Mededeling

Collapse
No announcement yet.

in de war

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • in de war

    mijn computer maakt on gevraagt verbinding met het net en ik denk dat hij mail verstuurt ik heb volgens netstat zo nu en dan 75 verbindingen waardoor explorer last heeft van buffer overrun om het kwartier ik heb alle spy ware antie virusnu wel geprobeert en er worden ook wel trojaans gevonden maar zo dra ik herstart begint het weer van voor af aan
    heren u bent mijn laatste hoop
    help
    hier een hijacklog:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:35:51, on 19-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    c:\PROGRA~1\COMMON~1\mcafee\emproxy\emtray.exe
    C:\Documents and Settings\Nauticverhuur\Bureaublad\HiJackThis_v2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\efcDVnOf.dll
    O2 - BHO: (no name) - {513F256F-C89B-4320-964F-6F998D3BAB5D} - C:\WINDOWS\system32\efcyxvWO.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
    O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203933569796
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
    O20 - Winlogon Notify: efcDVnOf - C:\WINDOWS\SYSTEM32\efcDVnOf.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
    O23 - Service: YWNM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\NAUTIC~1\LOCALS~1\Temp\YWNM.exe
    O24 - Desktop Component 0: (no name) - About:Home

    --
    End of file - 10447 bytes
    bvd thanks

  • #2
    Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
    Unzip het.
    Start het programma door op avenger.exe te klikken.
    In het venster "Input Script here", plak je het volgende (vetgedrukte):


    Files to delete:
    C:\WINDOWS\system32\efcDVnOf.dll
    C:\WINDOWS\system32\efcyxvWO.dll


    Klik daarna op de knop "Execute".
    Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
    Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      in de war

      he hallo
      ik had al een vermoeden dat dat een probleem gaf
      maar ik kon ze niet verwijderen maar dat is nu gelukt
      er komt zo nu en dan ook een (als ik explorer op start) een reklame ding van vegas32.com
      hier tevens nog een logje
      alvast bedankt voor je moeite


      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 17:55:50, on 20-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\McAfee\MSK\MskAgent.exe
      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
      C:\Program Files\McAfee\MBK\MBackMonitor.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\PROGRA~1\McAfee\MPS\mps.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\McAfee\MPS\mpsevh.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      C:\Documents and Settings\Nauticverhuur\Bureaublad\HiJackThis_v2.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\efcDVnOf.dll (file missing)
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
      O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - C:\WINDOWS\system32\efcyxvWO.dll (file missing)
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
      O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
      O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
      O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
      O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203933569796
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
      O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)
      O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
      O23 - Service: YWNM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\NAUTIC~1\LOCALS~1\Temp\YWNM.exe
      O24 - Desktop Component 0: (no name) - About:Home

      --
      End of file - 10448 bytes

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\efcDVnOf.dll (file missing)
        O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - C:\WINDOWS\system32\efcyxvWO.dll (file missing)
        O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.

        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

        Comment


        • #5
          in de waar

          ---RVAXO.exe Updated: 2008-04-20---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\BMa308084b.xml
          C:\WINDOWS\BMa308084b.txt
          C:\WINDOWS\system32\CcJklnmp.ini2
          C:\WINDOWS\system32\moqqBJlm.ini2
          C:\WINDOWS\system32\OWvxycfe.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\yeTyezzd.sys
          C:\WINDOWS\wininit.ini
          C:\WINDOWS\system32\clkcnt.txt
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\WLCtrl32.dll
          C:\WINDOWS\system32\lsprst7.dll
          C:\WINDOWS\SYSTEM32\SSPRS.DLL
          C:\WINDOWS\kiasys.dll

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:
          C:\WINDOWS\system32\WLCtrl32.dll

          --------------RVAXO.exe finished----------------

          een probleem dss doet het niet hij geeft een toepassings fout na enige tijd
          bezig te zijn geweest en ik krijg dus ook geen logje
          groet Rindert

          P,s
          The program BN3.TMP requests access to the Internet. You can grant, grant once, grant outbound-only, or block access for this program.

          McAfee does not recognize this program.

          Details
          Program: BN3.TMP
          Location: C:\WINDOWS\TEMP\BN3.TMP
          Tell McAfee about this program.


          The program BN3.TMP requests access to the Internet. You can grant, grant once, grant outbound-only, or block access for this program.

          McAfee does not recognize this program.

          Details
          Program: BN3.TMP
          Location: C:\WINDOWS\TEMP\BN3.TMP
          Tell McAfee about this program.
          dit is wat mcafee meld iederekeer als ik opstart
          nog een logje van hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA)
          Scan saved at 21:19:00, on 20-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\CNYHKey.exe
          C:\Program Files\McAfee\MSK\MskAgent.exe
          C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
          C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
          C:\Program Files\McAfee\MBK\MBackMonitor.exe
          C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
          C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
          c:\program files\common files\mcafee\mna\mcnasvc.exe
          C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
          C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
          c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
          C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
          C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\McAfee\MPF\MPFSrv.exe
          C:\PROGRA~1\McAfee\MPS\mps.exe
          C:\Program Files\McAfee\MSK\MskSrver.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\McAfee\MPS\mpsevh.exe
          c:\PROGRA~1\mcafee.com\agent\mcagent.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\netstat.exe
          c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
          C:\WINDOWS\system32\cleanmgr.exe
          C:\WINDOWS\explorer.exe
          C:\Documents and Settings\Nauticverhuur\Bureaublad\HiJackThis_v2.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - (no file)
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
          O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - (no file)
          O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
          O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
          O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
          O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
          O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
          O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
          O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)
          O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
          O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
          O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
          O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
          O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
          O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
          O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
          O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
          O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
          O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
          O23 - Service: YWNM - Unknown owner - C:\DOCUME~1\NAUTIC~1\LOCALS~1\Temp\YWNM.exe (file missing)

          --
          End of file - 9968 bytes
          Last edited by zoefzoef; 20-04-08, 21:22. Reden: aanvullen

          Comment


          • #6
            Oorspronkelijk geplaatst door smeenk Bekijk Berichten
            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
            Misschien is dit de reden dat Deckard's System Scanner niet werkt


            Krijg je Deckard's System Scanner echt niet aan de praat, doe dan dit:
            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              in de war

              ======C:\WINDOWS====
              ----a-w 0 2008-04-20 20:49:38 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-04-20 20:47:53 C:\WINDOWS\bootstat.dat
              ----a-w 951 2008-04-04 20:44:28 C:\WINDOWS\cookies.ini
              ----a-w 31,976 2008-04-20 19:39:02 C:\WINDOWS\DPINST.LOG
              ----a-w 770 2008-04-03 05:50:41 C:\WINDOWS\hegames.ini
              ----a-w 1,292 2008-04-14 19:58:12 C:\WINDOWS\HNKZ.INI
              ----a-w 4,328 2008-04-20 20:49:17 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
              ----a-w 116 2008-04-11 16:11:27 C:\WINDOWS\NeroDigital.ini
              ----a-w 300,230 2008-04-20 18:52:51 C:\WINDOWS\ntbtlog.txt
              ----a-w 1,770 2008-04-20 17:20:05 C:\WINDOWS\SchedLgU.Txt
              ----a-w 1,146 2008-04-20 19:50:02 C:\WINDOWS\setupact.log
              ----a-w 169,966 2008-04-20 20:53:54 C:\WINDOWS\setupapi.log
              ----a-w 5,995,473 2008-04-04 20:09:00 C:\WINDOWS\setupapi.log.1.old
              ----a-w 0 2008-04-20 19:17:42 C:\WINDOWS\setuperr.log
              ------w 0 2008-04-19 21:12:38 C:\WINDOWS\Sti_Trace.log
              ----a-w 159 2008-04-20 20:49:25 C:\WINDOWS\wiadebug.log
              ----a-w 0 2008-04-20 20:48:59 C:\WINDOWS\wiaservc.log
              ----a-w 884 2008-04-19 16:34:26 C:\WINDOWS\win.ini
              ----a-w 100,507 2008-04-20 20:54:09 C:\WINDOWS\WindowsUpdate.log
              ----a-w 1,248 2008-03-31 21:09:47 C:\WINDOWS\_isenv31.ini

