Mededeling

Collapse
No announcement yet.

random websites starten 'zomaar', hoax waarschuwen van 'beschermingstool' en aanverwanten

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • random websites starten 'zomaar', hoax waarschuwen van 'beschermingstool' en aanverwanten

    Hallo, sinds gisteravond doet zich het vreemde verschijnsel voor dat uit het niets zomaar porno websites casino websites en andere rare advertentiewebsites worden geopend.

    Blijkbaar is er een soort van virus op mijn systeem geinstalleerd oid.

    Ongewenste Websites worden geopend zodra ik IE explorer opstart, Als ik IE sluit blijven ze daarna af en toe toch geopend worden, ondanks dat alle IE windows gesloten zijn.

    Het begon allemaal met het op poppen van een 'waarschuwing' windowtje dat er spyware op mijn computer aanwzg is, en ik 'direct' 'beschermingstool' zou moeten installeren.. Ik heb dit uiteraard NIET gedaan!.. ook al vroeg dit ding er herhaaldelijk om.. Deze hoax komt ook regelmatig terug, soms ook in het engels.

    Om hier vanaf te komen een volledige virusscan gedaan met Mcafee, deze kon niets vinden. Daarna Hitman Pro gedraait, maar heeft ook niet geholpen(hier zit ad aware en spybot search and destroy in).

    Via Google op dit geweldige forum terecht gekomen, ik hoop dat jullie er uit komen en mij kunnen helpen.

    I heb overigens Windows Vista Ultimate, met SP1 geinstalleerd (Hijackthis herkent dit blijkbaar nog niet)

    Hieronder de HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:02:14, on 8-5-2008
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\IR Server Suite\Input Service\Input Service.exe
    C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
    C:\Windows\system32\PRISMSVR.EXE
    C:\Windows\System32\svchost.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
    C:\Windows\System32\rundll32.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\FireDTV\Tools\RemoteControl.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Windows\system32\rundll32.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\explorer.exe
    E:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBqopQ.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
    O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\pMDtqqOf.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\tuvVMcba.dll,c
    O4 - HKCU\..\Run: [BM8deb4b84] Rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\mjmbjyls.dll",s
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: PRISMAPI.DLL - C:\Windows\SYSTEM32\PRISMAPI.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
    O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

    ....


    Alvast bedankt!

    Lots

  • #2
    Oorspronkelijk geplaatst door lots Bekijk Berichten
    Ik heb overigens Windows Vista Ultimate, met SP1 geinstalleerd (Hijackthis herkent dit blijkbaar nog niet)
    Of je hebt een verouderde versie van Hijackthis


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Wow! dat is snel :-)

      Nou daar komt i dan

      RVAXO results:

      ---RVAXO.exe Updated: 2008-05-08---first run---
      Uninstallers:

      Files found:

      Folders Found:


      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      En Deckards Systen Scan Main.txt:

      Deckard's System Scanner v20071014.68
      Run by Marco Nierop on 2008-05-08 20:42:48
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------



      -- HijackThis (run as Marco Nierop.exe) ----------------------------------------

      Unable to find log (file not found); running clone.
      -- HijackThis Clone ------------------------------------------------------------


      Emulating logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 2008-05-08 20:43:53
      Platform: Windows Vista Service Pack 1 (6.00.6001)
      MSIE: Internet Explorer (7.00.6000.16386)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\System32\csrss.exe
      C:\Windows\System32\wininit.exe
      C:\Windows\System32\csrss.exe
      C:\Windows\System32\services.exe
      C:\Windows\System32\winlogon.exe
      C:\Windows\System32\lsass.exe
      C:\Windows\System32\lsm.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\SLsvc.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\IR Server Suite\Input Service\Input Service.exe
      C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
      C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
      C:\Program Files\McAfee\VirusScan\Mcshield.exe
      C:\Program Files\McAfee\MPF\MpfSrv.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      C:\Windows\System32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\CyberLink\Shared files\RichVideo.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\Windows\System32\dwm.exe
      C:\Windows\explorer.exe
      C:\Windows\System32\PRISMSVR.exe
      C:\Program Files\SiteAdvisor\6253\SAService.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
      C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\FireDTV\Tools\RemoteControl.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\wbem\unsecapp.exe
      C:\Windows\System32\wbem\WmiPrvSE.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\McAfee\MSC\mcmscsvc.exe
      C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\McAfee\VirusScan\mcsysmon.exe
      C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\System32\rundll32.exe
      C:\Users\Marco Nierop\Desktop\dss.exe
      E:\Downloads\Marco Nierop.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBqopQ.dll,#1
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
      O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
      O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
      O4 - HKCU\..\Run: [BM8deb4b84] Rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\oemoihuv.dll",s
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\ljJDTMGv.dll,#1
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
      O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
      O4 - Global Startup: Wireless
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
      O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
      O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
      O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe


      --
      End of file - 11069 bytes

      -- Files created between 2008-04-08 and 2008-05-08 -----------------------------

      2008-05-08 20:29:33 0 d-------- C:\RVAXO
      2008-05-08 20:12:29 821063 --a------ C:\Windows\system32\RVAXO.bat
      2008-05-08 20:12:29 69632 --a------ C:\Windows\system32\remove.exe
      2008-05-08 20:05:03 0 d-------- C:\Windows\pss
      2008-05-08 01:09:53 0 d-a------ C:\Users\All Users\TEMP
      2008-05-08 01:09:44 0 d-------- C:\Program Files\Spyware Doctor
      2008-05-08 01:08:16 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-05-08 01:07:29 0 d-------- C:\Program Files\Lavasoft
      2008-05-08 01:02:23 0 d-------- C:\Users\All Users\Prevx
      2008-05-08 01:02:03 0 d-------- C:\Temp
      2008-05-08 00:56:04 0 d-------- C:\Program Files\Hitman Pro
      2008-05-06 09:47:01 44032 --a------ C:\Windows\system32\mlJBqopQ.dll
      2008-04-27 19:39:31 0 d-------- C:\Users\All Users\IR Server Suite
      2008-04-27 19:39:31 0 d-------- C:\Program Files\IR Server Suite
      2008-04-26 21:22:17 57409 --a------ C:\Windows\system32\webdavnp.dll
      2008-04-26 21:22:17 73809 --a------ C:\Windows\system32\wdfsResNl.dll
      2008-04-26 21:22:17 73809 --a------ C:\Windows\system32\wdfsResEn.dll
      2008-04-26 21:22:17 81536 --a------ C:\Windows\system32\drivers\webdavfs.sys
      2008-04-26 21:22:17 139331 --a------ C:\Windows\system32\DOWCommon.dll <Not Verified; ; DOWCommon Dynamic Link Library>
      2008-04-26 21:22:17 184320 --a------ C:\Windows\system32\bigint.dll
      2008-04-26 21:22:17 0 d-------- C:\Program Files\XS4ALL-webdisk
      2008-04-26 14:44:39 0 d-------- C:\Program Files\MCE Replacement Driver
      2008-04-26 14:44:37 0 d-------- C:\Users\All Users\MediaPortal MCE Replacement Plugin
      2008-04-26 14:22:07 18944 --a------ C:\Windows\system32\drivers\mceir.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
      2008-04-24 23:11:52 0 d-------- C:\Program Files\Team MediaPortal
      2008-04-24 22:54:07 0 d-------- C:\Program Files\FireDTV
      2008-04-24 22:44:26 0 d-------- C:\Program Files\Realtek
      2008-04-24 22:44:18 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
      2008-04-21 22:55:40 0 d-------- C:\Program Files\DirectVobSub
      2008-04-20 17:11:31 0 d-------- C:\PerfLogs
      2008-04-20 16:42:48 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
      2008-04-20 16:42:47 0 d-------- C:\Program Files\ISP Monitor
      2008-04-20 16:18:14 0 d-------- C:\Program Files\Microsoft Silverlight
      2008-04-19 22:41:35 0 d-------- C:\Program Files\Microsoft Works
      2008-04-19 22:37:13 0 dr-h----- C:\MSOCache


