Mededeling

Collapse
No announcement yet.

HELP! Computer doet raar sinds accepteren Schijfbewaker

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • HELP! Computer doet raar sinds accepteren Schijfbewaker

    Hallo allemaal, sinds ik er in getrapt ben om op "ok" te klikken na de vraag of ik schijfbewaker wou installeren, heb ik elke dag meer problemen bij het surfen. Er komen heel wat soortgelijke valstrikken naar voren, wil ik een nieuwe pagina kunnen bezoeken. Wie weet hoe je dit nu echt goed weg krijgt? Iemand raadde me bitdefender online aan. Deze scant je computer online, mits je je eigen virusscanner maar uit zet. Maar toen het leek alsof deze nog maar 30 sec. nodig had, sprong de resterende tijd naar zgn. nog zeker 11 uur!! Vervolgens begon het controlelampje flink te knipperen en uit de processor kwam een haast ondraaglijke pieptoon. Dus de computer maar uit gezet. Ook wees iemand er op dat, als je ooit Norton hebt gebruikt, je deze haast niet geheel van de computer af krijgt en deze ook behoorlijk vertraagd. Wat is waar en vooral... wat doe ik er aan? Hoop dat iemand nuttige tips heeft
    Verder iedereen alvast 'goeie roetsj' gewenst, zoals we dat hier in Limburg zeggen.

    Hieronder mijn Hijack-log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:08:11, on 30-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\witiitpk.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\LVComsX.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [7c53a30f] rundll32.exe "C:\WINDOWS\system32\qcvirrao.dll",b
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
    O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: Logitech
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.1.0.56.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O18 - Protocol: bw+0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: offline-8876480 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\witiitpk.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://static.marktplaats.nl/fotos/caravans/campers/23301.jpg
    O24 - Desktop Component 1: (no name) - http://www.screensavers.com/Dlg/images/bg.gif
    O24 - Desktop Component 10: (no name) - http://images.google.com/images?q=tbn:1ddtC9yRRU0J:ictcafe.opweb.nl/4images/data/thumbnails/63/Scania_Betonmixer.jpg
    O24 - Desktop Component 2: (no name) - http://www.campersite.nl/particulier/koop1500/1815a.jpg
    O24 - Desktop Component 3: (no name) - http://www.joopdekokmotoren.nl/images/trikes1.jpg
    O24 - Desktop Component 4: (no name) - http://bilder.mobile.de/images/autos/0/11111111127084986-14255-1066076909.bild
    O24 - Desktop Component 5: (no name) - http://www.katjastaartjes.nl/main/images/thumb-07.jpg
    O24 - Desktop Component 6: (no name) - http://www.katjastaartjes.nl/main/images/800x600-7.jpg
    O24 - Desktop Component 7: (no name) - http://www.katjastaartjes.nl/main/images/08.jpg
    O24 - Desktop Component 8: (no name) - http://www.joopdekokmotoren.nl/images/backgr.gif
    O24 - Desktop Component 9: (no name) - http://www.htn-trikes.de/gebrfaindex-Dateien/M4110055.JPG

    --
    End of file - 22753 bytes

  • #2
    Open hijackthis, klik 'config' (rechts onderaan)
    Kies de tab 'misc Tools' bovenaan.
    Kies 'delete a file on reboot'
    In het veld, kopieer en plak het volgend lijntje:

    C:\WINDOWS\system32\witiitpk.exe

    Klik open.
    Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
    Klik ja/ok

    Je pc zal nu rebooten.

    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      VBG-log

      Goedemorgen Smeenk,

      Hier mijn VB-log alvast:

