Mededeling

Collapse
No announcement yet.

Google wil niet meer zoeken

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Google wil niet meer zoeken

    Hallo,

    Sinds vanmorgen zoekt Google niet meer, de site start wel op
    maar na klikken op zoeken gebeurd er heel lang niets.
    Na verloop van tijd verschijnt er een popup venster.

    Heb AdAware gebruikt maar dit hielp helaas niet. Het programma
    Spybot S&D kan ik niet downloaden, de link naar download.com wil
    ook niet werken.

    Ik zou heel blij zijn als iemand mij kan helpen !

    Groetjes,
    Karen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:22, on 12-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\qoeapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [0860c769] rundll32.exe "C:\WINDOWS\system32\cssachog.dll",b
    O4 - HKLM\..\Run: [BM0b53f4f5] Rundll32.exe "C:\WINDOWS\system32\pyjxhhil.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 7652 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      Je bent een KANJER

      Google zoekt weer als een speer !

      Dank je wel !!!

      Malwarebytes' Anti-Malware 1.12
      Database versie: 744

      Scan type: Snelle Scan
      Objecten gescand: 43049
      Verstreken tijd: 5 minute(s), 25 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 3
      Registersleutels geïnfecteerd: 12
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 7

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\cssachog.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\mlJBRIay.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\urqRLefF.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{260dcb19-8e7b-4d53-b23b-5dba56c6cace} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{260dcb19-8e7b-4d53-b23b-5dba56c6cace} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrleff (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0860c769 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0b53f4f5 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbriay -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbriay -> Quarantined and deleted successfully.

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\cssachog.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\gohcassc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mlJBRIay.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\yaIRBJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\yaIRBJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pyjxhhil.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\urqRLefF.dll (Trojan.Vundo) -> Delete on reboot.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:58:24, on 13-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {0EBBD3C2-FCFD-46FF-BAE6-72FA961DF321} - C:\WINDOWS\system32\qoMghigg.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: {b59b6647-91e9-1e88-9da4-123bc0a59e99} - {99e95a0c-b321-4ad9-88e1-9e197466b95b} - C:\WINDOWS\system32\eycetjuo.dll
      O2 - BHO: (no name) - {ED77D2B9-2C51-4428-AC9C-1F391101994E} - C:\WINDOWS\system32\yaywxvUm.dll (file missing)
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
      O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

      --
      End of file - 8123 bytes

      Comment


      • #4
        Mooi zo, maar we zijn er nog niet helemaal

        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: (no name) - {0EBBD3C2-FCFD-46FF-BAE6-72FA961DF321} - C:\WINDOWS\system32\qoMghigg.dll (file missing)
        O2 - BHO: {b59b6647-91e9-1e88-9da4-123bc0a59e99} - {99e95a0c-b321-4ad9-88e1-9e197466b95b} - C:\WINDOWS\system32\eycetjuo.dll
        O2 - BHO: (no name) - {ED77D2B9-2C51-4428-AC9C-1F391101994E} - C:\WINDOWS\system32\yaywxvUm.dll (file missing)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          Heb handmatig de PC en de tool moeten opstarten en kan alleen dit logje
          vinden ?

          ---RVAXO.exe Updated: 2008-05-10---first run---
          Uninstallers:
          ---RVAXO.exe Updated: 2008-05-10---first run---
          Uninstallers:

          Comment


          • #6
            Hij loopt blijkbaar niet door?