              Entries: 20 (19)
              Directories: 0 Files: 20
              Bytes: 6,612,864 Blocks: 12,923
              ======C:\WINDOWS\system32=====
              ----a-w 2,335,270 2008-04-19 16:50:32 C:\WINDOWS\System32\2c0AB.mht
              ----a-w 94,784 2008-04-18 21:21:36 C:\WINDOWS\System32\aqcfwlat.dllorg
              ----a-w 87,616 2008-04-16 19:50:26 C:\WINDOWS\System32\axxeotbq.dll
              ----a-w 36,864 2008-04-11 15:40:59 C:\WINDOWS\System32\cbXQiHBQ.dll
              --sha-w 167,696 2008-04-04 14:16:29 C:\WINDOWS\System32\CcJklnmp.ini
              ----a-w 102 2008-04-19 18:05:09 C:\WINDOWS\System32\clear.reg
              ----a-w 5,430 2008-04-20 23:02:12 C:\WINDOWS\System32\Config.MPF
              ----a-w 2,845 2008-04-11 16:02:15 C:\WINDOWS\System32\CONFIG.NT
              --sha-w 706,758 2008-04-04 19:47:58 C:\WINDOWS\System32\cpfccpwr.ini
              ----a-w 128,352 2008-04-19 16:51:24 C:\WINDOWS\System32\d4bAC.dll
              ----a-w 54,624 2008-04-19 16:50:55 C:\WINDOWS\System32\d4bAC.sys
              --sh--w 691,566 2008-04-04 09:12:06 C:\WINDOWS\System32\davoaxck.ini
              ----a-w 3,648 2008-04-13 16:42:46 C:\WINDOWS\System32\dcbbjbkh.dll
              ----a-w 59 2008-04-19 18:16:58 C:\WINDOWS\System32\direct.txt
              ----a-w 92,736 2008-04-13 16:44:03 C:\WINDOWS\System32\dthavqkh.dllorg
              ----a-w 95,808 2008-04-16 19:46:35 C:\WINDOWS\System32\dtxoanbw.dllorg
              ----a-w 1 2008-04-03 15:57:25 C:\WINDOWS\System32\duis.txt
              --sh--w 706,777 2008-04-06 11:04:33 C:\WINDOWS\System32\eihdbcgn.ini
              ----a-w 95,296 2008-04-13 16:37:19 C:\WINDOWS\System32\exlvycfo.dll
              ----a-w 23 2008-04-11 17:25:01 C:\WINDOWS\System32\fcfcebeeb_z.ocx
              --sha-w 23 2008-04-11 17:25:01 C:\WINDOWS\System32\fdbbaeebb_z.dll
              ----a-w 3,648 2008-04-11 17:44:59 C:\WINDOWS\System32\feidlptf.dll
              ----a-w 10 2008-04-19 18:05:01 C:\WINDOWS\System32\flag.txt
              ----a-w 1,594,920 2008-04-19 18:20:29 C:\WINDOWS\System32\FNTCACHE.DAT
              ----a-w 1,462,272 2008-04-10 20:32:51 C:\WINDOWS\System32\HGEQVQQGDE
              ----a-w 36,864 2008-04-11 15:50:37 C:\WINDOWS\System32\hgGWQgGy.dll
              ----a-w 36,864 2008-04-11 17:17:35 C:\WINDOWS\System32\hgGwTmlk.dll
              ----a-w 82,432 2008-03-26 06:50:45 C:\WINDOWS\System32\IEDFix.exe
              --sh--w 706,638 2008-04-04 19:28:47 C:\WINDOWS\System32\jleokdab.ini
              ----a-w 85,568 2008-04-13 16:45:53 C:\WINDOWS\System32\jtjwomyk.dll
              ----a-w 6,300 2008-03-21 20:15:56 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
              ----a-w 90,176 2008-04-11 17:49:15 C:\WINDOWS\System32\jvbvyyhd.dll
              ----a-w 86,080 2008-04-11 17:46:25 C:\WINDOWS\System32\koqyjglr.dll
              --sh--w 294 2008-04-13 16:46:04 C:\WINDOWS\System32\kymowjtj.ini
              ----a-w 94,272 2008-04-16 19:47:29 C:\WINDOWS\System32\ljjvflag.dll
              ----a-w 976 2008-04-19 18:05:14 C:\WINDOWS\System32\lo2.txt
              ----a-w 0 2008-04-19 18:05:06 C:\WINDOWS\System32\lo2.txtt
              ----a-w 219 2008-04-20 16:27:57 C:\WINDOWS\System32\lsprst7.tgz
              --sha-w 183,785 2008-04-06 11:05:11 C:\WINDOWS\System32\moqqBJlm.ini
              ----a-w 27 2008-04-20 22:54:55 C:\WINDOWS\System32\MPFServiceFailureCount.txt
              ----a-w 19,836,024 2008-04-05 20:56:22 C:\WINDOWS\System32\MRT.exe
              ----a-w 420,864 2008-04-14 19:25:23 C:\WINDOWS\System32\ntvdm.exe
              --sha-w 213,066 2008-04-20 15:46:45 C:\WINDOWS\System32\OWvxycfe.ini
              ----a-w 71,202 2008-04-14 19:21:00 C:\WINDOWS\System32\perfc009.dat
              ----a-w 90,644 2008-04-14 19:21:00 C:\WINDOWS\System32\perfc013.dat
              ----a-w 440,194 2008-04-14 19:21:00 C:\WINDOWS\System32\perfh009.dat
              ----a-w 507,788 2008-04-14 19:21:00 C:\WINDOWS\System32\perfh013.dat
              ----a-w 1,124,566 2008-04-14 19:21:00 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 36,864 2008-04-11 15:43:19 C:\WINDOWS\System32\pmnkLcdb.dll
              ----a-w 36,864 2008-04-11 17:15:25 C:\WINDOWS\System32\pmnnlKeE.dll
              ----a-w 87,616 2008-04-19 17:05:13 C:\WINDOWS\System32\puxhhumy.dll
              --sh--w 354 2008-04-16 19:57:37 C:\WINDOWS\System32\qbtoexxa.ini
              ----a-w 94,784 2008-04-11 17:44:54 C:\WINDOWS\System32\qeabtngs.dll
              --sh--w 534 2008-04-11 18:16:39 C:\WINDOWS\System32\rlgjyqok.ini
              ----a-w 92,736 2008-04-19 17:02:27 C:\WINDOWS\System32\rnnnypmq.dll
              ----a-w 797,916 2008-04-20 16:34:52 C:\WINDOWS\System32\RVAXO.bat
              ----a-w 87 2008-04-20 16:27:57 C:\WINDOWS\System32\ssprs.tgz
              ----a-w 0 2008-04-19 18:05:14 C:\WINDOWS\System32\test.txt
              ----a-w 0 2008-04-19 18:05:10 C:\WINDOWS\System32\test2.txt
              ----a-w 0 2008-04-19 18:05:12 C:\WINDOWS\System32\test3.txt
              ----a-w 0 2008-04-19 18:05:11 C:\WINDOWS\System32\test5.txt
              ----a-w 86,528 2008-03-28 21:19:34 C:\WINDOWS\System32\VACFix.exe
              ----a-w 352,932 2008-04-11 15:59:58 C:\WINDOWS\System32\vsconfig.xml
              --sh--w 706,758 2008-04-04 19:47:58 C:\WINDOWS\System32\wbvsrnyd.ini
              ----a-w 7,013,654 2008-04-13 17:40:50 C:\WINDOWS\System32\WIHZUIAIQZVASAK
              ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
              ----a-w 12,288 2008-04-20 20:47:50 C:\WINDOWS\System32\WLCtrl32.dll
              ----a-w 12,288 2008-04-20 20:48:12 C:\WINDOWS\System32\WLCtrl32.dl_
              ----a-w 12,288 2008-04-20 19:05:37 C:\WINDOWS\System32\WLCtrl32.rvaxo
              ----a-w 2,206 2008-04-18 21:15:12 C:\WINDOWS\System32\wpa.dbl
              --sh--w 534 2008-04-19 18:24:46 C:\WINDOWS\System32\ymuhhxup.ini
              ----a-w 38,809,600 2008-04-10 17:27:22 C:\WINDOWS\System32\ZFLBBOIK
              ---h--w 4,212 2008-04-11 15:46:27 C:\WINDOWS\System32\zllictbl.dat

              Entries: 73 (59)
              Directories: 0 Files: 73
              Bytes: 82,488,390 Blocks: 161,149
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 27,008 2008-04-20 20:48:13 C:\WINDOWS\System32\drivers\Bwd20.sys
              ----a-w 25,280 2008-03-21 20:12:08 C:\WINDOWS\System32\drivers\hamachi.sys
              ----a-w 67,645 2008-04-11 15:47:40 C:\WINDOWS\System32\drivers\pshook11.sys
              ----a-w 23,600 2008-03-24 10:48:00 C:\WINDOWS\System32\drivers\TVICHW32.SYS
              ----a-w 17,408 2008-04-08 19:53:40 C:\WINDOWS\System32\drivers\USBCRFT.SYS

              Entries: 5 (5)
              Directories: 0 Files: 5
              Bytes: 160,941 Blocks: 317
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              ----a-w 1,138 2008-04-20 15:47:56 C:\avenger.txt
              ----a-w 632 2008-04-20 17:23:53 C:\firstrun5.log
              --sha-w 1,609,097,216 2008-04-20 20:47:46 C:\hiberfil.sys
              ----a-w 164 2008-04-19 16:32:06 C:\install.dat
              ----a-w 3,929 2008-04-04 20:11:36 C:\LGSInst.Log
              --sha-w 2,145,386,496 2008-04-20 20:47:44 C:\pagefile.sys
              ----a-w 1,273 2008-03-31 19:37:25 C:\rapport.txt
              ----a-w 2,541 2008-04-11 15:12:39 C:\rollback.ini
              ----a-w 767 2008-04-20 19:14:15 C:\RVAXO-results.log
              ----a-w 12,763 2008-04-20 19:16:47 C:\RVAXO-Vfind.log
              ----a-w 4,225 2008-04-20 19:17:26 C:\smitfiles.txt