      [12/31/2007, 10:47:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\VirtumundoBeGone.exe" )
      [12/31/2007, 10:47:21] - Detected System Information:
      [12/31/2007, 10:47:21] - Windows Version: 5.1.2600, Service Pack 2
      [12/31/2007, 10:47:21] - Current Username: Fam. Ferwerda (Admin)
      [12/31/2007, 10:47:21] - Windows is in NORMAL mode.
      [12/31/2007, 10:47:21] - Searching for Browser Helper Objects:
      [12/31/2007, 10:47:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/31/2007, 10:47:21] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
      [12/31/2007, 10:47:21] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
      [12/31/2007, 10:47:21] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\awvst
      [12/31/2007, 10:47:21] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
      [12/31/2007, 10:47:21] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - No filename found. Continuing.
      [12/31/2007, 10:47:21] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - No filename found. Continuing.
      [12/31/2007, 10:47:21] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
      [12/31/2007, 10:47:21] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/31/2007, 10:47:21] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - No filename found. Continuing.
      [12/31/2007, 10:47:21] - BHO 9: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} ()
      [12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\ddcabcb
      [12/31/2007, 10:47:21] - Found: HKLM\...\Winlogon\Notify\ddcabcb - This is probably Virtumundo.
      [12/31/2007, 10:47:21] - Assigning {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} MSEvents Object
      [12/31/2007, 10:47:21] - BHO list has been changed! Starting over...
      [12/31/2007, 10:47:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/31/2007, 10:47:21] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
      [12/31/2007, 10:47:22] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
      [12/31/2007, 10:47:22] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - Checking for HKLM\...\Winlogon\Notify\awvst
      [12/31/2007, 10:47:22] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
      [12/31/2007, 10:47:22] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - No filename found. Continuing.
      [12/31/2007, 10:47:22] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - No filename found. Continuing.
      [12/31/2007, 10:47:22] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
      [12/31/2007, 10:47:22] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/31/2007, 10:47:22] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - No filename found. Continuing.
      [12/31/2007, 10:47:22] - BHO 9: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} (MSEvents Object)
      [12/31/2007, 10:47:22] - ALERT: Found MSEvents Object!
      [12/31/2007, 10:47:22] - BHO 10: {A7C761A9-819B-4131-9B16-91799CE57E4E} ()
      [12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:22] - No filename found. Continuing.
      [12/31/2007, 10:47:22] - Finished Searching Browser Helper Objects
      [12/31/2007, 10:47:22] - *** Detected MSEvents Object
      [12/31/2007, 10:47:22] - Trying to remove MSEvents Object...
      [12/31/2007, 10:47:23] - Terminating Process: IEXPLORE.EXE
      [12/31/2007, 10:47:24] - Terminating Process: RUNDLL32.EXE
      [12/31/2007, 10:47:24] - Disabling Automatic Shell Restart
      [12/31/2007, 10:47:24] - Terminating Process: EXPLORER.EXE
      [12/31/2007, 10:47:24] - Suspending the NT Session Manager System Service
      [12/31/2007, 10:47:25] - Terminating Windows NT Logon/Logoff Manager
      [12/31/2007, 10:47:25] - Re-enabling Automatic Shell Restart
      [12/31/2007, 10:47:25] - File to disable: C:\WINDOWS\system32\ddcabcb.dll
      [12/31/2007, 10:47:25] - Renaming C:\WINDOWS\system32\ddcabcb.dll -> C:\WINDOWS\system32\ddcabcb.dll.vir
      [12/31/2007, 10:47:25] - File successfully renamed!
      [12/31/2007, 10:47:25] - Removing HKLM\...\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
      [12/31/2007, 10:47:25] - Removing HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
      [12/31/2007, 10:47:25] - Adding Kill Bit for ActiveX for GUID: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
      [12/31/2007, 10:47:25] - Deleting ATLEvents/MSEvents Registry entries
      [12/31/2007, 10:47:25] - Removing HKLM\...\Winlogon\Notify\ddcabcb
      [12/31/2007, 10:47:26] - Searching for Browser Helper Objects:
      [12/31/2007, 10:47:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/31/2007, 10:47:26] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
      [12/31/2007, 10:47:26] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
      [12/31/2007, 10:47:26] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - Checking for HKLM\...\Winlogon\Notify\awvst
      [12/31/2007, 10:47:26] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
      [12/31/2007, 10:47:26] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - No filename found. Continuing.
      [12/31/2007, 10:47:26] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - No filename found. Continuing.
      [12/31/2007, 10:47:26] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
      [12/31/2007, 10:47:26] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/31/2007, 10:47:26] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - No filename found. Continuing.
      [12/31/2007, 10:47:26] - BHO 9: {A7C761A9-819B-4131-9B16-91799CE57E4E} ()
      [12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/31/2007, 10:47:26] - No filename found. Continuing.
      [12/31/2007, 10:47:26] - Finished Searching Browser Helper Objects
      [12/31/2007, 10:47:26] - Finishing up...
      [12/31/2007, 10:47:26] - A restart is needed.
      [12/31/2007, 10:47:35] - Attempting to Restart via STOP error (Blue Screen!)


      M.v.g. Ingrid

      Comment


      • #4
        Smeenk, nog even dit:

        Kan het lijntje "C:\WINDOWS\system32\witiitpk.exe" niet plaatsen in Hijack?! Druk op "delete a file on reboot" maar dan sluit Hijack zich af?!

