Slachtoffer van MSN rotzooi

**Jasperx** · 22 September 2006, 21:28

Ik ben een slachtoffergeworden van spyware via msn door op een link te klikken en weet niet hoe ik dit moet oplossen dit is men logje :

Logfile of HijackThis v1.99.1
Scan saved at 21:24, on 06-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e11.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aerentsjorina.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130364442791
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131365030359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

**Jasperx** · 22 September 2006, 21:40

ComboFix logje:

Jasper - 06-09-22 21:37:37.60 Service Pack 2
ComboFix 06.09.23 - Running from: "C:\Documents and Settings\Jasper.THUIS\Mijn documenten\Downloads"
Command switches used ::
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\teller2.chk
C:\Program Files\Deskbar
C:\Program Files\Common Files\{404E7453-0BB0-2067-0113-060110060020}

((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))

2006-08-29 15:59 5,606 --a------ C:\WINDOWS\system32\stci.dll
2006-08-29 15:56 20,992 --a------ C:\WINDOWS\jestertb.dll
2006-08-27 12:15 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2006-08-27 12:15 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-09-22 21:38 -------- d-------- C:\Program Files\Common Files
2006-09-22 20:50 -------- d-------- C:\Program Files\MSN Messenger
2006-09-22 20:47 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-21 19:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 19:25 -------- d-------- C:\Program Files\De Algemene Wereldatlas
2006-09-21 18:17 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Google
2006-09-20 21:00 -------- d-------- C:\Program Files\WinZip
2006-09-20 20:58 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-09-20 19:16 -------- d-------- C:\Program Files\Google
2006-09-17 10:53 -------- d-------- C:\Program Files\EA GAMES
2006-09-17 08:29 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Help
2006-09-12 16:49 154 --a------ C:\Documents and Settings\Jasper.THUIS\Application Data\wklnhst.dat
2006-09-07 22:39 -------- d-------- C:\Program Files\Internet Explorer
2006-09-01 15:13 -------- d-------- C:\Program Files\Microsoft Works
2006-09-01 15:13 -------- d-------- C:\Program Files\Microsoft Digital Image 2006
2006-09-01 15:13 -------- d-------- C:\Program Files\Messenger
2006-09-01 15:13 -------- d-------- C:\Program Files\Mah Jong Quest
2006-09-01 15:13 -------- d-------- C:\Program Files\Easy Thumbnails
2006-09-01 15:13 -------- d-------- C:\Program Files\Big Kahuna Reef
2006-08-31 18:25 -------- d---s---- C:\Documents and Settings\Jasper.THUIS\Application Data\Microsoft
2006-08-30 13:34 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla
2006-08-29 15:11 76136 --a------ C:\Documents and Settings\Jasper.THUIS\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:11 -------- d-------- C:\Program Files\Need for Speed Underground 2
2006-08-26 14:10 -------- d-------- C:\Program Files\Common Files\DirectX
2006-08-26 14:07 -------- d-------- C:\Program Files\DirectX 9.0c
2006-08-26 13:43 -------- d-------- C:\Program Files\WinRAR
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck(2).dll
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 15:53 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\AdobeUM
2006-08-14 14:29 -------- d-------- C:\Program Files\EA SPORTS
2006-08-14 13:29 -------- d-------- C:\Program Files\Pinnacle
2006-08-14 11:03 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Adobe
2006-08-07 20:54 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-06 09:37 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\TuneUp Software
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 20:40 -------- d-------- C:\Program Files\Maxis
2006-07-26 20:36 -------- d-------- C:\Program Files\DMW Client 3
2006-07-25 22:42 615424 --a------ C:\WINDOWS\system32\urlmon(3).dll
2006-07-25 19:02 -------- d-------- C:\Program Files\HP
2006-07-25 19:02 -------- d-------- C:\Program Files\Common Files\HP
2006-07-25 18:42 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-07-25 18:27 -------- d-------- C:\Program Files\Hewlett-Packard
2006-07-25 18:26 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-23 13:17 662016 --a------ C:\WINDOWS\system32\wininet(3).dll
2006-06-23 13:17 474624 --a------ C:\WINDOWS\system32\shlwapi(3).dll
2006-06-23 13:16 448512 --a------ C:\WINDOWS\system32\mshtmled(2).dll
2006-06-23 13:16 39424 --a------ C:\WINDOWS\system32\pngfilt(2).dll
2006-06-23 13:16 1022976 --a------ C:\WINDOWS\system32\browseui(3).dll
2006-06-22 07:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:17 1440768 --a------ C:\WINDOWS\system32\query.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.ex e"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG .EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINT LGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT \\TINTSETP.EXE /IMEName"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"AME_CSA"="rundll32 csa.cpl,RUN_DLL"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"HP Software Update"="c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"USBToolTip"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00 ,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Fri 22/09/2006 21:38:19.65
ComboFix.txt