              Entries: 11 (9)
              Directories: 0 Files: 11
              Bytes: 3,754,511,144 Blocks: 7,333,034
              ======C:\Documents and Settings\Nauticverhuur\Application Data======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Temp======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Documents and Settings\Nauticverhuur======
              ----a-w 108 2008-04-03 15:58:25 C:\Documents and Settings\Nauticverhuur\cs.dat
              ----a-w 149 2008-03-29 20:59:33 C:\Documents and Settings\Nauticverhuur\default.pls
              ----a-w 9,296 2008-04-03 19:49:06 C:\Documents and Settings\Nauticverhuur\mpr.dat
              ----a-w 9,296 2008-04-03 19:49:06 C:\Documents and Settings\Nauticverhuur\mpr2.dat
              ---ha-w 8,126,464 2008-04-20 20:47:02 C:\Documents and Settings\Nauticverhuur\NTUSER.DAT
              ---ha-w 65,536 2008-04-20 23:06:21 C:\Documents and Settings\Nauticverhuur\ntuser.dat.LOG
              --sh--w 188 2008-04-20 20:46:40 C:\Documents and Settings\Nauticverhuur\ntuser.ini

              Entries: 7 (4)
              Directories: 0 Files: 7
              Bytes: 8,211,037 Blocks: 16,041
              ======C:\WINDOWS\Downloaded Program Files====
              ----a-w 23,600 2008-03-24 10:48:00 C:\WINDOWS\Downloaded Program Files\tvichw32.sys

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 23,600 Blocks: 47
              =============
              nou het wil niet ik bedoel dss

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                remove C:\WINDOWS\System32\drivers\Bwd20.sys C:\RVAXO\Bwd20.sys
                sc delete Bwd20
                sc delete YWNM
                sc config x10nets start= disabled
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\cookies.ini
                C:\WINDOWS\System32\2c0AB.mht
                C:\WINDOWS\System32\aqcfwlat.dllorg
                C:\WINDOWS\System32\axxeotbq.dll
                C:\WINDOWS\System32\cbXQiHBQ.dll
                C:\WINDOWS\System32\CcJklnmp.ini
                C:\WINDOWS\System32\cpfccpwr.ini
                C:\WINDOWS\System32\d4bAC.dll
                C:\WINDOWS\System32\d4bAC.sys
                C:\WINDOWS\System32\davoaxck.ini
                C:\WINDOWS\System32\dcbbjbkh.dll
                C:\WINDOWS\System32\dthavqkh.dllorg
                C:\WINDOWS\System32\dtxoanbw.dllorg
                C:\WINDOWS\System32\eihdbcgn.ini
                C:\WINDOWS\System32\exlvycfo.dll
                C:\WINDOWS\System32\fcfcebeeb_z.ocx
                C:\WINDOWS\System32\fdbbaeebb_z.dll
                C:\WINDOWS\System32\feidlptf.dll
                C:\WINDOWS\System32\hgGWQgGy.dll
                C:\WINDOWS\System32\hgGwTmlk.dll
                C:\WINDOWS\System32\IEDFix.exe
                C:\WINDOWS\System32\jleokdab.ini
                C:\WINDOWS\System32\jtjwomyk.dll
                C:\WINDOWS\System32\jvbvyyhd.dll
                C:\WINDOWS\System32\koqyjglr.dll
                C:\WINDOWS\System32\kymowjtj.ini
                C:\WINDOWS\System32\ljjvflag.dll
                C:\WINDOWS\System32\lsprst7.tgz
                C:\WINDOWS\System32\moqqBJlm.ini
                C:\WINDOWS\System32\OWvxycfe.ini
                C:\WINDOWS\System32\pmnkLcdb.dll
                C:\WINDOWS\System32\pmnnlKeE.dll
                C:\WINDOWS\System32\puxhhumy.dll
                C:\WINDOWS\System32\qbtoexxa.ini
                C:\WINDOWS\System32\qeabtngs.dll
                C:\WINDOWS\System32\rlgjyqok.ini
                C:\WINDOWS\System32\rnnnypmq.dll
                C:\WINDOWS\System32\VACFix.exe
                C:\WINDOWS\System32\wbvsrnyd.ini
                C:\WINDOWS\System32\WLCtrl32.dll
                C:\WINDOWS\System32\WLCtrl32.dl_
                C:\WINDOWS\System32\WLCtrl32.rvaxo
                C:\WINDOWS\System32\ymuhhxup.ini
                C:\WINDOWS\System32\drivers\Bwd20.sys) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Probeer del.bat eens in veilige modus.
                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Herstart je computer en post ook een nieuw logje van Hijackthis.

                Comment


                • #9
                  in de war

                  Deckard's System Scanner v20071014.68
                  Run by Administrator on 2008-04-21 08:54:23
                  Computer is in Safe Mode.
                  --------------------------------------------------------------------------------

                  -- System Restore --------------------------------------------------------------



                  -- Last 5 Restore Point(s) --
                  11: 2008-04-20 22:46:50 UTC - RP15 - Deckard's System Scanner Restore Point
                  10: 2008-04-20 20:53:54 UTC - RP14 - Niet-ondertekend stuurprogramma installeren
                  9: 2008-04-20 20:52:18 UTC - RP13 - Niet-ondertekend stuurprogramma installeren
                  8: 2008-04-20 20:46:21 UTC - RP12 - Removed Multi-Card Reader / Flash Disk
                  7: 2008-04-20 20:29:52 UTC - RP11 - Configured Multi-Card Reader / Flash Disk


                  -- First Restore Point --
                  1: 2008-04-20 16:05:25 UTC - RP5 - Niet-ondertekend stuurprogramma installeren


                  Backed up registry hives.
                  Performed disk cleanup.



                  -- HijackThis (run as Administrator.exe) ---------------------------------------

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 8:56:25, on 21-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Safe mode

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Documents and Settings\Nauticverhuur\Bureaublad\dss.exe
                  C:\WINDOWS\system32\taskmgr.exe
                  C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - (no file)
                  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
                  O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - (no file)
                  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
                  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                  O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
                  O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
                  O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
                  O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
                  O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
                  O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
                  O4 - HKCU\..\RunOnce: [MISPInst] "G:\MCAFEE~1\en-AU\Install.exe" /Resume /Restart
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
                  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
                  O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)
                  O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
                  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                  O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                  O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
                  O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                  O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
                  O23 - Service: YWNM - Unknown owner - C:\DOCUME~1\NAUTIC~1\LOCALS~1\Temp\YWNM.exe (file missing)

                  --
                  End of file - 6875 bytes

                  -- File Associations -----------------------------------------------------------

                  All associations okay.


                  -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                  R0 Bwd20 - c:\windows\system32\drivers\bwd20.sys
                  R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
                  R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

                  S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
                  S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
                  S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
                  S2 CDRPDACC (InfinaDyne Device Access) - c:\program files\infinadyne\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
                  S3 bdfsdrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
                  S3 bdrsdrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
                  S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
                  S3 giveio - c:\windows\system32\giveio.sys
                  S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
                  S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
                  S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
                  S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
                  S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
                  S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
                  S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
                  S3 WmAdiHid (Logitech WingMan Digital Devices Driver) - c:\windows\system32\drivers\wmadihid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
                  S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


                  -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                  S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
                  S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
                  S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe (file missing)
                  S3 YWNM - c:\docume~1\nautic~1\locals~1\temp\ywnm.exe (file missing)
                  S4 BJFFVZJGOIX - c:\docume~1\nautic~1\locals~1\temp\bjffvzjgoix.exe (file missing)
                  S4 OE - c:\docume~1\nautic~1\locals~1\temp\oe.exe (file missing)
                  S4 PMDEGR - c:\docume~1\nautic~1\locals~1\temp\pmdegr.exe (file missing)
                  S4 SN - c:\docume~1\nautic~1\locals~1\temp\sn.exe (file missing)


                  -- Device Manager: Disabled ----------------------------------------------------

                  Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
                  Description: Medion Flash XL V3.0F
                  Device ID: USB\VID_0DB0&PID_6982\2003-02
                  Manufacturer: GENERIC
                  Name: Medion Flash XL V3.0F
                  PNP Device ID: USB\VID_0DB0&PID_6982\2003-02
                  Service:

                  Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
                  Description: PRISM 802.11g Wireless Adapter (3890)
                  Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_001417CF&REV_01\4&1F7DBC9F&0&00F0
                  Manufacturer: Intersil Americas Inc.
                  Name: PRISM 802.11g Wireless Adapter (3890)
                  PNP Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_001417CF&REV_01\4&1F7DBC9F&0&00F0
                  Service: PRISM_A00


                  -- Scheduled Tasks -------------------------------------------------------------

                  2008-04-13 18:32:58 368 --a------ C:\WINDOWS\Tasks\McQcTask.job
                  2008-04-13 18:32:58 366 --a------ C:\WINDOWS\Tasks\McDefragTask.job