        Comment


        • #5
          RVAXO-log

          Hoi Smeenk, ben ik weer. Zo dadelijk ga ik je laatste tip uitvoeren van je reactie.

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\vbzip10.dll
          C:\WINDOWS\b122.exe
          C:\WINDOWS\Fonts\a.zip
          C:\n.bat
          C:\winlogon.exe
          C:\z.dat
          C:\x.dat

          Uninstallers Rogue scanners:


          Folders Found:

          C:\Documents and Settings\All Users\Application Data\SalesMonitor

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\AnyDVD3611Wregcrack.zip
          C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\KEYGEN.zip
          C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Nero_Burning_ROM_v6[1].0.0.15_Ultra_Edition_by_Alienz.zip
          C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Pinnacle_Studio_10_plus_(Serial).zip
          C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Ulead CD & DVD PictureShow 4.zip
          Folders Found:

          --------------RVAXO.exe finished----------------

          Groeten, Ingrid.

          Comment


          • #6
            Combifix-log

            Hoi Smeenk,


            Ben zeer benieuwd of dit wat oplevert. Alvast hartelijk dank voor deze tips.

            Groeten, Ingrid




            ComboFix 07-12-31.4 - Fam. Ferwerda 2007-12-31 11:12:11.1 - NTFSx86

            Gestart vanuit: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\ComboFix.exe
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\cookies.ini
            C:\WINDOWS\Downloaded Program Files.\netpe32.inf
            C:\WINDOWS\system32\acapjbfs.ini
            C:\WINDOWS\system32\ahmksqpo.ini
            C:\WINDOWS\system32\awvst.dll
            C:\WINDOWS\system32\bkbkfkqi.dll
            C:\WINDOWS\system32\bljbnceh.ini
            C:\WINDOWS\system32\bsgkvwon.ini
            C:\WINDOWS\system32\cegkjcrp.ini
            C:\WINDOWS\system32\chnqgans.ini
            C:\WINDOWS\system32\epniwjqh.dll
            C:\WINDOWS\system32\ettkopqx.ini
            C:\WINDOWS\system32\exyisjjq.dll
            C:\WINDOWS\system32\felofhyg.ini
            C:\WINDOWS\system32\fuljorth.dll
            C:\WINDOWS\system32\gebxwxw.dll
            C:\WINDOWS\system32\gincwooj.dll
            C:\WINDOWS\system32\glmsrfpv.exe
            C:\WINDOWS\system32\gyhfolef.dll
            C:\WINDOWS\system32\hecnbjlb.dll
            C:\WINDOWS\system32\hkryomdq.ini
            C:\WINDOWS\system32\hktklusy.exe
            C:\WINDOWS\system32\hotppcdy.exe
            C:\WINDOWS\system32\hqjwinpe.ini
            C:\WINDOWS\system32\hydwxtfg.exe
            C:\WINDOWS\system32\ikexnpqv.dll
            C:\WINDOWS\system32\iqcudfst.dll
            C:\WINDOWS\system32\jbpwcpoi.exe
            C:\WINDOWS\system32\jfmcjwjk.dll
            C:\WINDOWS\system32\jmgyvbsq.exe
            C:\WINDOWS\system32\jxdjtopq.dll
            C:\WINDOWS\system32\karyslbj.dll
            C:\WINDOWS\system32\kjwjcmfj.ini
            C:\WINDOWS\system32\lplvcxen.ini
            C:\WINDOWS\system32\lrkphkwq.dll
            C:\WINDOWS\system32\ltskthbh.dll
            C:\WINDOWS\system32\mcdawqqh.exe
            C:\WINDOWS\system32\miyawwxf.dll
            C:\WINDOWS\system32\mljhgec.dll
            C:\WINDOWS\system32\nnnkkhe.dll
            C:\WINDOWS\system32\nnnllif.dll
            C:\WINDOWS\system32\oarrivcq.ini
            C:\WINDOWS\system32\pmnkkjh.dll
            C:\WINDOWS\system32\pmnmkii.dll
            C:\WINDOWS\system32\pmnomjj.dll
            C:\WINDOWS\system32\pmnopmm.dll
            C:\WINDOWS\system32\pqgnyila.exe
            C:\WINDOWS\system32\qcvirrao.dll
            C:\WINDOWS\system32\qidxqppn.dll
            C:\WINDOWS\system32\qlxncewj.dll
            C:\WINDOWS\system32\rhmudsef.exe
            C:\WINDOWS\system32\rilkfvhl.exe
            C:\WINDOWS\system32\rnaxvcid.dll
            C:\WINDOWS\system32\rxxdukcw.ini
            C:\WINDOWS\system32\scyyhlcj.ini
            C:\WINDOWS\system32\sexoidgf.exe
            C:\WINDOWS\system32\sfbjpaca.dll
            C:\WINDOWS\system32\snagqnhc.dll
            C:\WINDOWS\system32\sqjcqhsd.exe
            C:\WINDOWS\system32\ssqppno.dll
            C:\WINDOWS\system32\ssqppqq.dll
            C:\WINDOWS\system32\tsfducqi.ini
            C:\WINDOWS\system32\tsvwa.ini
            C:\WINDOWS\system32\tsvwa.ini2
            C:\WINDOWS\system32\tuvutuv.dll
            C:\WINDOWS\system32\ubvrnjyy.exe
            C:\WINDOWS\system32\udpokrrd.dll
            C:\WINDOWS\system32\uninstall.exe
            C:\WINDOWS\system32\upgbjppm.dll
            C:\WINDOWS\system32\urqqrrs.dll
            C:\WINDOWS\system32\uwiyctrn.dll
            C:\WINDOWS\system32\vhgoiyyw.dll
            C:\WINDOWS\system32\vqpnxeki.ini
            C:\WINDOWS\system32\vtutuvu.dll
            C:\WINDOWS\system32\wckudxxr.dll
            C:\WINDOWS\system32\witiitpk.exe
            C:\WINDOWS\system32\wjrkglof.exe
            C:\WINDOWS\system32\wrodwdro.dll
            C:\WINDOWS\system32\wsocvmhl.dll
            C:\WINDOWS\system32\wugjuhyn.ini
            C:\WINDOWS\system32\wvutqqn.dll
            C:\WINDOWS\system32\wymyshxl.exe
            C:\WINDOWS\system32\xvoqtigw.dll
            C:\WINDOWS\system32\yaywwtt.dll
            C:\WINDOWS\system32\ykjqcepe.dll
            C:\WINDOWS\system32\ynglpayb.exe
            C:\WINDOWS\system32\yvdvnqat.exe
            C:\WINDOWS\Fonts\'