      -- Find3M Report ---------------------------------------------------------------

      2008-05-08 20:41:46 723150 --a------ C:\Windows\system32\perfh013.dat
      2008-05-08 20:41:46 151036 --a------ C:\Windows\system32\perfc013.dat
      2008-05-08 01:12:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Lavasoft
      2008-05-08 01:09:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\PC Tools
      2008-05-06 09:58:57 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\SiteAdvisor
      2008-05-06 09:43:53 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\uTorrent
      2008-04-24 22:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-04-24 21:43:20 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Newsbin
      2008-04-21 23:07:02 0 d-------- C:\Program Files\CyberLink
      2008-04-21 22:53:44 0 d-------- C:\Program Files\ffdshow
      2008-04-20 17:19:52 174 --ahs---- C:\Program Files\desktop.ini
      2008-04-20 17:13:56 0 d-------- C:\Program Files\Windows Sidebar
      2008-04-20 17:13:56 0 d-------- C:\Program Files\Windows Calendar
      2008-04-20 17:13:56 0 d-------- C:\Program Files\Movie Maker
      2008-04-20 17:13:55 0 d-------- C:\Program Files\Windows Mail
      2008-04-20 17:13:54 0 d-------- C:\Program Files\Windows Collaboration
      2008-04-20 17:13:53 0 d-------- C:\Program Files\Windows Photo Gallery
      2008-04-20 17:13:53 0 d-------- C:\Program Files\Windows Journal
      2008-04-20 17:13:47 0 d-------- C:\Program Files\Windows Defender
      2008-04-20 16:45:53 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\ISP Monitor
      2008-04-19 22:41:23 0 d-------- C:\Program Files\Common Files
      2008-04-19 22:41:10 0 d-------- C:\Program Files\Microsoft.NET
      2008-03-30 00:51:09 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\WinRAR
      2008-03-29 22:50:08 0 d-------- C:\Program Files\QuickPar
      2008-03-29 22:46:21 0 d-------- C:\Program Files\SiteAdvisor
      2008-03-29 15:37:23 0 d-------- C:\Program Files\uTorrent
      2008-03-29 15:33:23 0 d-------- C:\Program Files\FTDv3.8
      2008-03-29 14:29:35 0 d-------- C:\Program Files\Wireless
      2008-03-24 23:07:24 0 d-------- C:\Program Files\Haali
      2008-03-24 22:45:33 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
      2008-03-24 22:45:30 0 d-------- C:\Program Files\Common Files\InstallShield
      2008-03-24 22:18:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Macromedia
      2008-03-24 22:18:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Adobe
      2008-03-24 21:32:56 0 d-------- C:\Program Files\Microsoft SQL Server
      2008-03-24 21:06:25 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\CyberLink
      2008-03-24 20:51:59 0 d-------- C:\Program Files\Common Files\Adobe
      2008-03-24 20:51:56 0 d-------- C:\Program Files\Common Files\Macrovision Shared
      2008-03-24 20:42:59 0 d-------- C:\Program Files\AC3Filter
      2008-03-24 20:29:30 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\ATI
      2008-03-24 20:29:23 0 d-------- C:\Program Files\McAfee
      2008-03-24 20:26:30 0 d-------- C:\Program Files\ATI Technologies
      2008-03-24 20:25:32 0 --a------ C:\Windows\ativpsrm.bin
      2008-03-24 20:24:27 0 d-------- C:\Program Files\ATI
      2008-03-24 19:19:46 0 d-------- C:\Program Files\Common Files\McAfee
      2008-03-24 19:19:34 0 d-------- C:\Program Files\McAfee.com
      2008-03-24 19:08:23 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Identities
      2008-03-24 19:05:11 0 d-------- C:\Program Files\Windows NT
      2008-02-13 15:59:22 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-01-2008 09:38]
      "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03-08-2007 23:33]
      "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24-08-2007 23:57]
      "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [22-07-2007 21:29]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21-01-2008 13:17]
      "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23-10-2006 00:24]
      "@"=""
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07-02-2007 16:24]
      "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [07-02-2007 16:21]
      "RtHDVCpl"="RtHDVCpl.exe" [17-04-2008 11:50 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [20-11-2007 18:15 C:\Windows\SkyTel.exe]
      "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe"
      "MSServer"="C:\Windows\system32\mlJBqopQ.dll" [06-05-2008 09:47]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19-01-2008 09:33]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19-01-2008 09:33]
      "MediaPortal Shell"="C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [22-09-2006 09:57]
      "X4ALLNL"="C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" [28-02-2007 16:16]
      "Tray Launcher"=""
      "MediaPortal"="C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe" [02-05-2008 18:55]
      "BM8deb4b84"="C:\Users\MARCON~1\AppData\Local\Temp\oemoihuv.dll,s"
      "MSServer"="C:\Users\MARCON~1\AppData\Local\Temp\ljJDTMGv.dll,#1"
      "cmds"="C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c"

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "Spyware Doctor"=

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Acrobat Snelle start.lnk - C:\Windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [24-3-2008 20:51:34]
      Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23-10-2006 1:01:50]
      Remote Control.lnk - C:\Program Files\FireDTV\Tools\RemoteControl.exe [24-4-2008 22:54:08]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"=2 (0x2)
      "EnableUIADesktopToggle"=0 (0x0)

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{1C218BC1-B339-40DF-8346-792D2DBAFFB5}"= C:\Windows\system32\mlJBqopQ.dll [06-05-2008 09:47 44032]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
      PRISMAPI.DLL 16-11-2005 16:57 450646 C:\Windows\System32\PRISMAPI.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
      @="IEEE 1394 Bus host controllers"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
      @="SBP2 IEEE 1394 Devices"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
      @="SecurityDevices"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
      WindowsMobile wcescomm rapimgr
      LocalServiceRestricted WcesComm RapiMgr


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\## xs4all#mnierop]
      AutoRun\command- X:\Setup.exe


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      C:\Windows\system32\unregmp2.exe /ShowWMP

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



      -- End of Deckard's System Scanner: finished at 2008-05-08 20:45:37 ------------


      Het zegt mij allemaal niet zo veel, ik hoop dat jullie er uitkomen... Overigens HijackThis had ik gewoon gedownload vanuit julle Gerbuiksaanwijzing :-), eerste linkje

      Nogmaals mijn hartelijke dank

      Lots

      Comment


      • #4
        Probeer dit eens:
        1) Open een kladblokbestand.
        2) Kopieer onderstaande code in dit kladblokbestand.
        3) Ga naar Bestand - Opslaan als.
        -Bij "Opslaan in" kies je: Bureaublad
        -Bij "Bestandsnaam" zet je: fix.reg
        -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        -Klik op de knop Opslaan.
        Code:
        REGEDIT4
        
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "BM8deb4b84"=-
        "MSServer"=-
        "cmds"=-
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
        "{1C218BC1-B339-40DF-8346-792D2DBAFFB5}"=-
        4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

        Post daarna een nieuw logje van Deckard's System Scanner.

        Groeten smeenk

        Comment


        • #5
          Ok!