**jurgenv** · 22 September 2006, 21:45

Msn zelf is besmet met een worm, dus we zullen msn moeten de-installeren tijdens het cleanen, anders zal hij gewoon de infectie terugzetten, dus eerste stap:
MSN de-installeren! Als je dit niet doet kunnen we niet verder...

* Download en installeer Ewido Anti-Spyware 4.0.

Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "Status", klik op Change state naast "Resident shield".
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":
- - onder "How to act?", klik op "Recommended actions" en selecteer Quarantine.
  - onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit Ewido. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm

* Start je computer op in VEILIGE MODUS

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

open ewido en klik op de Scanner tab bovenaan en klik dan op Complete System Scan. Deze scan zal heel je systeem afcannen dus dit kan een tijdje duren
Ewido zal alle geïnfecteerde objecten aan de linkerkant tonen. Waneer de scan gedaan is, zal het alles naar de 'Quarantine' optie zetten. klik dan op de Apply all actions knop. Ewido zal dan het volgend bericht tonen aan de rechterkant: "All actions have been applied"
Klik dan op "Save Report", en dan op "Save Report As". dit zal een rapport maken Wees zeker dat je het rapport makkelijk kunt terugvinden (ijvoorbeeld op je bureaublad).

* Herstart je computer in normale modus.

* Download ATF cleaner (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Post dan een nieuw hijackthis logje hier met het rapport van ewido + een nieuw logje van combofix.

**Jasperx** · 23 September 2006, 08:21

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:05, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aerentsjorina.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130364442791
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131365030359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

ComboFix:

Jasper - 06-09-23 8:12:58,56 Service Pack 2
ComboFix 06.09.23 - Running from: "C:\Documents and Settings\Jasper.THUIS\Mijn documenten\Downloads"
Command switches used ::
((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))