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_DOMAINSERVICE
            -------\nm


            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
            .

            2007-12-31 11:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2007-12-31 11:03 . 2007-12-31 11:04 <DIR> d-------- C:\RVAXO
            2007-12-31 10:59 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
            2007-12-31 10:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2007-12-30 18:51 . 2007-12-30 19:59 <DIR> dr-h----- C:\Documents and Settings\Fam. Ferwerda\Onlangs geopend
            2007-12-29 16:00 . 2007-12-29 16:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
            2007-12-29 14:39 . 2007-12-30 15:27 1,031,739 ---hs---- C:\WINDOWS\system32\bocsfgpe.ini
            2007-12-29 12:25 . 2007-12-29 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-28 14:20 . 2007-12-29 14:34 1,031,379 ---hs---- C:\WINDOWS\system32\olpnrlqd.ini
            2007-12-24 17:46 . 2007-12-26 14:16 1,025,300 ---hs---- C:\WINDOWS\system32\eobqcphk.ini
            2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\tmp
            2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\SibFiles
            2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\MIJN FILM 2 00C101D2
            2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\AuxFiles
            2007-12-19 20:13 . 2007-12-19 20:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro
            2007-12-19 20:12 . 2007-12-31 11:23 <DIR> d-------- C:\Program Files\SPAMfighter
            2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\Program Files\Common Files\Application
            2007-12-15 17:07 . 2007-12-15 17:07 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Thinstall
            2007-12-14 10:03 . 2007-12-14 10:03 <DIR> d-------- C:\Program Files\Microsoft Works
            2007-12-10 21:12 . 2007-12-21 09:04 <DIR> d-------- C:\Program Files\Enigma Software Group
            2007-12-07 13:24 . 2007-12-07 13:24 147,456 --------- C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old
            2007-12-07 13:19 . 2007-12-29 12:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
            2007-12-05 18:40 . 2006-09-15 13:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
            2007-12-05 18:40 . 2006-09-15 13:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
            2007-12-03 16:17 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
            2007-12-03 16:16 . 2004-03-03 12:50 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
            2007-12-03 16:16 . 2004-03-03 12:50 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
            2007-12-03 16:16 . 2004-03-03 12:50 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
            2007-12-03 16:01 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
            2007-11-29 17:49 . 2007-12-10 13:06 <DIR> d-------- C:\Program Files\Opinionbar
            2007-11-27 20:36 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
            2007-11-27 20:36 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
            2007-11-27 20:36 . 2000-06-26 03:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
            2007-11-27 20:36 . 2000-09-14 03:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
            2007-11-26 20:11 . 2007-11-26 20:11 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Leadertech
            2007-11-22 22:10 . 2007-11-22 22:10 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\AdobeAUM
            2007-11-20 19:32 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
            2007-11-20 19:32 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
            2007-11-20 19:31 . 2007-11-20 19:31 <DIR> d-------- C:\Program Files\Microsoft SQL Server
            2007-11-20 19:30 . 2007-11-20 19:30 <DIR> d-------- C:\WINDOWS\Cache
            2007-11-20 19:30 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
            2007-11-20 19:30 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
            2007-11-20 19:19 . 2007-11-20 19:19 <DIR> d-------- C:\Program Files\SmartSound Software
            2007-11-20 19:19 . 2007-12-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
            2007-11-20 18:56 . 2007-11-20 18:56 <DIR> d-------- C:\Program Files\CCleaner
            2007-11-18 13:39 . 2007-12-26 14:42 1,290 --a------ C:\WINDOWS\VFO.INI
            2007-11-18 13:38 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
            2007-11-18 13:29 . 2007-11-18 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
            2007-11-02 17:16 . 2007-11-02 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\IE7Pro

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-29 18:04 --------- d-----w C:\Program Files\Java
            2007-12-29 17:48 --------- d-----w C:\Program Files\MSN Messenger
            2007-12-29 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-29 17:39 --------- d-----w C:\Program Files\Pinnacle
            2007-12-14 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2007-12-11 20:33 --------- d-----w C:\Program Files\Picasa2
            2007-12-11 17:56 --------- d-----w C:\Program Files\CyberLink
            2007-12-11 17:53 --------- d-----w C:\Program Files\Logitech
            2007-12-10 11:46 --------- d-----w C:\Documents and Settings\Fam. Ferwerda\Application Data\Lavasoft
            2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
            2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
            2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
            2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
            2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
            2007-11-24 08:31 --------- d-----w C:\Program Files\DesignPro
            2007-11-19 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
            2007-11-18 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-02-28 17:39 92,064 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdm.sys
            2007-02-28 17:39 9,232 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdfl.sys
            2007-02-28 17:39 79,328 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmserd.sys
            2007-02-28 17:39 66,656 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmbus.sys
            2007-02-28 17:39 6,208 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcmnt.sys
            2007-02-28 17:39 5,936 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmwhnt.sys
            2007-02-28 17:39 4,048 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcr.sys
            2007-02-28 17:39 25,600 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermptxp.sys
            2007-02-28 17:39 22,768 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermpt.sys
            2005-12-04 15:22 526 -c--a-w C:\Program Files\Snelkoppeling naar mobile PhoneTools.lnk
            2003-06-07 12:56 87,920 -c--a-w C:\Documents and Settings\Fam. Ferwerda\Application Data\GDIPFONTCACHEV1.DAT
            2007-01-01 19:49 56 -csh--r C:\WINDOWS\system32\3C0DB58E21.sys
            2007-01-01 19:49 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 09:46 196608]
            "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 17:25 1961984]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
            "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 10:42 4112384]
            "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
            "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-12-14 09:55 308880]
            "nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
            "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
            "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
            "SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-26 09:54:15]
            VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2003-01-18 20:26:33]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
            "UIHost"="LogonUI.EXE"

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjhh]
            jkkkjhh.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Works Calendar Reminders.lnk]
            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Works Calendar Reminders.lnk
            backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c53a30f]
            rundll32.exe C:\WINDOWS\system32\wckudxxr.dll,b

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
            C:\Program Files\BearShare\BearShare.exe /pause

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
            \Program\

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
            KHALMNPR.EXE

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
            2004-06-01 10:09 458752 --------- C:\Program Files\Logitech\Video\ISStart.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
            2004-06-01 10:03 217088 --------- C:\Program Files\Logitech\Video\LogiTray.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
            C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mmtask.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
            C:\Program Files\MSN Messenger\msnmsgr.exe /background

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            2001-07-09 09:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
            rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
            RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
            RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
            nwiz.exe /install

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
            2002-11-04 10:40 32768 --a--c--- C:\PROGRA~1\Pinnacle\PPE\ppe.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
            C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
            c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe -CheckReg

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Program Files\QuickTime\qttask.exe -atboottime

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtuele Katja]


            .
            Inhoud van de 'Gedeelde Taken' map
            "2005-02-25 21:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
            - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
            "2005-04-28 16:01:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
            - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-31 11:23:54
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2007-12-31 11:30:26 - machine was rebooted
            C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 10:30:23
            .
            2007-12-12 11:10:58 --- E O F ---

            Comment


            • #7
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Download de bijlage: CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord.

              Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.
              Bijgevoegde Bestanden

              Comment


              • #8
                Nieuwe combifix- en hijack log

                ComboFix 07-12-31.4 - Fam. Ferwerda 2007-12-31 13:58:20.2 - NTFSx86

                Gestart vanuit: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\ComboFix.exe
                Command switches used :: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\cfscript.txt

                FILE
                C:\WINDOWS\system32\bocsfgpe.ini
                C:\WINDOWS\system32\eobqcphk.ini
                C:\WINDOWS\system32\olpnrlqd.ini
                C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\WINDOWS\system32\bocsfgpe.ini
                C:\WINDOWS\system32\eobqcphk.ini
                C:\WINDOWS\system32\olpnrlqd.ini
                C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
                .

                2007-12-31 11:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                2007-12-30 18:51 . 2007-12-31 13:57 <DIR> dr-h----- C:\Documents and Settings\Fam. Ferwerda\Onlangs geopend
                2007-12-29 16:00 . 2007-12-29 16:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
                2007-12-29 12:25 . 2007-12-29 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\tmp
                2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\SibFiles
                2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\MIJN FILM 2 00C101D2
                2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\AuxFiles
                2007-12-19 20:13 . 2007-12-19 20:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro
                2007-12-19 20:12 . 2007-12-31 11:25 <DIR> d-------- C:\Program Files\SPAMfighter
                2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\Program Files\Common Files\Application
                2007-12-15 17:07 . 2007-12-15 17:07 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Thinstall
                2007-12-14 10:03 . 2007-12-14 10:03 <DIR> d-------- C:\Program Files\Microsoft Works
                2007-12-10 21:12 . 2007-12-21 09:04 <DIR> d-------- C:\Program Files\Enigma Software Group
                2007-12-07 13:19 . 2007-12-29 12:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                2007-12-05 18:40 . 2006-09-15 13:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
                2007-12-05 18:40 . 2006-09-15 13:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
                2007-12-03 16:17 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
                2007-12-03 16:16 . 2004-03-03 12:50 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
                2007-12-03 16:16 . 2004-03-03 12:50 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
                2007-12-03 16:16 . 2004-03-03 12:50 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
                2007-12-03 16:01 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
                2007-11-29 17:49 . 2007-12-10 13:06 <DIR> d-------- C:\Program Files\Opinionbar
                2007-11-27 20:36 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
                2007-11-27 20:36 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
                2007-11-27 20:36 . 2000-06-26 03:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
                2007-11-27 20:36 . 2000-09-14 03:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
                2007-11-26 20:11 . 2007-11-26 20:11 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Leadertech
                2007-11-22 22:10 . 2007-11-22 22:10 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\AdobeAUM
                2007-11-20 19:32 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
                2007-11-20 19:32 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
                2007-11-20 19:31 . 2007-11-20 19:31 <DIR> d-------- C:\Program Files\Microsoft SQL Server
                2007-11-20 19:30 . 2007-11-20 19:30 <DIR> d-------- C:\WINDOWS\Cache
                2007-11-20 19:30 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
                2007-11-20 19:30 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
                2007-11-20 19:19 . 2007-11-20 19:19 <DIR> d-------- C:\Program Files\SmartSound Software
                2007-11-20 19:19 . 2007-12-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
                2007-11-20 18:56 . 2007-11-20 18:56 <DIR> d-------- C:\Program Files\CCleaner
                2007-11-18 13:39 . 2007-12-26 14:42 1,290 --a------ C:\WINDOWS\VFO.INI
                2007-11-18 13:38 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
                2007-11-18 13:29 . 2007-11-18 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
                2007-11-02 17:16 . 2007-11-02 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\IE7Pro

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2007-12-29 18:04 --------- d-----w C:\Program Files\Java
                2007-12-29 17:48 --------- d-----w C:\Program Files\MSN Messenger
                2007-12-29 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
                2007-12-29 17:39 --------- d-----w C:\Program Files\Pinnacle
                2007-12-14 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                2007-12-11 20:33 --------- d-----w C:\Program Files\Picasa2
                2007-12-11 17:56 --------- d-----w C:\Program Files\CyberLink
                2007-12-11 17:53 --------- d-----w C:\Program Files\Logitech
                2007-12-10 11:46 --------- d-----w C:\Documents and Settings\Fam. Ferwerda\Application Data\Lavasoft
                2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
                2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
                2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
                2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
                2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
                2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
                2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
                2007-11-24 08:31 --------- d-----w C:\Program Files\DesignPro
                2007-11-19 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
                2007-11-18 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
                2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                2007-02-28 17:39 92,064 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdm.sys
                2007-02-28 17:39 9,232 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdfl.sys
                2007-02-28 17:39 79,328 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmserd.sys
                2007-02-28 17:39 66,656 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmbus.sys
                2007-02-28 17:39 6,208 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcmnt.sys
                2007-02-28 17:39 5,936 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmwhnt.sys
                2007-02-28 17:39 4,048 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcr.sys
                2007-02-28 17:39 25,600 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermptxp.sys
                2007-02-28 17:39 22,768 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermpt.sys
                2005-12-04 15:22 526 -c--a-w C:\Program Files\Snelkoppeling naar mobile PhoneTools.lnk
                2003-06-07 12:56 87,920 -c--a-w C:\Documents and Settings\Fam. Ferwerda\Application Data\GDIPFONTCACHEV1.DAT
                2007-01-01 19:49 56 -csh--r C:\WINDOWS\system32\3C0DB58E21.sys
                2007-01-01 19:49 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
                .

                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 09:46 196608]
                "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 17:25 1961984]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 10:42 4112384]
                "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
                "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-12-14 09:55 308880]
                "nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
                "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                "SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-26 09:54:15]
                VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2003-01-18 20:26:33]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                "UIHost"="LogonUI.EXE"

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Works Calendar Reminders.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Works Calendar Reminders.lnk
                backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
                \Program\

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
                KHALMNPR.EXE

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
                2004-06-01 10:09 458752 --------- C:\Program Files\Logitech\Video\ISStart.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
                2004-06-01 10:03 217088 --------- C:\Program Files\Logitech\Video\LogiTray.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
                C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mmtask.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
                C:\Program Files\MSN Messenger\msnmsgr.exe /background

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                2001-07-09 09:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
                RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
                RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                nwiz.exe /install

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
                2002-11-04 10:40 32768 --a--c--- C:\PROGRA~1\Pinnacle\PPE\ppe.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
                C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
                c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe -CheckReg

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                C:\Program Files\QuickTime\qttask.exe -atboottime

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtuele Katja]


                .
                Inhoud van de 'Gedeelde Taken' map
                "2005-02-25 21:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
                - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
                "2005-04-28 16:01:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                .
                **************************************************************************

                catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2007-12-31 13:59:42
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2007-12-31 14:00:51
                C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 13:00:09
                C:\qoobox\ComboFix2.txt 2007-12-31 10:30:27
                .
                2007-12-12 11:10:58 --- E O F ---

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 14:04:36, on 31-12-2007
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\system32\gearsec.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                C:\Program Files\SPAMfighter\sfus.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                C:\Program Files\SPAMfighter\SFAgent.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Windows Media Player\WMPNSCFG.exe
                C:\Program Files\Logitech\SetPoint\SetPoint.exe
                C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
                C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\WINDOWS\System32\LVComsX.exe
                C:\WINDOWS\explorer.exe
                C:\Program Files\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
                O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
                O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
                O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User '?')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
                O4 - Global Startup: Logitech
                O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
                O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
                O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader3.cab
                O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
                O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.1.0.56.cab
                O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
                O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                O18 - Protocol: bw+0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw+0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw-0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw-0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw00 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw00s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw10 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw10s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw20 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw20s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw30 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw30s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw40 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw40s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw50 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw50s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw60 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw60s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw70 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw70s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw80 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw80s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw90 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bw90s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwa0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwa0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwb0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwb0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwc0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwc0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwd0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwd0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwe0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwe0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwf0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwf0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                O18 - Protocol: bwg0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwg0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwh0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwh0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwi0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwi0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwj0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwj0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwk0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwk0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwl0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwl0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwm0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwm0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwn0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwn0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwo0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwo0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwp0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwp0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwq0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwq0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwr0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwr0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bws0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bws0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwt0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwt0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwu0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwu0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwv0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwv0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bww0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bww0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwx0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwx0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwy0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwy0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwz0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: bwz0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                O18 - Protocol: offline-8876480 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
                O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
                O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
                O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)
                O24 - Desktop Component 10: (no name) - http://images.google.com/images?q=tbn:1ddtC9yRRU0J:ictcafe.opweb.nl/4images/data/thumbnails/63/Scania_Betonmixer.jpg
                O24 - Desktop Component 2: (no name) - http://www.campersite.nl/particulier/koop1500/1815a.jpg
                O24 - Desktop Component 3: (no name) - http://www.joopdekokmotoren.nl/images/trikes1.jpg
                O24 - Desktop Component 4: (no name) - http://bilder.mobile.de/images/autos/0/11111111127084986-14255-1066076909.bild
                O24 - Desktop Component 5: (no name) - http://www.katjastaartjes.nl/main/images/thumb-07.jpg
                O24 - Desktop Component 6: (no name) - http://www.katjastaartjes.nl/main/images/800x600-7.jpg
                O24 - Desktop Component 7: (no name) - http://www.katjastaartjes.nl/main/images/08.jpg
                O24 - Desktop Component 8: (no name) - http://www.joopdekokmotoren.nl/images/backgr.gif
                O24 - Desktop Component 9: (no name) - http://www.htn-trikes.de/gebrfaindex-Dateien/M4110055.JPG

                --
                End of file - 22385 bytes

                Comment


                • #9
                  Als ik IE opstart zie ik dat deze wordt "aangeboden door @home" terwijl wij geen @home meer hebben sinds 01-10-2007, maar gebruik maken van Hetnet. Hoe veranderen we dit??

                  Comment


                  • #10
                    Bij het opstarten van de computer (wat overigens zeer traag verloopt) opent steeds een scherm met Logitec mapjes... dit kan ik wel wegklikken op het rode kruisje, maar ik wil &#252;berhaupt niet dat dit tevoorschijn komt?

                    En bij het opstarten van Outlook (Office 2007) krijg ik een melding dat een invoegtoepassing in de weg zit. Ik heb die op aanraden verwijderd, maar de melding blijft. Klik ik dan op "ok", kan ik gewoon verzenden/ontvangen. Maar... zou het probleem pas verholpen zijn als ik Office 2007 opnieuw installeer?

                    Comment


                    • #11
                      Eerst deze stappen maar even:

                      Verwijder de volgende map:
                      C:\Qoobox

                      Maak dan je prullenbak leeg.

                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix deïnstalleren.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Vertel welke problemen zich nu allemaal nog voor doen

                      Comment


                      • #12
                        Goedemorgen! Gelukkg Nieuwjaar en de beste wensen voor 2008!!
                        We merken hier al verschil. Het surfen gaat al veel prettiger. Maar de kleine probleempjes doen zich nog voor, dus heb ik toch nog een paar vragen:

                        1.) Waardoor krijg ik dat scherm van Logitec weg? (Verkenner opent zich en mappen lijst wordt niet weergeven, maar wel 2 mapjes van Logitech.
                        2.) Wat kan ik doen tegen pop-ups? Ben die reclames op internet beetje zat...
                        3.) moet ik alle andere dingetjes waarmee ik o.a. een logje heb moeten maken, nog bewaren? (Hijack this, VBG en ATF-cleaner)
                        4.) Als ik IE opstart zie ik dat deze wordt "aangeboden door @home" terwijl wij geen @home meer hebben sinds 01-10-2007, maar gebruik maken van Hetnet. Hoe veranderen we dit??
                        5.) Bij het opstarten van Outlook (office 2007) krijg ik altijd een melding dat een invoegtoepassing van motorola phonetools ...... dll in de weg zit. Dan moet ik met de leverancier kontakt opnemen voor evt. updates, of toepassing verwijderen. Gekozen voor het laatste (exact verwijderd van de door de melding aangegeven locatie), maar de melding blijft.
                        6.) Spybot en Ad-Aware had ik in eerste instantie verwijderd op aanraden van anderen. Maar bij het herinstalleren van Spybot ging het tijdens de scan al mis: de computer gaat dan eng piepen en het contr&#244;lelampje verkleurt van blauw naar rose... (oranje is de kleur van standby). Voor een leek lijkt het of het ding op ontploffen staat of zo.

                        Heb alle vertrouwen in dit forum... echt super dat er zoiets bestaat dat (wildvreemde) mensen je gewoon for free willen helpen. Mooi hoor. Bedankt! That's the spirit!

                        Groeten, Ingrid.

                        Comment


                        • #13
                          Je zou dit even kunnen proberen:
                          Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                          • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                            In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                            Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                            Sluit dit venster na afloop door onderaan op "Exit" te klikken.
                          Download ook dit bestand: titelbalk.exe
                          Dubbelklik dit bestand.
                          Meld of dat verbetering geeft.
                          Last edited by smeenk; 03-01-08, 10:25.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X