          DSS Main.txt log hieronder :

          Deckard's System Scanner v20071014.68
          Run by Marco Nierop on 2008-05-09 00:01:18
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------



          -- HijackThis (run as Marco Nierop.exe) ----------------------------------------

          Unable to find log (file not found); running clone.
          -- HijackThis Clone ------------------------------------------------------------


          Emulating logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 2008-05-09 00:02:23
          Platform: Windows Vista Service Pack 1 (6.00.6001)
          MSIE: Internet Explorer (7.00.6000.16386)
          Boot mode: Normal

          Running processes:
          C:\Windows\System32\smss.exe
          C:\Windows\System32\csrss.exe
          C:\Windows\System32\wininit.exe
          C:\Windows\System32\csrss.exe
          C:\Windows\System32\services.exe
          C:\Windows\System32\winlogon.exe
          C:\Windows\System32\lsass.exe
          C:\Windows\System32\lsm.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\Ati2evxx.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\SLsvc.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\System32\svchost.exe
          C:\Program Files\IR Server Suite\Input Service\Input Service.exe
          C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
          C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
          C:\Program Files\McAfee\VirusScan\Mcshield.exe
          C:\Program Files\McAfee\MPF\MpfSrv.exe
          C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
          C:\Windows\System32\Ati2evxx.exe
          C:\Windows\System32\dwm.exe
          C:\Windows\explorer.exe
          C:\Windows\System32\PRISMSVR.exe
          C:\Windows\System32\svchost.exe
          C:\Program Files\CyberLink\Shared files\RichVideo.exe
          C:\Program Files\Spyware Doctor\sdhelp.exe
          C:\Program Files\SiteAdvisor\6253\SAService.exe
          C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
          C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
          C:\Windows\System32\svchost.exe
          C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe
          C:\Windows\System32\svchost.exe
          C:\Program Files\McAfee.com\Agent\mcagent.exe
          C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
          C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Windows\RtHDVCpl.exe
          C:\Windows\WindowsMobile\wmdSync.exe
          C:\Program Files\McAfee\MSC\mcmscsvc.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
          C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\System32\wbem\unsecapp.exe
          C:\Program Files\FireDTV\Tools\RemoteControl.exe
          C:\Windows\System32\svchost.exe
          C:\Windows\System32\wbem\WmiPrvSE.exe
          C:\Program Files\Windows Media Player\wmpnscfg.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
          C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          C:\Program Files\McAfee\VirusScan\mcsysmon.exe
          C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
          C:\Program Files\Internet Explorer\ieuser.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Users\Marco Nierop\Desktop\dss.exe
          E:\Downloads\Marco Nierop.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
          O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
          O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
          O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
          O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
          O4 - HKLM\..\Run: [Skytel] Skytel.exe
          O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
          O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBqopQ.dll,#1
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
          O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
          O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
          O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
          O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\byXOgdde.dll,#1
          O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c
          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
          O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
          O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
          O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
          O4 - Global Startup: Wireless
          O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
          O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
          O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
          O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
          O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
          O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
          O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
          O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe


          --
          End of file - 11023 bytes

          -- Files created between 2008-04-09 and 2008-05-09 -----------------------------

          2008-05-08 20:29:33 0 d-------- C:\RVAXO
          2008-05-08 20:12:29 821063 --a------ C:\Windows\system32\RVAXO.bat
          2008-05-08 20:12:29 69632 --a------ C:\Windows\system32\remove.exe
          2008-05-08 20:05:03 0 d-------- C:\Windows\pss
          2008-05-08 01:09:53 0 d-a------ C:\Users\All Users\TEMP
          2008-05-08 01:09:44 0 d-------- C:\Program Files\Spyware Doctor
          2008-05-08 01:08:16 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
          2008-05-08 01:07:29 0 d-------- C:\Program Files\Lavasoft
          2008-05-08 01:02:23 0 d-------- C:\Users\All Users\Prevx
          2008-05-08 01:02:03 0 d-------- C:\Temp
          2008-05-08 00:56:04 0 d-------- C:\Program Files\Hitman Pro
          2008-05-06 09:47:01 44032 --a------ C:\Windows\system32\mlJBqopQ.dll
          2008-04-27 19:39:31 0 d-------- C:\Users\All Users\IR Server Suite
          2008-04-27 19:39:31 0 d-------- C:\Program Files\IR Server Suite
          2008-04-26 21:22:17 57409 --a------ C:\Windows\system32\webdavnp.dll
          2008-04-26 21:22:17 73809 --a------ C:\Windows\system32\wdfsResNl.dll
          2008-04-26 21:22:17 73809 --a------ C:\Windows\system32\wdfsResEn.dll
          2008-04-26 21:22:17 81536 --a------ C:\Windows\system32\drivers\webdavfs.sys
          2008-04-26 21:22:17 139331 --a------ C:\Windows\system32\DOWCommon.dll <Not Verified; ; DOWCommon Dynamic Link Library>
          2008-04-26 21:22:17 184320 --a------ C:\Windows\system32\bigint.dll
          2008-04-26 21:22:17 0 d-------- C:\Program Files\XS4ALL-webdisk
          2008-04-26 14:44:39 0 d-------- C:\Program Files\MCE Replacement Driver
          2008-04-26 14:44:37 0 d-------- C:\Users\All Users\MediaPortal MCE Replacement Plugin
          2008-04-26 14:22:07 18944 --a------ C:\Windows\system32\drivers\mceir.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
          2008-04-24 23:11:52 0 d-------- C:\Program Files\Team MediaPortal
          2008-04-24 22:54:07 0 d-------- C:\Program Files\FireDTV
          2008-04-24 22:44:26 0 d-------- C:\Program Files\Realtek
          2008-04-24 22:44:18 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
          2008-04-21 22:55:40 0 d-------- C:\Program Files\DirectVobSub
          2008-04-20 17:11:31 0 d-------- C:\PerfLogs
          2008-04-20 16:42:48 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
          2008-04-20 16:42:47 0 d-------- C:\Program Files\ISP Monitor
          2008-04-20 16:18:14 0 d-------- C:\Program Files\Microsoft Silverlight
          2008-04-19 22:41:35 0 d-------- C:\Program Files\Microsoft Works
          2008-04-19 22:37:13 0 dr-h----- C:\MSOCache


          -- Find3M Report ---------------------------------------------------------------

          2008-05-08 21:37:39 723150 --a------ C:\Windows\system32\perfh013.dat
          2008-05-08 21:37:39 151036 --a------ C:\Windows\system32\perfc013.dat
          2008-05-08 01:12:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Lavasoft
          2008-05-08 01:09:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\PC Tools
          2008-05-06 09:58:57 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\SiteAdvisor
          2008-05-06 09:43:53 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\uTorrent
          2008-04-24 22:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
          2008-04-24 21:43:20 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Newsbin
          2008-04-21 23:07:02 0 d-------- C:\Program Files\CyberLink
          2008-04-21 22:53:44 0 d-------- C:\Program Files\ffdshow
          2008-04-20 17:19:52 174 --ahs---- C:\Program Files\desktop.ini
          2008-04-20 17:13:56 0 d-------- C:\Program Files\Windows Sidebar
          2008-04-20 17:13:56 0 d-------- C:\Program Files\Windows Calendar
          2008-04-20 17:13:56 0 d-------- C:\Program Files\Movie Maker
          2008-04-20 17:13:55 0 d-------- C:\Program Files\Windows Mail
          2008-04-20 17:13:54 0 d-------- C:\Program Files\Windows Collaboration
          2008-04-20 17:13:53 0 d-------- C:\Program Files\Windows Photo Gallery
          2008-04-20 17:13:53 0 d-------- C:\Program Files\Windows Journal
          2008-04-20 17:13:47 0 d-------- C:\Program Files\Windows Defender
          2008-04-20 16:45:53 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\ISP Monitor
          2008-04-19 22:41:23 0 d-------- C:\Program Files\Common Files
          2008-04-19 22:41:10 0 d-------- C:\Program Files\Microsoft.NET
          2008-03-30 00:51:09 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\WinRAR
          2008-03-29 22:50:08 0 d-------- C:\Program Files\QuickPar
          2008-03-29 22:46:21 0 d-------- C:\Program Files\SiteAdvisor
          2008-03-29 15:37:23 0 d-------- C:\Program Files\uTorrent
          2008-03-29 15:33:23 0 d-------- C:\Program Files\FTDv3.8
          2008-03-29 14:29:35 0 d-------- C:\Program Files\Wireless
          2008-03-24 23:07:24 0 d-------- C:\Program Files\Haali
          2008-03-24 22:45:33 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
          2008-03-24 22:45:30 0 d-------- C:\Program Files\Common Files\InstallShield
          2008-03-24 22:18:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Macromedia
          2008-03-24 22:18:44 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Adobe
          2008-03-24 21:32:56 0 d-------- C:\Program Files\Microsoft SQL Server
          2008-03-24 21:06:25 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\CyberLink
          2008-03-24 20:51:59 0 d-------- C:\Program Files\Common Files\Adobe
          2008-03-24 20:51:56 0 d-------- C:\Program Files\Common Files\Macrovision Shared
          2008-03-24 20:42:59 0 d-------- C:\Program Files\AC3Filter
          2008-03-24 20:29:30 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\ATI
          2008-03-24 20:29:23 0 d-------- C:\Program Files\McAfee
          2008-03-24 20:26:30 0 d-------- C:\Program Files\ATI Technologies
          2008-03-24 20:25:32 0 --a------ C:\Windows\ativpsrm.bin
          2008-03-24 20:24:27 0 d-------- C:\Program Files\ATI
          2008-03-24 19:19:46 0 d-------- C:\Program Files\Common Files\McAfee
          2008-03-24 19:19:34 0 d-------- C:\Program Files\McAfee.com
          2008-03-24 19:08:23 0 d-------- C:\Users\Marco Nierop\AppData\Roaming\Identities
          2008-03-24 19:05:11 0 d-------- C:\Program Files\Windows NT
          2008-02-13 15:59:22 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-01-2008 09:38]
          "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03-08-2007 23:33]
          "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24-08-2007 23:57]
          "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [22-07-2007 21:29]
          "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21-01-2008 13:17]
          "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [23-10-2006 00:24]
          "@"=""
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07-02-2007 16:24]
          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [07-02-2007 16:21]
          "RtHDVCpl"="RtHDVCpl.exe" [17-04-2008 11:50 C:\Windows\RtHDVCpl.exe]
          "Skytel"="Skytel.exe" [20-11-2007 18:15 C:\Windows\SkyTel.exe]
          "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe"
          "MSServer"="C:\Windows\system32\mlJBqopQ.dll" [06-05-2008 09:47]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19-01-2008 09:33]
          "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19-01-2008 09:33]
          "MediaPortal Shell"="C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [22-09-2006 09:57]
          "X4ALLNL"="C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" [28-02-2007 16:16]
          "Tray Launcher"=""
          "MediaPortal"="C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe" [02-05-2008 18:55]
          "MSServer"="C:\Users\MARCON~1\AppData\Local\Temp\iifcYOFy.dll,#1"
          "cmds"="C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c"