2006-08-29 15:59 5,606 --a------ C:\WINDOWS\system32\stci.dll
2006-08-29 15:56 20,992 --a------ C:\WINDOWS\jestertb.dll
2006-08-27 12:15 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2006-08-27 12:15 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-09-22 22:35 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-22 22:05 154 --a------ C:\Documents and Settings\Jasper.THUIS\Application Data\wklnhst.dat
2006-09-22 21:52 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Lavasoft
2006-09-22 21:51 -------- d-------- C:\Program Files\Lavasoft
2006-09-22 21:38 -------- d-------- C:\Program Files\Common Files
2006-09-21 19:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 19:25 -------- d-------- C:\Program Files\De Algemene Wereldatlas
2006-09-21 18:17 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Google
2006-09-20 21:00 -------- d-------- C:\Program Files\WinZip
2006-09-20 20:58 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-09-20 19:16 -------- d-------- C:\Program Files\Google
2006-09-17 10:53 -------- d-------- C:\Program Files\EA GAMES
2006-09-17 08:29 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Help
2006-09-07 22:39 -------- d-------- C:\Program Files\Internet Explorer
2006-09-01 15:13 -------- d-------- C:\Program Files\Microsoft Works
2006-09-01 15:13 -------- d-------- C:\Program Files\Microsoft Digital Image 2006
2006-09-01 15:13 -------- d-------- C:\Program Files\Messenger
2006-09-01 15:13 -------- d-------- C:\Program Files\Mah Jong Quest
2006-09-01 15:13 -------- d-------- C:\Program Files\Easy Thumbnails
2006-09-01 15:13 -------- d-------- C:\Program Files\Big Kahuna Reef
2006-08-31 18:25 -------- d---s---- C:\Documents and Settings\Jasper.THUIS\Application Data\Microsoft
2006-08-30 13:34 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla
2006-08-29 15:11 76136 --a------ C:\Documents and Settings\Jasper.THUIS\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:11 -------- d-------- C:\Program Files\Need for Speed Underground 2
2006-08-26 14:10 -------- d-------- C:\Program Files\Common Files\DirectX
2006-08-26 14:07 -------- d-------- C:\Program Files\DirectX 9.0c
2006-08-26 13:43 -------- d-------- C:\Program Files\WinRAR
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck(2).dll
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 15:53 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\AdobeUM
2006-08-14 14:29 -------- d-------- C:\Program Files\EA SPORTS
2006-08-14 13:29 -------- d-------- C:\Program Files\Pinnacle
2006-08-14 11:03 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\Adobe
2006-08-07 20:54 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-06 09:37 -------- d-------- C:\Documents and Settings\Jasper.THUIS\Application Data\TuneUp Software
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 20:40 -------- d-------- C:\Program Files\Maxis
2006-07-26 20:36 -------- d-------- C:\Program Files\DMW Client 3
2006-07-25 22:42 615424 --a------ C:\WINDOWS\system32\urlmon(3).dll
2006-07-25 19:02 -------- d-------- C:\Program Files\HP
2006-07-25 19:02 -------- d-------- C:\Program Files\Common Files\HP
2006-07-25 18:42 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-07-25 18:27 -------- d-------- C:\Program Files\Hewlett-Packard
2006-07-25 18:26 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-23 13:17 662016 --a------ C:\WINDOWS\system32\wininet(3).dll
2006-06-23 13:17 474624 --a------ C:\WINDOWS\system32\shlwapi(3).dll
2006-06-23 13:16 448512 --a------ C:\WINDOWS\system32\mshtmled(2).dll
2006-06-23 13:16 39424 --a------ C:\WINDOWS\system32\pngfilt(2).dll
2006-06-23 13:16 1022976 --a------ C:\WINDOWS\system32\browseui(3).dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.ex e"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG .EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINT LGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT \\TINTSETP.EXE /IMEName"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"AME_CSA"="rundll32 csa.cpl,RUN_DLL"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"HP Software Update"="c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"USBToolTip"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binari es\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00 ,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Sat 23/09/2006 8:13:32.06
ComboFix.txt
ComboFix2.txt

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:16 06-09-22
+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2098787636-3627809877-3113005733-1013\Dc1.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888 -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temp\GLBB.tmp/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\052ZKHUR\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\052ZKHUR\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\052ZKHUR\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\W3B7289P\313133352D2D2D[1].exe -> Downloader.Adload.aj : Cleaned with backup (quarantined).
[3564] C:\nwnmff_e11.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
[3580] C:\dfndrff_e11.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\4XYJS9A7\loader[1].exe -> Downloader.Adload.fp : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.Adload.fp : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\052ZKHUR\mny[1].exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\8PQB45AB\drsmartload45a[1].exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\Jorina\mny.exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\drsmartload45a45a45d.exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\NIFDH9JZ\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\6PGHIHKN\Xinstall[1].exe -> Dropper.PurityScan.ag : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\NIFDH9JZ\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Ignored.
:mozilla.218:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.309:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@msnportal.112 .2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.207:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.160:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.351:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.360:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.255:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.256:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.257:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.270:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.143:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.144:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.129:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.150:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.363:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.365:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.304:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.348:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.242:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.243:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Jorina\Cookies\jorina@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@ads.planetact ive[1].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.132:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.134:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.135:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.100:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.352:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.353:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.354:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.99:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.385:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.386:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.155:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.156:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.249:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.77:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.203:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.204:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.205:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.206:C:\Documents and Settings\Jasper.THUIS\Application Data\Mozilla\Firefox\Profiles\7g9ktg3i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Cookies\jasper@ad.yieldmanag er[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\DH5ZA6NY\photo942[1].PIF -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Jasper.THUIS\Local Settings\Temporary Internet Files\Content.IE5\IZW36J6P\sprT[1].exe -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2098787636-3627809877-3113005733-1013\Dc2.exe -> Worm.Licat.c : Cleaned with backup (quarantined).