                  -- Files created between 2008-03-21 and 2008-04-21 -----------------------------

                  2008-04-21 08:52:42 12288 --a------ C:\WINDOWS\system32\WLCtrl32.dll
                  2008-04-21 08:49:22 0 d-------- C:\RVAXO
                  2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sony
                  2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
                  2008-04-20 21:39:05 0 d-------- C:\Program Files\Avanquest update
                  2008-04-20 19:37:23 0 d-------- C:\Program Files\Trend Micro
                  2008-04-20 19:22:31 797916 --a------ C:\WINDOWS\system32\RVAXO.bat
                  2008-04-20 19:22:31 69632 --a------ C:\WINDOWS\system32\remove.exe
                  2008-04-20 18:05:32 0 dr-h----- C:\Documents and Settings\Nauticverhuur\Onlangs geopend
                  2008-04-19 20:05:09 102 --a------ C:\WINDOWS\system32\clear.reg
                  2008-04-19 19:57:16 126976 --a------ C:\WINDOWS\system32\zip.exe
                  2008-04-19 19:57:16 175616 --a------ C:\WINDOWS\system32\strings.exe
                  2008-04-19 19:57:16 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
                  2008-04-19 19:57:16 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
                  2008-04-19 19:57:16 11254 --a------ C:\WINDOWS\system32\locate.com
                  2008-04-19 19:05:13 87616 --a------ C:\WINDOWS\system32\puxhhumy.dll
                  2008-04-19 19:02:27 92736 --a------ C:\WINDOWS\system32\rnnnypmq.dll
                  2008-04-19 18:46:53 0 d-------- C:\WINDOWS\McAfee.com
                  2008-04-19 18:38:01 0 d-------- C:\Program Files\Network Associates
                  2008-04-19 18:32:00 164 --a------ C:\install.dat
                  2008-04-16 22:46:48 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\McAfee
                  2008-04-16 22:44:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
                  2008-04-16 21:50:26 87616 --a------ C:\WINDOWS\system32\axxeotbq.dll
                  2008-04-16 21:47:29 94272 --a------ C:\WINDOWS\system32\ljjvflag.dll
                  2008-04-13 19:39:00 7013654 --a------ C:\WINDOWS\system32\WIHZUIAIQZVASAK
                  2008-04-13 18:45:53 85568 --a------ C:\WINDOWS\system32\jtjwomyk.dll
                  2008-04-13 18:42:46 3648 --a------ C:\WINDOWS\system32\dcbbjbkh.dll
                  2008-04-13 18:37:19 95296 --a------ C:\WINDOWS\system32\exlvycfo.dll
                  2008-04-11 20:42:20 0 dr------- C:\Documents and Settings\LocalService\Favorieten
                  2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Bureaublad
                  2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
                  2008-04-11 20:32:22 0 d-------- C:\Program Files\SiteAdvisor
                  2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\SiteAdvisor
                  2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
                  2008-04-11 20:30:59 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
                  2008-04-11 20:26:43 0 d-------- C:\Program Files\McAfee.com
                  2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files\McAfee
                  2008-04-11 20:26:17 0 d-------- C:\Program Files\McAfee
                  2008-04-11 19:49:15 90176 --a------ C:\WINDOWS\system32\jvbvyyhd.dll
                  2008-04-11 19:47:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
                  2008-04-11 19:47:08 0 d-------- C:\Program Files\Yahoo!
                  2008-04-11 19:47:01 0 d-------- C:\Program Files\CCleaner
                  2008-04-11 19:46:25 86080 --a------ C:\WINDOWS\system32\koqyjglr.dll
                  2008-04-11 19:44:59 3648 --a------ C:\WINDOWS\system32\feidlptf.dll
                  2008-04-11 19:44:54 94784 --a------ C:\WINDOWS\system32\qeabtngs.dll
                  2008-04-11 19:25:01 23 --ahs---- C:\WINDOWS\system32\fdbbaeebb_z.dll
                  2008-04-11 19:24:56 0 d-------- C:\Program Files\jv16 PowerTools 2008
                  2008-04-11 19:17:35 36864 --a------ C:\WINDOWS\system32\hgGwTmlk.dll
                  2008-04-11 19:15:25 36864 --a------ C:\WINDOWS\system32\pmnnlKeE.dll
                  2008-04-11 17:50:37 36864 --a------ C:\WINDOWS\system32\hgGWQgGy.dll
                  2008-04-11 17:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
                  2008-04-11 17:43:19 36864 --a------ C:\WINDOWS\system32\pmnkLcdb.dll
                  2008-04-11 17:40:59 36864 --a------ C:\WINDOWS\system32\cbXQiHBQ.dll
                  2008-04-11 17:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                  2008-04-10 23:13:36 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
                  2008-04-10 22:32:50 1462272 --a------ C:\WINDOWS\system32\HGEQVQQGDE
                  2008-04-10 20:05:45 0 d-------- C:\SAV32CLI
                  2008-04-10 19:26:08 38809600 --a------ C:\WINDOWS\system32\ZFLBBOIK
                  2008-04-04 23:30:26 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Lavasoft
                  2008-04-04 23:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-04-04 22:56:22 0 d-------- C:\WINDOWS\system32\GroupPolicy
                  2008-04-04 22:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
                  2008-04-04 21:52:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
                  2008-04-04 20:40:27 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
                  2008-04-04 20:40:11 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
                  2008-04-04 20:33:57 0 d-------- C:\WINDOWS\Internet Logs
                  2008-04-03 21:57:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
                  2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr2.dat
                  2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr.dat
                  2008-04-03 21:57:47 108 --a------ C:\Documents and Settings\Administrator\cs.dat
                  2008-04-03 17:58:28 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr.dat
                  2008-04-03 17:58:27 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr2.dat
                  2008-04-03 17:58:25 108 --a------ C:\Documents and Settings\Nauticverhuur\cs.dat
                  2008-04-03 07:51:49 27008 --a------ C:\WINDOWS\system32\drivers\Bwd20.sys
                  2008-03-31 21:29:16 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                  2008-03-31 21:29:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
                  2008-03-31 21:29:16 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
                  2008-03-31 21:29:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
                  2008-03-31 21:29:16 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
                  2008-03-31 21:29:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
                  2008-03-27 23:22:23 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
                  2008-03-24 12:48:01 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
                  2008-03-22 00:18:20 20608 --a------ C:\WINDOWS\system32\drivers\WmAdiHid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
                  2008-03-21 23:27:51 0 d-------- C:\Program Files\Common Files\Logitech
                  2008-03-21 22:12:34 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Hamachi


                  -- Find3M Report ---------------------------------------------------------------

                  2009-03-24 12:11:38 0 d-------- C:\Program Files\Common Files\Teleca Shared
                  2008-04-20 21:39:22 0 d--h----- C:\Program Files\InstallShield Installation Information
                  2008-04-20 21:38:30 0 d-------- C:\Program Files\Sony Ericsson
                  2008-04-19 23:50:19 0 d-------- C:\Program Files\eMule
                  2008-04-14 21:21:00 507788 --a------ C:\WINDOWS\system32\perfh013.dat
                  2008-04-14 21:21:00 90644 --a------ C:\WINDOWS\system32\perfc013.dat
                  2008-04-14 07:33:24 0 d-------- C:\Program Files\DAEMON Tools Lite
                  2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files
                  2008-04-01 21:48:07 0 d-------- C:\Program Files\Common Files\Adobe
                  2008-03-21 22:15:56 0 d-------- C:\Program Files\Java
                  2008-03-10 19:03:30 0 d-------- C:\Program Files\ScanSoft
                  2008-03-10 19:01:19 0 d-------- C:\Program Files\Microsoft AutoRoute
                  2008-03-09 02:41:02 0 d-------- C:\Program Files\Stellar Phoenix Outlook Pst Repair
                  2008-03-07 10:46:04 0 d-------- C:\Program Files\Microsoft Silverlight
                  2008-03-07 00:28:03 0 d-------- C:\Program Files\Active Data Recovery Services
                  2008-03-04 17:47:58 0 d-------- C:\Program Files\Ubisoft
                  2008-03-03 09:59:39 0 d-------- C:\Program Files\iTunes
                  2008-03-03 09:59:28 0 d-------- C:\Program Files\iPod
                  2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
                  2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth2.dll
                  2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth1.dll
                  2008-03-02 17:14:38 0 d-------- C:\Program Files\InfinaDyne
                  2008-03-02 15:46:32 0 d-------- C:\Program Files\SWiSHmax
                  2008-03-02 14:56:14 0 d-------- C:\Program Files\CDDVDDataRecovery
                  2008-03-02 14:10:22 0 d-------- C:\Program Files\Common Files\Ahead
                  2008-03-02 14:10:21 0 d-------- C:\Program Files\Nero
                  2008-03-02 14:06:50 0 d-------- C:\Program Files\Ahead
                  2008-03-01 19:06:14 0 d-------- C:\Program Files\Bonjour
                  2008-03-01 17:35:54 0 d-------- C:\Program Files\Total Training
                  2008-03-01 13:13:58 0 d-------- C:\Program Files\QuickTime
                  2008-03-01 12:54:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
                  2008-02-29 23:41:43 0 d-------- C:\Program Files\COAA
                  2008-02-28 19:25:54 0 d-------- C:\Program Files\Common Files\AmbraSoft
                  2008-02-28 19:25:54 0 d-------- C:\Program Files\AmbraSoft
                  2008-02-27 23:20:49 5248 --a------ C:\WINDOWS\system32\giveio.sys
                  2008-02-27 18:05:21 0 d-------- C:\Program Files\Common Files\Java
                  2008-02-27 15:28:04 0 d-------- C:\Program Files\Microsoft Visual Studio 8
                  2008-02-27 15:27:52 0 d-------- C:\Program Files\Microsoft Expression
                  2008-02-27 13:51:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                  2008-02-27 13:51:36 0 d-------- C:\Program Files\MSXML 6.0
                  2008-02-27 13:49:04 0 d-------- C:\Program Files\MSBuild
                  2008-02-27 13:43:36 0 d-------- C:\Program Files\Reference Assemblies
                  2008-02-27 13:41:43 0 d-------- C:\Program Files\Windows Media Connect 2
                  2008-02-27 12:16:58 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
                  2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
                  2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
                  2008-02-27 02:13:54 0 d-------- C:\Program Files\uTorrent
                  2008-02-26 22:10:06 0 d-------- C:\Program Files\Common Files\InstallShield
                  2008-02-26 22:05:46 0 d-------- C:\Program Files\epson
                  2008-02-26 22:04:29 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
                  2008-02-26 22:02:32 0 d-------- C:\Program Files\ATI
                  2008-02-25 17:37:53 0 d-------- C:\Program Files\MSXML 4.0
                  2008-02-25 17:34:17 0 d-------- C:\Program Files\Messenger
                  2008-02-25 14:00:07 0 d-------- C:\Program Files\Common Files\Acronis
                  2008-02-25 13:59:53 0 d-------- C:\Program Files\Acronis
                  2008-02-25 12:57:53 0 d-------- C:\Program Files\Microsoft Works
                  2008-02-25 12:55:52 0 d-------- C:\Program Files\Microsoft.NET
                  2008-02-25 12:38:49 0 d-------- C:\Program Files\Movie Maker
                  2008-02-25 12:37:36 0 d-------- C:\Program Files\Windows NT
                  2008-02-25 11:37:53 0 d-------- C:\Program Files\Alwil Software
                  2008-02-25 11:20:00 0 d--h----- C:\Program Files\WindowsUpdate


                  -- Registry Dump ---------------------------------------------------------------

                  *Note* empty entries & legit default entries are not shown


                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8A704EA-7F5F-4B5D-A243-5DD74260B5BE}]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12-08-2003 21:10]
                  "Cmaudio"="cmicnfg.cpl" [12-09-2003 20:07 C:\WINDOWS\CMICNFG.CPL]
                  "ledpointer"="CNYHKey.exe" [27-06-2003 09:36 C:\WINDOWS\CNYHKey.exe]
                  "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17-01-2007 16:30]
                  "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [19-01-2007 17:11]
                  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [22-06-2007 01:12]
                  "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08-01-2007 11:22]

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]
                  "ntuser"="C:\WINDOWS\system32\drivers\spools.exe"
                  "autoload"="C:\Documents and Settings\Administrator\cftmon.exe"

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
                  "NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
                  "MISPInst"="G:\MCAFEE~1\en-AU\Install.exe" /Resume /Restart

                  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                  "ntuser"=C:\WINDOWS\system32\drivers\spools.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                  "NoActiveDesktopChanges"=0 (0x0)

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDVnOf]
                  efcDVnOf.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                  WLCtrl32.dll 21-04-2008 08:52 12288 C:\WINDOWS\system32\WLCtrl32.dll

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bwd20.sys]
                  @="Driver"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                  @=""

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                  @="Volume shadow copy"

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  bthsvcs BthServ


                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
                  AutoRun\command- I:\Start.exe




                  -- End of Deckard's System Scanner: finished at 2008-04-21 08:57:45 ------------

                  toch gelukt nadat ik mcaffee verwijdert heb

                  Comment


                  • #10
                    Dus toch

                    Voer deze instructies maar even uit: http://nucia.eu/forum/showpost.php?p=338223&postcount=8

                    Post daarna een nieuw logje van DSS

                    Comment


                    • #11
                      in de war

                      hier komt tie
                      ik vin het wel knap hoor het is volstrekt abracadabra voor mij
                      maar compy gaat steeds beter lopen hier del.bat logje

                      Deleting files
                      C:\WINDOWS\cookies.ini deleted
                      C:\WINDOWS\System32\2c0AB.mht deleted
                      C:\WINDOWS\System32\aqcfwlat.dllorg deleted
                      C:\WINDOWS\System32\axxeotbq.dll deleted
                      C:\WINDOWS\System32\cbXQiHBQ.dll deleted
                      C:\WINDOWS\System32\CcJklnmp.ini deleted
                      C:\WINDOWS\System32\cpfccpwr.ini deleted
                      C:\WINDOWS\System32\d4bAC.dll deleted
                      C:\WINDOWS\System32\d4bAC.sys deleted
                      C:\WINDOWS\System32\davoaxck.ini deleted
                      C:\WINDOWS\System32\dcbbjbkh.dll deleted
                      C:\WINDOWS\System32\dthavqkh.dllorg deleted
                      C:\WINDOWS\System32\dtxoanbw.dllorg deleted
                      C:\WINDOWS\System32\eihdbcgn.ini deleted
                      C:\WINDOWS\System32\exlvycfo.dll deleted
                      C:\WINDOWS\System32\fcfcebeeb_z.ocx deleted
                      C:\WINDOWS\System32\fdbbaeebb_z.dll deleted
                      C:\WINDOWS\System32\feidlptf.dll deleted
                      C:\WINDOWS\System32\hgGWQgGy.dll deleted
                      C:\WINDOWS\System32\hgGwTmlk.dll deleted
                      C:\WINDOWS\System32\IEDFix.exe deleted
                      C:\WINDOWS\System32\jleokdab.ini deleted
                      C:\WINDOWS\System32\jtjwomyk.dll deleted
                      C:\WINDOWS\System32\jvbvyyhd.dll deleted
                      C:\WINDOWS\System32\koqyjglr.dll deleted
                      C:\WINDOWS\System32\kymowjtj.ini deleted
                      C:\WINDOWS\System32\ljjvflag.dll deleted
                      C:\WINDOWS\System32\lsprst7.tgz deleted
                      C:\WINDOWS\System32\moqqBJlm.ini deleted
                      C:\WINDOWS\System32\OWvxycfe.ini deleted
                      C:\WINDOWS\System32\pmnkLcdb.dll deleted
                      C:\WINDOWS\System32\pmnnlKeE.dll deleted
                      C:\WINDOWS\System32\puxhhumy.dll deleted
                      C:\WINDOWS\System32\qbtoexxa.ini deleted
                      C:\WINDOWS\System32\qeabtngs.dll deleted
                      C:\WINDOWS\System32\rlgjyqok.ini deleted
                      C:\WINDOWS\System32\rnnnypmq.dll deleted
                      C:\WINDOWS\System32\VACFix.exe deleted
                      C:\WINDOWS\System32\wbvsrnyd.ini deleted
                      renamed to C:\WINDOWS\System32\WLCtrl32.dllNUCIA
                      C:\WINDOWS\System32\WLCtrl32.dll deleted
                      C:\WINDOWS\System32\WLCtrl32.dl_ not found
                      C:\WINDOWS\System32\WLCtrl32.rvaxo not found
                      C:\WINDOWS\System32\ymuhhxup.ini deleted
                      C:\WINDOWS\System32\drivers\Bwd20.sys not deleted

                      Comment


                      • #12
                        Herstart even je computer.

                        Post na de herstart een nieuw logje van Deckard's System Scanner

                        Comment


                        • #13
                          in de war

                          Deckard's System Scanner v20071014.68
                          Run by Nauticverhuur on 2008-04-21 09:49:08
                          Computer is in Normal Mode.
                          --------------------------------------------------------------------------------



                          -- HijackThis (run as Nauticverhuur.exe) ---------------------------------------

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 9:49:20, on 21-4-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\System32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                          C:\Program Files\Bonjour\mDNSResponder.exe
                          C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
                          C:\Program Files\McAfee\MBK\MBackMonitor.exe
                          C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                          C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          c:\program files\common files\mcafee\mna\mcnasvc.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                          C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                          C:\Program Files\McAfee\MPF\MPFSrv.exe
                          C:\PROGRA~1\McAfee\MPS\mps.exe
                          C:\Program Files\McAfee\MSK\MskSrver.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\McAfee\MPS\mpsevh.exe
                          C:\WINDOWS\System32\svchost.exe
                          c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                          C:\WINDOWS\CNYHKey.exe
                          C:\Program Files\McAfee\MSK\MskAgent.exe
                          C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                          C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\taskmgr.exe
                          C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                          c:\program files\mcafee\msc\mcuimgr.exe
                          C:\Documents and Settings\Nauticverhuur\Bureaublad\dss.exe
                          C:\PROGRA~1\TRENDM~1\HIJACK~1\NAUTIC~1.EXE

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                          O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - (no file)
                          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
                          O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - (no file)
                          O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                          O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
                          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
                          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                          O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                          O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
                          O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
                          O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
                          O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
                          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                          O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                          O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                          O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
                          O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)
                          O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
                          O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                          O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                          O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                          O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
                          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                          O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                          O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                          O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
                          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                          O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                          O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
                          O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

                          --
                          End of file - 9416 bytes

                          -- Files created between 2008-03-21 and 2008-04-21 -----------------------------

                          2008-04-21 08:49:22 0 d-------- C:\RVAXO
                          2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sony
                          2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
                          2008-04-20 21:39:05 0 d-------- C:\Program Files\Avanquest update
                          2008-04-20 19:37:23 0 d-------- C:\Program Files\Trend Micro
                          2008-04-20 19:22:31 797916 --a------ C:\WINDOWS\system32\RVAXO.bat
                          2008-04-20 19:22:31 69632 --a------ C:\WINDOWS\system32\remove.exe
                          2008-04-20 18:05:32 0 dr-h----- C:\Documents and Settings\Nauticverhuur\Onlangs geopend
                          2008-04-19 20:05:09 102 --a------ C:\WINDOWS\system32\clear.reg
                          2008-04-19 19:57:16 126976 --a------ C:\WINDOWS\system32\zip.exe
                          2008-04-19 19:57:16 175616 --a------ C:\WINDOWS\system32\strings.exe
                          2008-04-19 19:57:16 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
                          2008-04-19 19:57:16 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
                          2008-04-19 19:57:16 11254 --a------ C:\WINDOWS\system32\locate.com
                          2008-04-19 18:46:53 0 d-------- C:\WINDOWS\McAfee.com
                          2008-04-19 18:38:01 0 d-------- C:\Program Files\Network Associates
                          2008-04-19 18:32:00 164 --a------ C:\install.dat
                          2008-04-16 22:46:48 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\McAfee
                          2008-04-16 22:44:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
                          2008-04-13 19:39:00 7013654 --a------ C:\WINDOWS\system32\WIHZUIAIQZVASAK
                          2008-04-11 20:42:20 0 dr------- C:\Documents and Settings\LocalService\Favorieten
                          2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Bureaublad
                          2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
                          2008-04-11 20:32:22 0 d-------- C:\Program Files\SiteAdvisor
                          2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\SiteAdvisor
                          2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
                          2008-04-11 20:30:59 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
                          2008-04-11 20:26:43 0 d-------- C:\Program Files\McAfee.com
                          2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files\McAfee
                          2008-04-11 20:26:17 0 d-------- C:\Program Files\McAfee
                          2008-04-11 19:47:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
                          2008-04-11 19:47:08 0 d-------- C:\Program Files\Yahoo!
                          2008-04-11 19:47:01 0 d-------- C:\Program Files\CCleaner
                          2008-04-11 19:24:56 0 d-------- C:\Program Files\jv16 PowerTools 2008
                          2008-04-11 17:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
                          2008-04-11 17:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                          2008-04-10 23:13:36 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
                          2008-04-10 22:32:50 1462272 --a------ C:\WINDOWS\system32\HGEQVQQGDE
                          2008-04-10 20:05:45 0 d-------- C:\SAV32CLI
                          2008-04-10 19:26:08 38809600 --a------ C:\WINDOWS\system32\ZFLBBOIK
                          2008-04-04 23:30:26 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Lavasoft
                          2008-04-04 23:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2008-04-04 22:56:22 0 d-------- C:\WINDOWS\system32\GroupPolicy
                          2008-04-04 22:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
                          2008-04-04 21:52:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
                          2008-04-04 20:40:27 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
                          2008-04-04 20:40:11 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
                          2008-04-04 20:33:57 0 d-------- C:\WINDOWS\Internet Logs
                          2008-04-03 21:57:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
                          2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr2.dat
                          2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr.dat
                          2008-04-03 21:57:47 108 --a------ C:\Documents and Settings\Administrator\cs.dat
                          2008-04-03 17:58:28 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr.dat
                          2008-04-03 17:58:27 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr2.dat
                          2008-04-03 17:58:25 108 --a------ C:\Documents and Settings\Nauticverhuur\cs.dat
                          2008-04-03 07:51:49 27008 --a------ C:\WINDOWS\system32\drivers\Bwd20.sys
                          2008-03-31 21:29:16 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                          2008-03-31 21:29:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
                          2008-03-31 21:29:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
                          2008-03-31 21:29:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
                          2008-03-27 23:22:23 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
                          2008-03-24 12:48:01 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
                          2008-03-22 00:18:20 20608 --a------ C:\WINDOWS\system32\drivers\WmAdiHid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
                          2008-03-21 23:27:51 0 d-------- C:\Program Files\Common Files\Logitech
                          2008-03-21 22:12:34 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Hamachi


                          -- Find3M Report ---------------------------------------------------------------

                          2009-03-24 12:11:38 0 d-------- C:\Program Files\Common Files\Teleca Shared
                          2008-04-20 21:39:22 0 d--h----- C:\Program Files\InstallShield Installation Information
                          2008-04-20 21:38:30 0 d-------- C:\Program Files\Sony Ericsson
                          2008-04-19 23:50:19 0 d-------- C:\Program Files\eMule
                          2008-04-14 21:21:00 507788 --a------ C:\WINDOWS\system32\perfh013.dat
                          2008-04-14 21:21:00 90644 --a------ C:\WINDOWS\system32\perfc013.dat
                          2008-04-14 07:33:24 0 d-------- C:\Program Files\DAEMON Tools Lite
                          2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files
                          2008-04-11 17:53:49 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\uTorrent
                          2008-04-03 19:24:15 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Macromedia
                          2008-04-01 21:52:30 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Adobe
                          2008-04-01 21:48:07 0 d-------- C:\Program Files\Common Files\Adobe
                          2008-03-21 22:15:56 0 d-------- C:\Program Files\Java
                          2008-03-10 19:03:30 0 d-------- C:\Program Files\ScanSoft
                          2008-03-10 19:01:19 0 d-------- C:\Program Files\Microsoft AutoRoute
                          2008-03-09 02:41:02 0 d-------- C:\Program Files\Stellar Phoenix Outlook Pst Repair
                          2008-03-07 10:46:04 0 d-------- C:\Program Files\Microsoft Silverlight
                          2008-03-07 01:07:20 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Cimaware
                          2008-03-07 00:28:03 0 d-------- C:\Program Files\Active Data Recovery Services
                          2008-03-05 14:46:51 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\EPSON
                          2008-03-04 17:47:58 0 d-------- C:\Program Files\Ubisoft
                          2008-03-04 15:03:23 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Ahead
                          2008-03-03 09:59:53 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Apple Computer
                          2008-03-03 09:59:39 0 d-------- C:\Program Files\iTunes
                          2008-03-03 09:59:28 0 d-------- C:\Program Files\iPod
                          2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
                          2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth2.dll
                          2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth1.dll
                          2008-03-02 17:14:38 0 d-------- C:\Program Files\InfinaDyne
                          2008-03-02 15:46:32 0 d-------- C:\Program Files\SWiSHmax
                          2008-03-02 14:56:14 0 d-------- C:\Program Files\CDDVDDataRecovery
                          2008-03-02 14:10:22 0 d-------- C:\Program Files\Common Files\Ahead
                          2008-03-02 14:10:21 0 d-------- C:\Program Files\Nero
                          2008-03-02 14:06:50 0 d-------- C:\Program Files\Ahead
                          2008-03-01 19:06:14 0 d-------- C:\Program Files\Bonjour
                          2008-03-01 17:36:16 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\TotalTrain
                          2008-03-01 17:35:54 0 d-------- C:\Program Files\Total Training
                          2008-03-01 13:13:58 0 d-------- C:\Program Files\QuickTime
                          2008-03-01 12:54:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
                          2008-03-01 00:06:48 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\COAA
                          2008-02-29 23:41:43 0 d-------- C:\Program Files\COAA
                          2008-02-28 19:25:54 0 d-------- C:\Program Files\Common Files\AmbraSoft
                          2008-02-28 19:25:54 0 d-------- C:\Program Files\AmbraSoft
                          2008-02-27 23:20:49 5248 --a------ C:\WINDOWS\system32\giveio.sys
                          2008-02-27 18:46:17 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Nvu
                          2008-02-27 18:46:16 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Mozilla
                          2008-02-27 18:07:17 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sun
                          2008-02-27 18:05:21 0 d-------- C:\Program Files\Common Files\Java
                          2008-02-27 15:28:04 0 d-------- C:\Program Files\Microsoft Visual Studio 8
                          2008-02-27 15:27:52 0 d-------- C:\Program Files\Microsoft Expression
                          2008-02-27 14:46:12 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\DAEMON Tools
                          2008-02-27 13:51:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                          2008-02-27 13:51:36 0 d-------- C:\Program Files\MSXML 6.0
                          2008-02-27 13:49:04 0 d-------- C:\Program Files\MSBuild
                          2008-02-27 13:43:36 0 d-------- C:\Program Files\Reference Assemblies
                          2008-02-27 13:41:43 0 d-------- C:\Program Files\Windows Media Connect 2
                          2008-02-27 12:16:58 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
                          2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
                          2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
                          2008-02-27 11:59:19 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sunbelt Software
                          2008-02-27 02:13:54 0 d-------- C:\Program Files\uTorrent
                          2008-02-26 22:10:06 0 d-------- C:\Program Files\Common Files\InstallShield
                          2008-02-26 22:05:46 0 d-------- C:\Program Files\epson
                          2008-02-26 22:04:29 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
                          2008-02-26 22:02:32 0 d-------- C:\Program Files\ATI
                          2008-02-26 22:01:12 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\InstallShield
                          2008-02-25 17:37:53 0 d-------- C:\Program Files\MSXML 4.0
                          2008-02-25 17:34:17 0 d-------- C:\Program Files\Messenger
                          2008-02-25 14:35:40 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Acronis
                          2008-02-25 14:00:07 0 d-------- C:\Program Files\Common Files\Acronis
                          2008-02-25 13:59:53 0 d-------- C:\Program Files\Acronis
                          2008-02-25 12:57:53 0 d-------- C:\Program Files\Microsoft Works
                          2008-02-25 12:55:52 0 d-------- C:\Program Files\Microsoft.NET
                          2008-02-25 12:38:49 0 d-------- C:\Program Files\Movie Maker
                          2008-02-25 12:37:36 0 d-------- C:\Program Files\Windows NT
                          2008-02-25 11:37:53 0 d-------- C:\Program Files\Alwil Software
                          2008-02-25 11:20:00 0 d--h----- C:\Program Files\WindowsUpdate