          [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
          "Spyware Doctor"=

          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
          Adobe Acrobat Snelle start.lnk - C:\Windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [24-3-2008 20:51:34]
          Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23-10-2006 1:01:50]
          Remote Control.lnk - C:\Program Files\FireDTV\Tools\RemoteControl.exe [24-4-2008 22:54:08]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"=2 (0x2)
          "EnableUIADesktopToggle"=0 (0x0)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
          PRISMAPI.DLL 16-11-2005 16:57 450646 C:\Windows\System32\PRISMAPI.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
          @="Volume shadow copy"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
          @="IEEE 1394 Bus host controllers"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
          @="SBP2 IEEE 1394 Devices"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
          @="SecurityDevices"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
          WindowsMobile wcescomm rapimgr
          LocalServiceRestricted WcesComm RapiMgr


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\## xs4all#mnierop]
          AutoRun\command- X:\Setup.exe


          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
          C:\Windows\system32\unregmp2.exe /ShowWMP

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
          %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



          -- End of Deckard's System Scanner: finished at 2008-05-09 00:04:01 ------------

          Nogmaals mijn hartelijke dank!

          Lots

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\Windows\system32\mlJBqopQ.dll) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Sorry vor de wat late reply...Ik had geen berichtje ontvangen dat er weer een antwoord was.. maar hieronder de text uit log.txt:

              Deleting files
              C:\Windows\system32\mlJBqopQ.dll not deleted

              Overigens wil ik wel even zeggen dat nadat ik een cleanup heb gedaan middels mcaffee QiuckCkean het random openen van websites lijkt gestopt.

              Ik kijk het nog even aan of het echt weg blijft, als dat zo is hoor je dat van mij.

              In ieder geval bdankt!

              Lots

              Comment


              • #8
                Post maar een logje van Hijackthis ter controle

                Comment


                • #9
                  Hmm, te vroeg gejuicht

                  Het is dus nog niet weg.. ik wordt er helemaal gestoord van.

                  Patroon is weer hetzelfde.. eerst een fake waarschuwing, van Beschermingstool, en zodra ik die sluit een stuk of 5 websites die proberen te openene (de meeste geven trouwens een 404 error) en daarna, een minuutje later weer een poging een hele rits websites die zomaar ineens op poppen.

                  Hieronder HijackThis loh:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 21:41:45, on 11-5-2008
                  Platform: Windows Vista SP1 (WinNT 6.00.1905)
                  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\System32\smss.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\wininit.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\services.exe
                  C:\Windows\system32\lsass.exe
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\winlogon.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\Ati2evxx.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\SLsvc.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\Windows\system32\Ati2evxx.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                  C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  C:\Program Files\McAfee\MPF\MPFSrv.exe
                  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
                  C:\Windows\system32\userinit.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\CyberLink\Shared files\RichVideo.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Program Files\Spyware Doctor\sdhelp.exe
                  C:\Program Files\SiteAdvisor\6253\SAService.exe
                  C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
                  C:\Windows\system32\PRISMSVR.EXE
                  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\McAfee.com\Agent\mcagent.exe
                  C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                  C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\Windows\RtHDVCpl.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                  C:\Windows\WindowsMobile\wmdSync.exe
                  C:\Program Files\Windows Sidebar\sidebar.exe
                  C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                  C:\Windows\System32\svchost.exe
                  C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
                  C:\Windows\System32\rundll32.exe
                  C:\Program Files\FireDTV\Tools\RemoteControl.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                  C:\Windows\system32\svchost.exe
                  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  C:\Windows\system32\wbem\unsecapp.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Program Files\Windows Media Player\wmpnscfg.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  C:\Program Files\Internet Explorer\ieuser.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
                  C:\Windows\explorer.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
                  C:\Windows\system32\rundll32.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\Windows\system32\wbem\wmiprvse.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  O1 - Hosts: ::1 localhost
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
                  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                  O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                  O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                  O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                  O4 - HKLM\..\Run: [Skytel] Skytel.exe
                  O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
                  O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBqopQ.dll,#1
                  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                  O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                  O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
                  O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
                  O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\jkkIXpMg.dll,#1
                  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c
                  O4 - HKCU\..\Run: [BM8deb4b84] Rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\cprjcqwg.dll",s
                  O4 - HKCU\..\Run: [8ed87818] rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\lbmieyhb.dll",b
                  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEEM')
                  O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
                  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
                  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
                  O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
                  O4 - Global Startup: Wireless
                  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                  O13 - Gopher Prefix:
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                  O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
                  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                  O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe

                  --
                  End of file - 11295 bytes


                  Alvast bedankt!

                  Lots

                  Comment


                  • #10
                    Download Malwarebytes' Anti-Malware via hier of hier.