::Report end

**Jasperx** · 23 September 2006, 12:56

Zou graag willen weten of het nu ok is
alvast bedankt

**jurgenv** · 23 September 2006, 13:32

* Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download de nieuwtse versie hier: Java Runtime Environment (JRE) 5.0 Update 8.
Scroll naar beneden tot waar er staat: "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik dan rechts op de "Download" knop.
Vink get volgende aan waar er staat: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installationte downloaden met zonder Meerdere-talen En bewaar het naar je bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm en dubbelklik op software en verwijder alle oudere versies van Java.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart dan je pc.
Dubbelkik dan op jre-1_5_0_08-windowsi586-p.exe op je bureaublad om de nieuwste versie van Java te installeren.

* Fix de volgende regels in hijackthis:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing

* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd:
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:

Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post met een nieuw hijackthis logje en vertel hoe alles verder werkt.

**Jasperx** · 23 September 2006, 21:11

Dr.web:

dfndrff_e_uit[1].exe;C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\052ZKHUR;Trojan.Click.1479;Delet ed.;<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o

></o

>
kybrdff_e[1].exe;C:\Documents and Settings\Jorina\Local Settings\Temporary Internet Files\Content.IE5\8PQB45AB;Adware.DollarRevenue;In curable.Moved.;<o

></o

>
A0056935.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP185;Adware.FastSearch;Incurable.Mo ved.;<o

></o

>
A0057064.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.Softomate;Incurable.Mov ed.;<o

></o

>
A0057067.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.DollarRevenue;Incurable .Moved.;<o

></o

>
A0057071.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.DollarRevenue;Incurable .Moved.;<o

></o

>
A0057072.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Trojan.Click.1479;Deleted.;<o

></o

>
A0057074.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.Ucmore;Incurable.Moved. ;<o

></o

>
A0057075.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.FastSearch;Incurable.Mo ved.;<o

></o

>
A0057086.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP186;Adware.Softomate;Incurable.Mov ed.;<o

></o

>
A0057114.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Trojan.Click.1479;Deleted.;<o

></o

>
A0057116.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Adware.DollarRevenue;Incurable .Moved.;<o

></o

>
A0057117.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Adware.DollarRevenue;Incurable .Moved.;<o

></o

>
A0057119.exe;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Adware.Ucmore;Incurable.Moved. ;<o

></o

>
A0057120.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Adware.Minibug;Incurable.Moved .;<o

></o

>
A0057121.dll;C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP187;Adware.FastSearch;Incurable.Mo ved.;<o

></o

>

HJT

Logfile of HijackThis v1.99.1
Scan saved at 21:10:42, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aerentsjorina.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130364442791
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131365030359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

**jurgenv** · 23 September 2006, 21:16

Ziet er goed uit, hoe werkt alles verder?

**Jasperx** · 23 September 2006, 21:22

Prima, bedankt jurgen!

**jurgenv** · 23 September 2006, 21:23

Installeer dan MSN en vertel mij dan hoe dan alles verder werkt.

Discussie: Slachtoffer van MSN rotzooi

Discussietools

Discussie doorzoeken

Weergave

Slachtoffer van MSN rotzooi

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten