0919BD-9601-4A4E-89FD-18558FB8585D}"= TCP:C:\Program Files\KPN\agent\bin\bcont.exe:bcont.exe
"TCP Query User{0F0A2A1A-F257-4A9A-98F0-5799810F4A3E}C:\\program files\\limewire plus\\limewire.exe"= UDP:C:\program files\limewire plus\limewire.exe:LimeWire
"UDP Query User{2388B1BA-DB97-4495-A737-953DDD62BA56}C:\\program files\\limewire plus\\limewire.exe"= TCP:C:\program files\limewire plus\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);"C:\Program Files\KPN\bin\sprtsvc.exe" /service /p KPN
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 20:05]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 21:39]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 20:42:02
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-03-28 20:42:44
ComboFix-quarantined-files.txt 2008-03-28 19:42:40
Pre-Run: 91,958,161,408 bytes beschikbaar
Post-Run: 91,933,667,328 bytes beschikbaar
.
2008-03-28 12:51:09 --- E O F ---


En dan hier nog een keer de hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:06, on 28-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KPN\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] "C:\Program Files\GoogleEULA\EULALauncher.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [first readme] "C:\ProgramData\Send active active.oynm3"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

--
End of file - 7722 bytes

Krijg zo bezoek, weet niet of ik dan vanavond nog kan reageren. Groet, Floor

Ik wil toch nog informatie van een ander programma.

Download dit bestand:
Deljob.exe(mirror)

Plaats het op je bureaublad.

Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.

Komtie dan :

--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
De volumenaam van station C is BOOT
Het volumenummer is 3A76-ECD8

Map van C:\ProgramData

04-03-2008 16:30 <DIR> Adobe
11-01-2008 20:25 <DIR> Apple
01-03-2008 19:26 <DIR> APPLEC~1 Apple Computer
10-04-2007 08:07 <DIR> Borland
03-01-2008 12:05 <DIR> Corel
10-04-2007 14:51 <DIR> Google
28-03-2008 18:35 <DIR> GOOGLE~1 Google Updater
28-03-2008 14:55 <DIR> Grisoft
10-04-2007 08:06 <DIR> INSTAL~1 InstallShield
26-03-2008 13:13 <DIR> Lavasoft
24-03-2008 19:14 <DIR> MOVEHO~1 MoveHoldCopy
05-04-2007 08:34 <DIR> Nero
03-01-2008 13:09 <DIR> QUICKT~1 QuickTime
24-03-2008 19:14 94.224 SENDAC~1.4L2 Send active active.4l2ie
28-03-2008 18:52 143.376 SENDAC~1.OYN Send active active.oynm3
26-03-2008 17:41 <DIR> SPYBOT~1 Spybot - Search & Destroy
05-03-2008 13:03 <DIR> SUPPOR~1 SupportSoft
27-03-2008 19:50 <DIR> TEMP
24-03-2008 19:14 <DIR> UPHOLD~1 up hold blue delete
2 bestand(en) 237.600 bytes
17 map(pen) 91.981.869.056 bytes beschikbaar
--------------------------------------------------------
All User Accounts
--------------------------------------------------------

--------------------------------------------------------

Download OTMoveIt2.exe en plaats het op je bureaublad:

• Start OTMoveIt2 door dubbel te klikken op OTMoveIt2.exe
• Kopi?er (selecteren en druk Ctrl-C) de onderstaande, vetgedrukte tekst:
  
  C:\ProgramData\Send active active.oynm3
  C:\ProgramData\Send active active.4l2ie
  C:\ProgramData\up hold blue delete
  C:\ProgramData\MoveHoldCopy
  
• Plak de gekopi?erde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster.
• Klik daarna op de rode knop MoveIt onderaan.
• Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
• Post de inhoud daarvan in je volgende bericht.

Post dan ook nog een nieuw log van deljob.exe