                    Dubbelklik mbam-setup.exe om het programma te installeren.
                    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
                    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
                    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
                    • Het scannen kan een tijdje duren, dus wees geduldig.
                    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
                    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
                    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
                    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
                    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

                    Extra opmerking:
                    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

                    Comment


                    • #11
                      MBAM heeft heel wat gevonden! allemaal Trojans, hieronder de log:

                      Malwarebytes' Anti-Malware 1.12
                      Database versie: 743

                      Scan type: Snelle Scan
                      Objecten gescand: 33833
                      Verstreken tijd: 3 minute(s), 16 second(s)

                      Geheugenprocessen geïnfecteerd: 0
                      Geheugenmodulen geïnfecteerd: 1
                      Registersleutels geïnfecteerd: 4
                      Registerwaarden geïnfecteerd: 5
                      Registerdata bestanden geïnfecteerd: 0
                      Mappen geïnfecteerd: 0
                      Bestanden geïnfecteerd: 13

                      Geheugenprocessen geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Geheugenmodulen geïnfecteerd:
                      C:\Users\Marco Nierop\AppData\Local\Temp\opnlIxUM.dll (Trojan.Vundo) -> Unloaded module successfully.

                      Registersleutels geïnfecteerd:
                      HKEY_CLASSES_ROOT\CLSID\{1c218bc1-b339-40df-8346-792d2dbaffb5} (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

                      Registerwaarden geïnfecteerd:
                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8ed87818 (Trojan.Vundo) -> Quarantined and deleted successfully.
                      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM8deb4b84 (Trojan.Agent) -> Quarantined and deleted successfully.

                      Registerdata bestanden geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Mappen geïnfecteerd:
                      (Geen kwaadaardige items gevonden)

                      Bestanden geïnfecteerd:
                      C:\Users\Marco Nierop\AppData\Local\Temp\jkkIXpMg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\AppData\Local\Temp\opnlIxUM.dll (Trojan.Vundo) -> Delete on reboot.
                      C:\Windows\System32\mlJBqopQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\AppData\Local\Temp\opnlLDsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\AppData\Local\Temp\tmp000080c3 (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\45JLHRKD\glas[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\45JLHRKD\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\45JLHRKD\kriv[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\VR77MEFN\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\VR77MEFN\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\Local Settings\Temporary Internet Files\Content.IE5\XLX29OG2\moorate[1] (Trojan.AVKiller) -> Delete on reboot.
                      C:\Users\Marco Nierop\AppData\Local\Temp\lbmieyhb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
                      C:\Users\Marco Nierop\AppData\Local\Temp\cprjcqwg.dll (Trojan.Agent) -> Quarantined and deleted successfully.

                      .......

                      Waar ik wel benieuwd naar ben is hoe ik hier nu aan gekomen zou kunnen zijn, Mcafee heeft deze duidelijk gemist, en bij het scannen door Mcafee virusscan (wekelijks) is er ook niets gevonden.

                      Oh ja hier ook de Hijackthis log, gemaakt na opnieuw opstarten. De waarschuwing dat de Hosts file tegen schrijven geblokkeerd is, en daardoor mogelijk het een en ander niet gewijzigd zou kunnen worden, heb ik genegeerd en gewoon OK gedrukt:

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 21:41:45, on 11-5-2008
                      Platform: Windows Vista SP1 (WinNT 6.00.1905)
                      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                      Boot mode: Normal

                      Running processes:
                      C:\Windows\System32\smss.exe
                      C:\Windows\system32\csrss.exe
                      C:\Windows\system32\wininit.exe
                      C:\Windows\system32\csrss.exe
                      C:\Windows\system32\services.exe
                      C:\Windows\system32\lsass.exe
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\winlogon.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\Ati2evxx.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\SLsvc.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\Windows\system32\Ati2evxx.exe
                      C:\Windows\System32\spoolsv.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                      C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
                      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                      C:\Program Files\McAfee\MPF\MPFSrv.exe
                      C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
                      C:\Windows\system32\userinit.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\CyberLink\Shared files\RichVideo.exe
                      C:\Windows\system32\Dwm.exe
                      C:\Program Files\Spyware Doctor\sdhelp.exe
                      C:\Program Files\SiteAdvisor\6253\SAService.exe
                      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
                      C:\Windows\system32\PRISMSVR.EXE
                      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\McAfee.com\Agent\mcagent.exe
                      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\Windows\RtHDVCpl.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                      C:\Windows\WindowsMobile\wmdSync.exe
                      C:\Program Files\Windows Sidebar\sidebar.exe
                      C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                      C:\Windows\System32\svchost.exe
                      C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Program Files\FireDTV\Tools\RemoteControl.exe
                      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                      C:\Windows\system32\svchost.exe
                      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                      C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      C:\Windows\system32\wbem\unsecapp.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Program Files\Windows Media Player\wmpnscfg.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                      C:\Program Files\Internet Explorer\ieuser.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
                      C:\Windows\explorer.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                      C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
                      C:\Windows\system32\rundll32.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                      C:\Windows\system32\wbem\wmiprvse.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                      O1 - Hosts: ::1 localhost
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
                      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                      O4 - HKLM\..\Run: [Skytel] Skytel.exe
                      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
                      O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBqopQ.dll,#1
                      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                      O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                      O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
                      O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
                      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\jkkIXpMg.dll,#1
                      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MARCON~1\AppData\Local\Temp\opnlIxUM.dll,c
                      O4 - HKCU\..\Run: [BM8deb4b84] Rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\cprjcqwg.dll",s
                      O4 - HKCU\..\Run: [8ed87818] rundll32.exe "C:\Users\MARCON~1\AppData\Local\Temp\lbmieyhb.dll",b
                      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEEM')
                      O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
                      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
                      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
                      O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
                      O4 - Global Startup: Wireless
                      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                      O13 - Gopher Prefix:
                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                      O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
                      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
                      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                      O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe

                      --
                      End of file - 11295 bytes


                      Wederom, mijn hartelijke dank! (zijn we nu klaar?)

                      Lots

                      Comment


                      • #12
                        Je laatste logje is van gisteren
                        Scan saved at 21:41:45, on 11-5-2008
                        Maak even een nieuw logje, dan kan ik kijken of er nog foute regels in staan

                        Comment


                        • #13
                          Nog een beetje wennen aan vista.. ik moest HijackThis als administrator openen, toen lukte het wel een nieuwe log te maken.

                          zie hieronder:

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 23:27:20, on 13-5-2008
                          Platform: Windows Vista SP1 (WinNT 6.00.1905)
                          MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                          Boot mode: Normal

                          Running processes:
                          C:\Windows\System32\smss.exe
                          C:\Windows\system32\csrss.exe
                          C:\Windows\system32\wininit.exe
                          C:\Windows\system32\services.exe
                          C:\Windows\system32\lsass.exe
                          C:\Windows\system32\lsm.exe
                          C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe
                          C:\Windows\system32\Ati2evxx.exe
                          C:\Windows\System32\svchost.exe
                          C:\Windows\System32\svchost.exe
                          C:\Windows\system32\svchost.exe
                          C:\Windows\system32\SLsvc.exe
                          C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\Windows\System32\spoolsv.exe
                          C:\Windows\system32\svchost.exe
                          C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          C:\Program Files\McAfee\MPF\MPFSrv.exe
                          C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
                          C:\Windows\system32\svchost.exe
                          C:\Program Files\CyberLink\Shared files\RichVideo.exe
                          C:\Program Files\Spyware Doctor\sdhelp.exe
                          C:\Program Files\SiteAdvisor\6253\SAService.exe
                          C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
                          C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
                          C:\Windows\system32\svchost.exe
                          C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
                          C:\Windows\System32\svchost.exe
                          C:\Windows\system32\wbem\wmiprvse.exe
                          C:\Windows\system32\svchost.exe
                          C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          C:\Program Files\Windows Media Player\wmpnetwk.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                          c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                          C:\Windows\system32\csrss.exe
                          C:\Windows\system32\winlogon.exe
                          C:\Windows\system32\Ati2evxx.exe
                          C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                          C:\Windows\system32\Dwm.exe
                          C:\Windows\Explorer.EXE
                          C:\Windows\system32\PRISMSVR.EXE
                          C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                          C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
                          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                          C:\Windows\RtHDVCpl.exe
                          C:\Windows\WindowsMobile\wmdSync.exe
                          C:\Program Files\Windows Sidebar\sidebar.exe
                          C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                          C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
                          C:\Program Files\FireDTV\Tools\RemoteControl.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                          C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                          C:\Program Files\Windows Media Player\wmpnscfg.exe
                          C:\Windows\system32\wbem\unsecapp.exe
                          C:\Program Files\Internet Explorer\ieuser.exe
                          C:\Windows\system32\wbem\wmiprvse.exe
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                          O1 - Hosts: ::1 localhost
                          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
                          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                          O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                          O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                          O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                          O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                          O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
                          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                          O4 - HKLM\..\Run: [Skytel] Skytel.exe
                          O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
                          O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
                          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                          O4 - HKCU\..\Run: [MediaPortal Shell] C:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
                          O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
                          O4 - HKCU\..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
                          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                          O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEEM')
                          O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
                          O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
                          O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
                          O4 - Global Startup: Remote Control.lnk = C:\Program Files\FireDTV\Tools\RemoteControl.exe
                          O4 - Global Startup: Wireless
                          O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                          O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                          O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
                          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                          O13 - Gopher Prefix:
                          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                          O23 - Service: Input Service (InputService) - and-81 - C:\Program Files\IR Server Suite\Input Service\Input Service.exe
                          O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
                          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
                          O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
                          O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                          O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe

                          --
                          End of file - 10626 bytes

                          Ik hoop maar dat het nu eindelijk over is!

                          alvast bedankt,

                          Lots

                          Comment


                          • #14
                            Ik moest ook wennen aan die logjes van Vista, vooral omdat ik zelf alleen maar XP gebruik

                            Logje ziet er inderdaad weer prima uit

                            Comment


                            • #15
                              Zat je op mijn berichtje te wachten of zo?! Dit is wel heel snel antwoord

                              Mooi dat het nu weer goed is!, het valt op dat mijn harde schijf ook niet meer constant staat te reutelen.. dat is behoorlijk irritant als je TV zit te kijken en niet weet waarom die harde schijf het zo druk heeft dat de TV er van begint te stotteren (mijn PC gebruik ik hoofdzakelijk als HTPC).

                              Als dank een leuke donatie gedaan!

                              Als ik ooit weer problemen krijg kom ik hier weer terug, echt super wat jullie doen!

                              Groeten!

                              Lots

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X