            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              ======C:\WINDOWS====
              ----a-w 0 2008-05-13 10:55:13 C:\WINDOWS\0.log
              ----a-w 18,656 2008-05-13 09:17:46 C:\WINDOWS\BM0b53f4f5.txt
              ----a-w 109,807 2008-05-13 09:07:16 C:\WINDOWS\BM0b53f4f5.xml
              --s-a-w 2,048 2008-05-13 10:54:52 C:\WINDOWS\bootstat.dat
              ----a-w 25 2008-05-10 07:06:50 C:\WINDOWS\cdplayer.ini
              ----a-w 274,112 2008-05-02 06:56:26 C:\WINDOWS\comsetup.log
              ----a-w 93 2008-05-11 16:10:19 C:\WINDOWS\cookies.ini
              ----a-w 161,722 2008-03-20 17:43:28 C:\WINDOWS\DirectX.log
              ----a-w 94 2008-05-10 16:25:56 C:\WINDOWS\family.ini
              ----a-w 1,073,611 2008-05-02 06:56:26 C:\WINDOWS\FaxSetup.log
              ----a-w 48 2008-05-10 15:41:28 C:\WINDOWS\FileNamesinQueue.ini
              ---ha-w 24 2008-04-16 17:45:03 C:\WINDOWS\hpcfgjmp.zpi
              ----a-w 8,676 2008-05-01 07:57:53 C:\WINDOWS\IDNMitigationAPIs.log
              ----a-w 47,966 2008-05-01 07:59:47 C:\WINDOWS\ie7.log
              ----a-w 33,537 2008-05-01 08:01:16 C:\WINDOWS\ie7_main.log
              ----a-w 169,306 2008-05-02 06:56:27 C:\WINDOWS\iis6.log
              ----a-w 1,355 2008-05-01 08:01:14 C:\WINDOWS\imsins.BAK
              ----a-w 1,355 2008-05-02 06:56:26 C:\WINDOWS\imsins.log
              ----a-w 10,654 2008-05-01 07:54:36 C:\WINDOWS\KB904942.log
              ----a-w 4,176 2008-05-01 07:54:45 C:\WINDOWS\KB914440.log
              ----a-w 5,860 2008-05-01 07:56:08 C:\WINDOWS\KB915865.log
              ----a-w 10,857 2008-05-02 06:56:26 C:\WINDOWS\KB938127-IE7.log
              ----a-w 12,748 2008-04-09 11:43:32 C:\WINDOWS\KB941693.log
              ----a-w 13,583 2008-04-09 11:42:20 C:\WINDOWS\KB944338.log
              ----a-w 59,181 2008-05-01 08:00:37 C:\WINDOWS\KB944533-IE7.log
              ----a-w 12,019 2008-04-09 11:42:13 C:\WINDOWS\KB945553.log
              ----a-w 45,447 2008-05-01 08:01:14 C:\WINDOWS\KB947864-IE7.log
              ----a-w 21,988 2008-04-09 11:43:53 C:\WINDOWS\KB947864.log
              ----a-w 12,553 2008-04-09 11:43:25 C:\WINDOWS\KB948590.log
              ----a-w 13,415 2008-04-09 11:43:59 C:\WINDOWS\KB948881.log
              ----a-w 53,945 2008-05-02 06:56:26 C:\WINDOWS\msgsocm.log
              ----a-w 116 2008-05-12 18:42:46 C:\WINDOWS\NeroDigital.ini
              ----a-w 8,365 2008-05-01 07:57:05 C:\WINDOWS\NLSDownlevelMapping.log
              ----a-w 371 2008-03-17 17:10:21 C:\WINDOWS\nsw.log
              ----a-w 165,545 2008-05-02 06:56:26 C:\WINDOWS\ntdtcsetup.log
              ----a-w 535,275 2008-05-02 06:56:26 C:\WINDOWS\ocgen.log
              ----a-w 39,766 2008-05-02 06:56:26 C:\WINDOWS\ocmsn.log
              ----a-w 53,248 2008-05-10 14:18:26 C:\WINDOWS\PalmDevC.dll
              ----a-w 22 2008-05-13 09:07:12 C:\WINDOWS\pskt.ini
              ----a-w 0 2008-05-10 16:17:09 C:\WINDOWS\QuickInstall.INI
              ----a-w 0 2008-05-10 14:37:33 C:\WINDOWS\QUICKI~1.INI
              ----a-w 32,620 2008-05-13 10:53:57 C:\WINDOWS\SchedLgU.Txt
              ----a-w 196,806 2008-05-12 09:25:00 C:\WINDOWS\setupact.log
              ----a-w 555,688 2008-05-11 09:06:32 C:\WINDOWS\setupapi.log
              ----a-w 212 2008-05-01 08:58:55 C:\WINDOWS\SIERRA.INI
              ----a-w 37,357 2008-05-01 08:04:36 C:\WINDOWS\spupdsvc.log
              ----a-w 227 2008-05-13 10:46:13 C:\WINDOWS\system.ini
              ----a-w 154 2008-05-01 08:59:02 C:\WINDOWS\tmpcpyis.bat
              ----a-w 122 2008-05-01 08:59:02 C:\WINDOWS\tmpdelis.bat
              ----a-w 415,845 2008-05-02 06:56:26 C:\WINDOWS\tsoc.log
              ----a-w 120,646 2008-05-01 08:01:03 C:\WINDOWS\updspapi.log
              ----a-w 159 2008-05-13 10:55:11 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-05-13 10:55:10 C:\WINDOWS\wiaservc.log
              ----a-w 785 2008-05-13 10:46:13 C:\WINDOWS\win.ini
              ----a-w 1,741,081 2008-05-13 10:53:44 C:\WINDOWS\WindowsUpdate.log
              ----a-w 3,053 2008-05-13 02:26:42 C:\WINDOWS\wininit.ini
              ----a-w 26 2008-05-01 08:59:02 C:\WINDOWS\winstart.bat

              Entries: 57 (55)
              Directories: 0 Files: 57
              Bytes: 6,086,399 Blocks: 11,915
              ======C:\WINDOWS\system32=====
              ----a-w 0 2008-05-13 09:11:08 C:\WINDOWS\System32\clkcnt.txt
              ----a-w 2,888 2008-04-16 17:05:39 C:\WINDOWS\System32\CONFIG.NT
              ------w 116,736 2008-05-13 09:43:24 C:\WINDOWS\System32\cssachog.dll
              ----a-w 133,120 2008-05-12 07:36:59 C:\WINDOWS\System32\eycetjuo.dll
              ---ha-w 19 2008-04-16 17:06:11 C:\WINDOWS\System32\ezirioMeD4
              ----a-w 202,528 2008-04-09 12:56:58 C:\WINDOWS\System32\FNTCACHE.DAT
              --sha-w 226,793 2008-05-12 20:37:25 C:\WINDOWS\System32\ggihgMoq.ini
              --sha-w 226,793 2008-05-12 20:36:19 C:\WINDOWS\System32\ggihgMoq.ini2
              ----a-w 383 2008-04-16 17:05:39 C:\WINDOWS\System32\haspdos.sys
              ----a-w 6,656 2008-04-16 17:05:39 C:\WINDOWS\System32\haspvdd.dll
              ----a-w 46 2008-05-13 02:33:28 C:\WINDOWS\System32\imon1.dat
              ----a-w 125,440 2008-05-11 07:32:01 C:\WINDOWS\System32\jnexbcas.dll
              ----a-w 143 2008-05-13 09:44:27 C:\WINDOWS\System32\mcrh.tmp
              --sh--w 1,505,172 2008-05-12 04:34:41 C:\WINDOWS\System32\mfxonwqj.ini
              ------w 370,176 2008-05-13 09:43:25 C:\WINDOWS\System32\mlJBRIay.dll
              ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
              ----a-w 134,656 2008-05-11 07:41:01 C:\WINDOWS\System32\mtapegkd.dll
              --sha-w 500,121 2008-05-13 02:33:16 C:\WINDOWS\System32\mUvxwyay.ini
              --sha-w 500,121 2008-05-13 02:32:14 C:\WINDOWS\System32\mUvxwyay.ini2
              ----a-w 114,688 2008-03-20 17:42:20 C:\WINDOWS\System32\OpenAL32.dll
              ----a-w 72,152 2008-03-30 08:04:39 C:\WINDOWS\System32\perfc009.dat
              ----a-w 92,052 2008-03-30 08:04:39 C:\WINDOWS\System32\perfc013.dat
              ----a-w 444,528 2008-03-30 08:04:39 C:\WINDOWS\System32\perfh009.dat
              ----a-w 512,410 2008-03-30 08:04:39 C:\WINDOWS\System32\perfh013.dat
              ----a-w 1,136,134 2008-03-30 08:04:38 C:\WINDOWS\System32\PerfStringBackup.INI
              ------w 126,976 2008-05-13 09:43:25 C:\WINDOWS\System32\pyjxhhil.dll
              ----a-w 818,420 2008-05-10 10:18:24 C:\WINDOWS\System32\RVAXO.bat
              ------w 57,856 2008-05-13 09:43:25 C:\WINDOWS\System32\urqRLefF.dll
              ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
              ----a-w 13,676 2008-05-11 15:03:15 C:\WINDOWS\System32\wpa.dbl
              ----a-w 409,600 2008-03-20 17:42:20 C:\WINDOWS\System32\wrap_oal.dll
              --sha-w 2,724 2008-05-13 09:43:42 C:\WINDOWS\System32\yaIRBJlm.ini
              --sha-w 2,724 2008-05-13 09:43:53 C:\WINDOWS\System32\yaIRBJlm.ini2

              Entries: 33 (25)
              Directories: 0 Files: 33
              Bytes: 29,537,131 Blocks: 57,700
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 457,216 2008-04-16 17:05:40 C:\WINDOWS\System32\drivers\hardlock.sys
              ----a-w 47,616 2008-04-16 17:05:39 C:\WINDOWS\System32\drivers\Haspnt.sys
              ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
              ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

              Entries: 4 (4)
              Directories: 0 Files: 4
              Bytes: 547,744 Blocks: 1,070
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              --sha-r 211 2008-05-13 10:46:13 C:\boot.ini
              ----a-w 13,225 2008-04-19 17:23:01 C:\caisslog.txt
              ----a-w 127 2008-03-27 22:56:34 C:\CountCyclesWMVDecLog.txt
              ----a-w 51,511,296 2008-04-11 10:59:19 C:\dump_dvd.vob
              --sha-w 1,610,612,736 2008-05-13 10:54:48 C:\pagefile.sys
              ----a-w 160 2008-05-13 10:55:14 C:\RVAXO-results.log

              Entries: 6 (4)
              Directories: 0 Files: 6
              Bytes: 1,662,137,755 Blocks: 3,246,365
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Temp======
              ----a-w 22,477 2008-05-11 10:07:38 C:\Temp\debug.txt

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 22,477 Blocks: 44
              ----a-w 125 2008-05-10 22:10:04 C:\Documents and Settings\Karen & Joop\default.pls
              ---ha-w 6,029,312 2008-05-13 10:53:54 C:\Documents and Settings\Karen & Joop\NTUSER.DAT
              ---ha-w 40,960 2008-05-13 11:13:37 C:\Documents and Settings\Karen & Joop\ntuser.dat.LOG
              --sh--w 188 2008-05-13 10:53:54 C:\Documents and Settings\Karen & Joop\ntuser.ini

              Entries: 4 (1)
              Directories: 0 Files: 4
              Bytes: 6,070,585 Blocks: 11,858
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\BM0b53f4f5.txt
                C:\WINDOWS\BM0b53f4f5.xml
                C:\WINDOWS\cookies.ini
                C:\WINDOWS\pskt.ini
                C:\WINDOWS\tmpcpyis.bat
                C:\WINDOWS\tmpdelis.bat
                C:\WINDOWS\wininit.ini
                C:\WINDOWS\System32\clkcnt.txt
                C:\WINDOWS\System32\cssachog.dll
                C:\WINDOWS\System32\eycetjuo.dll
                C:\WINDOWS\System32\ezirioMeD4
                C:\WINDOWS\System32\ggihgMoq.ini
                C:\WINDOWS\System32\ggihgMoq.ini2
                C:\WINDOWS\System32\jnexbcas.dll
                C:\WINDOWS\System32\mcrh.tmp
                C:\WINDOWS\System32\mfxonwqj.ini
                C:\WINDOWS\System32\mlJBRIay.dll
                C:\WINDOWS\System32\mtapegkd.dll
                C:\WINDOWS\System32\mUvxwyay.ini
                C:\WINDOWS\System32\mUvxwyay.ini2
                C:\WINDOWS\System32\pyjxhhil.dll
                C:\WINDOWS\System32\urqRLefF.dll
                C:\WINDOWS\System32\yaIRBJlm.ini
                C:\WINDOWS\System32\yaIRBJlm.ini2) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Deleting files
                  C:\WINDOWS\BM0b53f4f5.txt deleted
                  C:\WINDOWS\BM0b53f4f5.xml deleted
                  C:\WINDOWS\cookies.ini deleted
                  C:\WINDOWS\pskt.ini deleted
                  C:\WINDOWS\tmpcpyis.bat deleted
                  C:\WINDOWS\tmpdelis.bat deleted
                  C:\WINDOWS\wininit.ini deleted
                  C:\WINDOWS\System32\clkcnt.txt deleted
                  C:\WINDOWS\System32\cssachog.dll deleted
                  C:\WINDOWS\System32\eycetjuo.dll deleted
                  C:\WINDOWS\System32\ezirioMeD4 deleted
                  C:\WINDOWS\System32\ggihgMoq.ini deleted
                  C:\WINDOWS\System32\ggihgMoq.ini2 deleted
                  C:\WINDOWS\System32\jnexbcas.dll deleted
                  C:\WINDOWS\System32\mcrh.tmp deleted
                  C:\WINDOWS\System32\mfxonwqj.ini deleted
                  C:\WINDOWS\System32\mlJBRIay.dll deleted
                  C:\WINDOWS\System32\mtapegkd.dll deleted
                  C:\WINDOWS\System32\mUvxwyay.ini deleted
                  C:\WINDOWS\System32\mUvxwyay.ini2 deleted
                  C:\WINDOWS\System32\pyjxhhil.dll deleted
                  C:\WINDOWS\System32\urqRLefF.dll deleted
                  C:\WINDOWS\System32\yaIRBJlm.ini deleted
                  C:\WINDOWS\System32\yaIRBJlm.ini2 deleted

                  Comment


                  • #10
                    Ik denk dat we inmiddels bijna alles verwijderd hebben

                    Download Deckard's System Scanner naar je Bureaublad.
                    • Sluit alle toepassingen en vensters.
                    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

                    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

                    Comment


                    • #11
                      Wat krijg ik een schone PC !

                      Deckard's System Scanner v20071014.68
                      Run by Karen & Joop on 2008-05-13 13:41:36
                      Computer is in Normal Mode.
                      --------------------------------------------------------------------------------

                      -- System Restore --------------------------------------------------------------

                      Successfully created a Deckard's System Scanner Restore Point.


                      -- Last 5 Restore Point(s) --
                      87: 2008-05-13 11:41:44 UTC - RP233 - Deckard's System Scanner Restore Point
                      86: 2008-05-12 06:49:34 UTC - RP232 - Controlepunt van systeem
                      85: 2008-05-11 06:04:29 UTC - RP231 - Printerstuurprogramma Adobe PDF Converter is geïnstalleerd
                      84: 2008-05-10 19:28:47 UTC - RP230 - Last known good configuration
                      83: 2008-05-10 19:28:41 UTC - RP229 - Installed Palm Desktop by ACCESS


                      -- First Restore Point --
                      1: 2008-05-10 19:28:32 UTC - RP147 - Software Distribution Service 3.0


                      Backed up registry hives.
                      Performed disk cleanup.



                      -- HijackThis (run as Karen & Joop.exe) ----------------------------------------

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 13:43:10, on 13-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\System32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      C:\WINDOWS\System32\GEARSec.exe
                      C:\Program Files\Eset\nod32krn.exe
                      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Canon\CAL\CALMAIN.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                      C:\Program Files\Eset\nod32kui.exe
                      C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Palm\Hotsync.exe
                      C:\Documents and Settings\Karen & Joop\Bureaublad\dss.exe
                      C:\PROGRA~1\TRENDM~1\HIJACK~1\Karen & Joop.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                      O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
                      O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
                      O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
                      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
                      O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                      O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                      O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
                      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
                      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

                      --
                      End of file - 7691 bytes

                      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                      backup-20080513-123227-101 O2 - BHO: {b59b6647-91e9-1e88-9da4-123bc0a59e99} - {99e95a0c-b321-4ad9-88e1-9e197466b95b} - C:\WINDOWS\system32\eycetjuo.dll
                      backup-20080513-123227-184 O2 - BHO: (no name) - {0EBBD3C2-FCFD-46FF-BAE6-72FA961DF321} - C:\WINDOWS\system32\qoMghigg.dll (file missing)
                      backup-20080513-123227-943 O2 - BHO: (no name) - {ED77D2B9-2C51-4428-AC9C-1F391101994E} - C:\WINDOWS\system32\yaywxvUm.dll (file missing)

                      -- File Associations -----------------------------------------------------------

                      .reg - regfile - shell\open\command - regedit.exe "%1" %*
                      .scr - scrfile - shell\open\command - "%1" %*


                      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                      R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
                      R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
                      R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
                      R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
                      R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
                      R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
                      R2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
                      R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
                      R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
                      R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
                      R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
                      R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
                      R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
                      R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
                      R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

                      S3 GMSIPCI - g:\install\gmsipci.sys (file missing)


                      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                      R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
                      R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
                      R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
                      R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

                      S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


                      -- Device Manager: Disabled ----------------------------------------------------

                      No disabled devices found.


                      -- Files created between 2008-04-13 and 2008-05-13 -----------------------------

                      2008-05-13 12:44:35 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
                      2008-05-13 12:44:35 7048 --a------ C:\WINDOWS\system32\fixp.bat
                      2008-05-13 12:44:34 818420 --a------ C:\WINDOWS\system32\RVAXO.bat
                      2008-05-13 12:44:34 69632 --a------ C:\WINDOWS\system32\remove.exe
                      2008-05-13 12:16:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-05-13 12:15:57 0 d-------- C:\Program Files\SpywareBlaster
                      2008-05-13 11:30:23 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Malwarebytes
                      2008-05-13 11:29:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-05-13 11:29:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
                      2008-05-13 11:29:09 0 d-------- C:\Program Files\Common Files\Download Manager
                      2008-05-12 21:23:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-05-12 18:57:19 0 d-------- C:\Program Files\Trend Micro
                      2008-05-12 12:00:44 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Lavasoft
                      2008-05-10 20:59:58 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
                      2008-05-10 20:59:56 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
                      2008-05-10 20:59:54 0 d-------- C:\Program Files\Magic Video Converter
                      2008-05-10 18:26:35 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
                      2008-05-10 18:25:56 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\HotSync
                      2008-05-10 16:19:16 53248 --a------ C:\WINDOWS\PalmDevC.dll <Not Verified; PalmSource, Inc; HotSync® Manager>
                      2008-05-10 16:18:51 0 d-------- C:\Program Files\palmOne
                      2008-05-10 09:05:45 0 d-------- C:\Program Files\Common Files\Real
                      2008-05-10 09:05:44 0 d-------- C:\Program Files\Real
                      2008-05-10 09:03:09 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Real
                      2008-05-09 21:20:43 0 d-------- C:\Program Files\Common Files\DataViz
                      2008-05-09 21:20:43 0 d-------- C:\Documents and Settings\All Users\Application Data\DataViz
                      2008-05-09 21:20:37 0 d-------- C:\Program Files\Documents To Go
                      2008-05-09 21:20:06 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Leadertech
                      2008-05-07 17:34:05 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Canon
                      2008-05-07 17:26:04 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\ZoomBrowser EX
                      2008-05-07 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
                      2008-05-07 17:04:40 0 d-------- C:\Program Files\Common Files\Canon
                      2008-05-05 17:53:13 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\GARMIN
                      2008-05-03 10:47:27 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Arcsoft
                      2008-05-03 10:46:37 0 d-------- C:\Program Files\Palm
                      2008-05-01 10:59:02 26 --a------ C:\WINDOWS\winstart.bat
                      2008-05-01 10:58:55 557056 --a------ C:\WINDOWS\system32\WONshell.dll <Not Verified; World Opponent Network\r\nA division of Havas Interactive; World Opponent Network WONshell>
                      2008-05-01 10:58:55 196608 --a------ C:\WINDOWS\system32\WONauth.dll <Not Verified; WON.net; a division of Havas Interactive; WON.net WONauth>
                      2008-05-01 10:58:55 233472 --a------ C:\WINDOWS\system32\SNWValid.dll <Not Verified; Havas Interactive; World Opponent Network WONplay>
                      2008-05-01 10:58:55 24928 --a------ C:\WINDOWS\system32\Sigres.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
                      2008-05-01 10:58:55 1204224 --a------ C:\WINDOWS\system32\SierraNW.dll <Not Verified; Havas Interactive; World Opponent Network WONplay>
                      2008-05-01 10:58:55 44544 --a------ C:\WINDOWS\system32\GIF89.DLL <Not Verified; ; Gif89 Module>
                      2008-05-01 10:58:55 0 d-------- C:\Program Files\Sierra On-Line
                      2008-05-01 10:58:52 56832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
                      2008-05-01 10:58:52 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
                      2008-05-01 10:57:51 0 d-------- C:\Sierra
                      2008-05-01 09:59:34 0 d-------- C:\WINDOWS\system32\nl-nl
                      2008-05-01 09:54:41 0 d-------- C:\WINDOWS\network diagnostic
                      2008-04-19 12:05:35 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
                      2008-04-19 12:05:33 0 d-------- C:\Program Files\CA
                      2008-04-17 10:27:17 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\IsolatedStorage
                      2008-04-17 10:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
                      2008-04-17 10:21:20 0 d-------- C:\Program Files\Symantec
                      2008-04-17 10:21:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
                      2008-04-16 19:05:40 457216 --a------ C:\WINDOWS\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
                      2008-04-16 19:05:39 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
                      2008-04-16 19:05:39 383 --a------ C:\WINDOWS\system32\haspdos.sys
                      2008-04-16 19:05:39 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
                      2008-04-16 19:05:37 23168 --a------ C:\WINDOWS\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
                      2008-04-16 19:05:20 0 d-------- C:\Program Files\Phase One
                      2008-04-16 13:00:50 0 d-------- C:\Program Files\BreezeSys
                      2008-04-14 20:36:38 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Opera


                      -- Find3M Report ---------------------------------------------------------------

                      2008-05-13 11:29:09 0 d-------- C:\Program Files\Common Files
                      2008-05-11 22:50:50 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Vso
                      2008-05-11 08:11:16 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\AdobeUM
                      2008-05-07 17:09:24 0 d-------- C:\Program Files\Canon
                      2008-05-03 21:57:44 0 d-------- C:\Program Files\Microsoft ActiveSync
                      2008-04-22 12:27:12 0 d-------- C:\Program Files\Rummi
                      2008-04-18 09:43:57 0 d-------- C:\Program Files\Luxor Mahjong
                      2008-04-13 20:33:47 0 d--h----- C:\Program Files\InstallShield Installation Information
                      2008-04-07 21:13:43 0 d-------- C:\Program Files\IrfanView
                      2008-04-07 18:50:40 0 d-------- C:\Program Files\VSO
                      2008-03-30 19:36:49 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Azureus
                      2008-03-30 17:44:03 0 d-------- C:\Program Files\BFG
                      2008-03-30 17:38:08 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Thinstall
                      2008-03-30 13:14:53 0 d-------- C:\Program Files\Azureus
                      2008-03-30 10:04:39 512410 --a------ C:\WINDOWS\system32\perfh013.dat
                      2008-03-30 10:04:39 92052 --a------ C:\WINDOWS\system32\perfc013.dat
                      2008-03-25 19:34:41 0 d-------- C:\Program Files\PhotoRescue Advanced PC
                      2008-03-24 12:11:20 0 d-------- C:\Documents and Settings\Karen & Joop\Application Data\Adobe
                      2008-03-20 19:45:25 0 d-------- C:\Program Files\Belastingdienst
                      2008-03-20 19:42:20 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
                      2008-03-20 19:42:20 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
                      2008-03-20 19:42:20 0 d-------- C:\Program Files\OpenAL
                      2008-02-28 14:53:11 34 --a------ C:\Documents and Settings\Karen & Joop\Application Data\pcouffin.log
                      2008-02-28 14:53:00 47360 --a------ C:\Documents and Settings\Karen & Joop\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
                      2008-02-28 14:53:00 1144 --a------ C:\Documents and Settings\Karen & Joop\Application Data\pcouffin.inf
                      2008-02-28 14:53:00 7887 --a------ C:\Documents and Settings\Karen & Joop\Application Data\pcouffin.cat
                      2008-02-15 07:18:32 1158 --a------ C:\WINDOWS\mozver.dat
                      2008-02-14 16:03:15 3414150 --a------ C:\WINDOWS\system32\exec1.exe
                      2008-02-13 21:30:13 0 --a------ C:\WINDOWS\nsreg.dat
                      2008-02-13 21:13:37 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
                      2008-02-13 20:20:53 0 --a------ C:\WINDOWS\ativpsrm.bin
                      2008-02-13 20:08:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
                      2008-02-13 15:26:08 62 --ahs---- C:\Documents and Settings\Karen & Joop\Application Data\desktop.ini
                      2008-02-13 14:40:43 0 -rahs---- C:\MSDOS.SYS
                      2008-02-13 14:40:43 0 -rahs---- C:\IO.SYS
                      2008-02-13 14:40:43 0 --a------ C:\CONFIG.SYS
                      2008-02-13 14:40:43 0 --a------ C:\AUTOEXEC.BAT
                      2008-02-13 14:38:30 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat


                      -- Registry Dump ---------------------------------------------------------------

                      *Note* empty entries & legit default entries are not shown


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29-05-2003 17:28]
                      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30-05-2003 10:42]
                      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [13-02-2008 21:13]
                      "@"=""
                      "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [19-04-2008 16:10]
                      "HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe"

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                      @="Service"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                      @="Volume shadow copy"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Snelle start.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Snelle start.lnk
                      backup=C:\WINDOWS\pss\Adobe Acrobat Snelle start.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
                      backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BlueSoleil.lnk
                      backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DataViz Inc Messenger.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\DataViz Inc Messenger.lnk
                      backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
                      "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
                      "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                      "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
                      "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
                      "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                      "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                      "C:\Program Files\Messenger\msmsgs.exe" /background

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
                      "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                      C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
                      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
                      C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
                      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                      "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"




                      -- End of Deckard's System Scanner: finished at 2008-05-13 13:43:51 ------------

                      Comment


                      • #12
                        Doe dit nog:

                        Je Java software is verouderd.
                        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                        • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                        • Herhaal dit tot alle oudere versies verdwenen zijn.
                        • Na het verwijderen van alle oudere versies, herstart je pc.
                        • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Dan denk ik dat alles weer OK is.

                        Groeten smeenk

                        Comment


                        • #13
                          Hoi Smeenk,

                          Ik heb alles uitgevoerd, ben erg gelukkig
                          dat alles weer prima werkt en in orde is .

                          Heel erg bedankt voor je tijd en moeite !!

                          Groetjes,
                          Karen

                          Comment


                          • #14
                            Graag gedaan hoor Karen

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X