                          -- Registry Dump ---------------------------------------------------------------

                          *Note* empty entries & legit default entries are not shown


                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8A704EA-7F5F-4B5D-A243-5DD74260B5BE}]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12-08-2003 21:10]
                          "Cmaudio"="cmicnfg.cpl" [12-09-2003 20:07 C:\WINDOWS\CMICNFG.CPL]
                          "ledpointer"="CNYHKey.exe" [27-06-2003 09:36 C:\WINDOWS\CNYHKey.exe]
                          "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17-01-2007 16:30]
                          "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [19-01-2007 17:11]
                          "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [22-06-2007 01:12]
                          "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08-01-2007 11:22]

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [03-09-2005 16:18]
                          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]

                          [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                          "ntuser"=C:\WINDOWS\system32\drivers\spools.exe

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                          "NoColorChoice"=0 (0x0)
                          "NoSizeChoice"=0 (0x0)
                          "NoDispScrSavPage"=0 (0x0)
                          "NoDispCPL"=0 (0x0)
                          "NoVisualStyleChoice"=0 (0x0)
                          "NoDispSettingsPage"=0 (0x0)

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                          "NoActiveDesktopChanges"=0 (0x0)

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDVnOf]
                          efcDVnOf.dll

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                          WLCtrl32.dll

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bwd20.sys]
                          @="Driver"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                          @=""

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                          @="Service"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                          @="Volume shadow copy"

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                          bthsvcs BthServ




                          -- End of Deckard's System Scanner: finished at 2008-04-21 09:50:10 ------------

                          hier de rest

                          Comment


                          • #14
                            in de war

                            sorry ik zit niet op te letten
                            hier een dss log na op nieuw opstarten

                            Deckard's System Scanner v20071014.68
                            Run by Nauticverhuur on 2008-04-21 10:02:28
                            Computer is in Normal Mode.
                            --------------------------------------------------------------------------------



                            -- HijackThis (run as Nauticverhuur.exe) ---------------------------------------

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 10:02:35, on 21-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\System32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
                            C:\Program Files\McAfee\MBK\MBackMonitor.exe
                            C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                            C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            c:\program files\common files\mcafee\mna\mcnasvc.exe
                            C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                            C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                            c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                            C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                            C:\Program Files\McAfee\MPF\MPFSrv.exe
                            C:\PROGRA~1\McAfee\MPS\mps.exe
                            C:\WINDOWS\Explorer.EXE
                            c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
                            C:\Program Files\McAfee\MSK\MskSrver.exe
                            c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\McAfee\MPS\mpsevh.exe
                            C:\WINDOWS\CNYHKey.exe
                            C:\Program Files\McAfee\MSK\MskAgent.exe
                            C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                            C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            c:\program files\mcafee\msc\mcuimgr.exe
                            C:\Documents and Settings\Nauticverhuur\Bureaublad\dss.exe
                            C:\PROGRA~1\TRENDM~1\HIJACK~1\NAUTIC~1.EXE

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - (no file)
                            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
                            O2 - BHO: (no name) - {E8A704EA-7F5F-4B5D-A243-5DD74260B5BE} - (no file)
                            O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                            O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                            O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
                            O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI" Technologies\ATI Control Panel\atiptaxx.exe
                            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                            O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                            O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
                            O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
                            O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
                            O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
                            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                            O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                            O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                            O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                            O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                            O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                            O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                            O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                            O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab
                            O20 - Winlogon Notify: efcDVnOf - efcDVnOf.dll (file missing)
                            O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
                            O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                            O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
                            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                            O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                            O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
                            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                            O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                            O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                            O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
                            O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                            O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                            O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                            O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                            O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                            O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                            O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
                            O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

                            --
                            End of file - 9249 bytes

                            -- Files created between 2008-03-21 and 2008-04-21 -----------------------------

                            2008-04-21 08:49:22 0 d-------- C:\RVAXO
                            2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sony
                            2008-04-20 22:26:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
                            2008-04-20 21:39:05 0 d-------- C:\Program Files\Avanquest update
                            2008-04-20 19:37:23 0 d-------- C:\Program Files\Trend Micro
                            2008-04-20 19:22:31 797916 --a------ C:\WINDOWS\system32\RVAXO.bat
                            2008-04-20 19:22:31 69632 --a------ C:\WINDOWS\system32\remove.exe
                            2008-04-20 18:05:32 0 dr-h----- C:\Documents and Settings\Nauticverhuur\Onlangs geopend
                            2008-04-19 20:05:09 102 --a------ C:\WINDOWS\system32\clear.reg
                            2008-04-19 19:57:16 126976 --a------ C:\WINDOWS\system32\zip.exe
                            2008-04-19 19:57:16 175616 --a------ C:\WINDOWS\system32\strings.exe
                            2008-04-19 19:57:16 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
                            2008-04-19 19:57:16 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
                            2008-04-19 19:57:16 11254 --a------ C:\WINDOWS\system32\locate.com
                            2008-04-19 18:46:53 0 d-------- C:\WINDOWS\McAfee.com
                            2008-04-19 18:38:01 0 d-------- C:\Program Files\Network Associates
                            2008-04-19 18:32:00 164 --a------ C:\install.dat
                            2008-04-16 22:46:48 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\McAfee
                            2008-04-16 22:44:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
                            2008-04-13 19:39:00 7013654 --a------ C:\WINDOWS\system32\WIHZUIAIQZVASAK
                            2008-04-11 20:42:20 0 dr------- C:\Documents and Settings\LocalService\Favorieten
                            2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Bureaublad
                            2008-04-11 20:32:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
                            2008-04-11 20:32:22 0 d-------- C:\Program Files\SiteAdvisor
                            2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\SiteAdvisor
                            2008-04-11 20:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
                            2008-04-11 20:30:59 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
                            2008-04-11 20:26:43 0 d-------- C:\Program Files\McAfee.com
                            2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files\McAfee
                            2008-04-11 20:26:17 0 d-------- C:\Program Files\McAfee
                            2008-04-11 19:47:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
                            2008-04-11 19:47:08 0 d-------- C:\Program Files\Yahoo!
                            2008-04-11 19:47:01 0 d-------- C:\Program Files\CCleaner
                            2008-04-11 19:24:56 0 d-------- C:\Program Files\jv16 PowerTools 2008
                            2008-04-11 17:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
                            2008-04-11 17:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                            2008-04-10 23:13:36 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
                            2008-04-10 22:32:50 1462272 --a------ C:\WINDOWS\system32\HGEQVQQGDE
                            2008-04-10 20:05:45 0 d-------- C:\SAV32CLI
                            2008-04-10 19:26:08 38809600 --a------ C:\WINDOWS\system32\ZFLBBOIK
                            2008-04-04 23:30:26 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Lavasoft
                            2008-04-04 23:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                            2008-04-04 22:56:22 0 d-------- C:\WINDOWS\system32\GroupPolicy
                            2008-04-04 22:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
                            2008-04-04 21:52:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
                            2008-04-04 20:40:27 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
                            2008-04-04 20:40:11 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
                            2008-04-04 20:33:57 0 d-------- C:\WINDOWS\Internet Logs
                            2008-04-03 21:57:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
                            2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr2.dat
                            2008-04-03 21:57:48 9296 --a------ C:\Documents and Settings\Administrator\mpr.dat
                            2008-04-03 21:57:47 108 --a------ C:\Documents and Settings\Administrator\cs.dat
                            2008-04-03 17:58:28 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr.dat
                            2008-04-03 17:58:27 9296 --a------ C:\Documents and Settings\Nauticverhuur\mpr2.dat
                            2008-04-03 17:58:25 108 --a------ C:\Documents and Settings\Nauticverhuur\cs.dat
                            2008-04-03 07:51:49 27008 --a------ C:\WINDOWS\system32\drivers\Bwd20.sys
                            2008-03-31 21:29:16 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                            2008-03-31 21:29:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
                            2008-03-31 21:29:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
                            2008-03-31 21:29:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
                            2008-03-27 23:22:23 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
                            2008-03-24 12:48:01 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
                            2008-03-22 00:18:20 20608 --a------ C:\WINDOWS\system32\drivers\WmAdiHid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
                            2008-03-21 23:27:51 0 d-------- C:\Program Files\Common Files\Logitech
                            2008-03-21 22:12:34 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Hamachi


                            -- Find3M Report ---------------------------------------------------------------

                            2009-03-24 12:11:38 0 d-------- C:\Program Files\Common Files\Teleca Shared
                            2008-04-20 21:39:22 0 d--h----- C:\Program Files\InstallShield Installation Information
                            2008-04-20 21:38:30 0 d-------- C:\Program Files\Sony Ericsson
                            2008-04-19 23:50:19 0 d-------- C:\Program Files\eMule
                            2008-04-14 21:21:00 507788 --a------ C:\WINDOWS\system32\perfh013.dat
                            2008-04-14 21:21:00 90644 --a------ C:\WINDOWS\system32\perfc013.dat
                            2008-04-14 07:33:24 0 d-------- C:\Program Files\DAEMON Tools Lite
                            2008-04-11 20:26:28 0 d-------- C:\Program Files\Common Files
                            2008-04-11 17:53:49 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\uTorrent
                            2008-04-03 19:24:15 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Macromedia
                            2008-04-01 21:52:30 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Adobe
                            2008-04-01 21:48:07 0 d-------- C:\Program Files\Common Files\Adobe
                            2008-03-21 22:15:56 0 d-------- C:\Program Files\Java
                            2008-03-10 19:03:30 0 d-------- C:\Program Files\ScanSoft
                            2008-03-10 19:01:19 0 d-------- C:\Program Files\Microsoft AutoRoute
                            2008-03-09 02:41:02 0 d-------- C:\Program Files\Stellar Phoenix Outlook Pst Repair
                            2008-03-07 10:46:04 0 d-------- C:\Program Files\Microsoft Silverlight
                            2008-03-07 01:07:20 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Cimaware
                            2008-03-07 00:28:03 0 d-------- C:\Program Files\Active Data Recovery Services
                            2008-03-05 14:46:51 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\EPSON
                            2008-03-04 17:47:58 0 d-------- C:\Program Files\Ubisoft
                            2008-03-04 15:03:23 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Ahead
                            2008-03-03 09:59:53 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Apple Computer
                            2008-03-03 09:59:39 0 d-------- C:\Program Files\iTunes
                            2008-03-03 09:59:28 0 d-------- C:\Program Files\iPod
                            2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
                            2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth2.dll
                            2008-03-02 17:15:50 1025 --a------ C:\WINDOWS\system32\clauth1.dll
                            2008-03-02 17:14:38 0 d-------- C:\Program Files\InfinaDyne
                            2008-03-02 15:46:32 0 d-------- C:\Program Files\SWiSHmax
                            2008-03-02 14:56:14 0 d-------- C:\Program Files\CDDVDDataRecovery
                            2008-03-02 14:10:22 0 d-------- C:\Program Files\Common Files\Ahead
                            2008-03-02 14:10:21 0 d-------- C:\Program Files\Nero
                            2008-03-02 14:06:50 0 d-------- C:\Program Files\Ahead
                            2008-03-01 19:06:14 0 d-------- C:\Program Files\Bonjour
                            2008-03-01 17:36:16 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\TotalTrain
                            2008-03-01 17:35:54 0 d-------- C:\Program Files\Total Training
                            2008-03-01 13:13:58 0 d-------- C:\Program Files\QuickTime
                            2008-03-01 12:54:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
                            2008-03-01 00:06:48 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\COAA
                            2008-02-29 23:41:43 0 d-------- C:\Program Files\COAA
                            2008-02-28 19:25:54 0 d-------- C:\Program Files\Common Files\AmbraSoft
                            2008-02-28 19:25:54 0 d-------- C:\Program Files\AmbraSoft
                            2008-02-27 23:20:49 5248 --a------ C:\WINDOWS\system32\giveio.sys
                            2008-02-27 18:46:17 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Nvu
                            2008-02-27 18:46:16 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Mozilla
                            2008-02-27 18:07:17 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sun
                            2008-02-27 18:05:21 0 d-------- C:\Program Files\Common Files\Java
                            2008-02-27 15:28:04 0 d-------- C:\Program Files\Microsoft Visual Studio 8
                            2008-02-27 15:27:52 0 d-------- C:\Program Files\Microsoft Expression
                            2008-02-27 14:46:12 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\DAEMON Tools
                            2008-02-27 13:51:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                            2008-02-27 13:51:36 0 d-------- C:\Program Files\MSXML 6.0
                            2008-02-27 13:49:04 0 d-------- C:\Program Files\MSBuild
                            2008-02-27 13:43:36 0 d-------- C:\Program Files\Reference Assemblies
                            2008-02-27 13:41:43 0 d-------- C:\Program Files\Windows Media Connect 2
                            2008-02-27 12:16:58 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
                            2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
                            2008-02-27 12:05:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
                            2008-02-27 11:59:19 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Sunbelt Software
                            2008-02-27 02:13:54 0 d-------- C:\Program Files\uTorrent
                            2008-02-26 22:10:06 0 d-------- C:\Program Files\Common Files\InstallShield
                            2008-02-26 22:05:46 0 d-------- C:\Program Files\epson
                            2008-02-26 22:04:29 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
                            2008-02-26 22:02:32 0 d-------- C:\Program Files\ATI
                            2008-02-26 22:01:12 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\InstallShield
                            2008-02-25 17:37:53 0 d-------- C:\Program Files\MSXML 4.0
                            2008-02-25 17:34:17 0 d-------- C:\Program Files\Messenger
                            2008-02-25 14:35:40 0 d-------- C:\Documents and Settings\Nauticverhuur\Application Data\Acronis
                            2008-02-25 14:00:07 0 d-------- C:\Program Files\Common Files\Acronis
                            2008-02-25 13:59:53 0 d-------- C:\Program Files\Acronis
                            2008-02-25 12:57:53 0 d-------- C:\Program Files\Microsoft Works
                            2008-02-25 12:55:52 0 d-------- C:\Program Files\Microsoft.NET
                            2008-02-25 12:38:49 0 d-------- C:\Program Files\Movie Maker
                            2008-02-25 12:37:36 0 d-------- C:\Program Files\Windows NT
                            2008-02-25 11:37:53 0 d-------- C:\Program Files\Alwil Software
                            2008-02-25 11:20:00 0 d--h----- C:\Program Files\WindowsUpdate


                            -- Registry Dump ---------------------------------------------------------------

                            *Note* empty entries & legit default entries are not shown


                            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

                            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8A704EA-7F5F-4B5D-A243-5DD74260B5BE}]

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12-08-2003 21:10]
                            "Cmaudio"="cmicnfg.cpl" [12-09-2003 20:07 C:\WINDOWS\CMICNFG.CPL]
                            "ledpointer"="CNYHKey.exe" [27-06-2003 09:36 C:\WINDOWS\CNYHKey.exe]
                            "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17-01-2007 16:30]
                            "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [19-01-2007 17:11]
                            "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [22-06-2007 01:12]
                            "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08-01-2007 11:22]

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [03-09-2005 16:18]
                            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]

                            [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                            "ntuser"=C:\WINDOWS\system32\drivers\spools.exe

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                            "NoColorChoice"=0 (0x0)
                            "NoSizeChoice"=0 (0x0)
                            "NoDispScrSavPage"=0 (0x0)
                            "NoDispCPL"=0 (0x0)
                            "NoVisualStyleChoice"=0 (0x0)
                            "NoDispSettingsPage"=0 (0x0)

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                            "NoActiveDesktopChanges"=0 (0x0)

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDVnOf]
                            efcDVnOf.dll

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                            WLCtrl32.dll

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bwd20.sys]
                            @="Driver"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                            @=""

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                            @="Volume shadow copy"

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                            bthsvcs BthServ




                            -- End of Deckard's System Scanner: finished at 2008-04-21 10:03:21 ------------

                            Comment


                            • #15
                              Probeer dit eens:
                              1) Open een kladblokbestand.
                              2) Kopieer onderstaande code in dit kladblokbestand.
                              3) Ga naar Bestand - Opslaan als.
                              -Bij "Opslaan in" kies je: Bureaublad
                              -Bij "Bestandsnaam" zet je: fix.reg
                              -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                              -Klik op de knop Opslaan.
                              Code:
                              REGEDIT4
                              
                              [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
                              [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8A704EA-7F5F-4B5D-A243-5DD74260B5BE}]
                              [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
                              [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8A704EA-7F5F-4B5D-A243-5DD74260B5BE}]
                              [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                              "ntuser"=-
                              
                              [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDVnOf]
                              [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                              [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bwd20.sys]
                              4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

                              Herstart de computer en post een nieuw logje van Deckard's System Scanner.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X