Mededeling

Collapse
No announcement yet.

Virus op de pc!!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus op de pc!!

    Beste experts,

    Op de pc van mijn broer zit een virus/trojan die er moeilijk afgaat (trojan SPM/LX). Er verschijnen hier ongewenste popups vanuit IE die constant aangeven dat er iets gedownload moet worden. Dit vermijd ik. Kunnen jullie dmv dit hijacklogje ervoor zorgen dat ik van deze troep afraak en kunnen jullie zodoende zijn pc weer clean maken?? Alvast dank! Remco

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:57:10, on 25.02.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\NetProject\scit.exe
    C:\Programme\NetProject\scm.exe
    C:\Programme\NetProject\sbmntr.exe
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
    C:\Programme\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programme\NetProject\sbsm.exe
    C:\Programme\Logitech\Video\LogiTray.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
    C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
    C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Programme\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Logitech\Video\FxSvr2.exe
    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programme\Winamp Remote\bin\OrbTray.exe
    C:\Programme\Windows Media Player\WMPNSCFG.exe
    C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Programme\Winamp Remote\bin\Orb.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programme\NetProject\sbmdl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
    O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programme\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe
    O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 12547 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Bedankt voor je snelle antwoord Smeek!

      Hier logfile van RVAXO en daar beneden de inhoud van main.txt

      ---RVAXO.exe Updated: 2008-02-25---first run---
      Uninstallers:

      Files found:
      C:\Dokumente und Einstellungen\Besitzer\FAVORI~1\Online Security Test.url

      Folders Found:
      C:\Programme\NetProject

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------




      Deckard's System Scanner v20071014.68
      Run by Besitzer on 2008-02-25 23:16:22
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      51: 2008-02-25 22:16:31 UTC - RP173 - Deckard's System Scanner Restore Point
      50: 2008-02-22 19:09:43 UTC - RP172 - Software Distribution Service 3.0
      49: 2008-02-18 20:16:38 UTC - RP171 - Systemprüfpunkt
      48: 2008-02-17 17:24:25 UTC - RP170 - Systemprüfpunkt
      47: 2008-02-16 06:02:46 UTC - RP169 - Systemprüfpunkt


      -- First Restore Point --
      1: 2007-11-26 22:38:59 UTC - RP123 - Systemprüfpunkt


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Besitzer.exe) --------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:22:39, on 25.02.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
      C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\Dit.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
      C:\Programme\Home Cinema\PowerCinema\PCMService.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Programme\Logitech\Video\LogiTray.exe
      C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
      C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Programme\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Programme\Winamp Remote\bin\OrbTray.exe
      C:\Programme\Windows Media Player\WMPNSCFG.exe
      C:\Programme\Logitech\Video\FxSvr2.exe
      C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Programme\Winamp Remote\bin\Orb.exe
      C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLUPnPBrowser.exe
      C:\Dokumente und Einstellungen\Besitzer\Desktop\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Besitzer.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\wianmpa.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
      O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe
      O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
      O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      --
      End of file - 11748 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
      R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
      R1 StarOpen - c:\windows\system32\drivers\staropen.sys
      R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
      R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
      R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
      R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
      R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
      R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
      R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
      R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

      S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
      S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
      S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
      R2 BlueSoleil Hid Service - c:\programme\ivt corporation\bluesoleil\btntservice.exe
      R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\programme\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
      R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\programme\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
      R2 CyberLink Media Library Service - "c:\programme\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
      R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
      Description: Bluetooth AV/HS Audio
      Device ID: ROOT\MEDIA\0000
      Manufacturer: IVT Corporation.
      Name: Bluetooth AV/HS Audio
      PNP Device ID: ROOT\MEDIA\0000
      Service:


      -- Scheduled Tasks -------------------------------------------------------------

      2005-10-22 12:22:59 340 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1121033559.job


      -- Files created between 2008-01-25 and 2008-02-25 -----------------------------

      2008-02-25 23:13:12 0 d-------- C:\RVAXO
      2008-02-25 23:13:09 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
      2008-02-25 23:03:35 711103 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-25 23:03:35 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-25 18:56:59 0 d-------- C:\Programme\Trend Micro
      2008-02-25 00:01:54 0 d-------- C:\Programme\FontysEloNatschool
      2008-02-09 13:33:16 0 d-------- C:\Programme\Belastingdienst
      2008-02-05 17:17:18 0 d-------- C:\Programme\Avira
      2008-01-31 19:35:05 1142 --a------ C:\WINDOWS\mozver.dat


      -- Find3M Report ---------------------------------------------------------------

      2008-02-25 23:15:23 46464 --a------ C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat
      2008-02-25 20:50:10 0 d-------- C:\Programme\Winamp Remote
      2008-02-24 23:19:54 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TVU networks
      2008-02-24 23:19:04 0 d-------- C:\Programme\TVUPlayer
      2008-02-24 17:41:46 35328 --a------ C:\WINDOWS\system32\cygz.dll
      2008-02-24 17:41:46 1126281 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
      2008-02-24 17:41:46 35328 --a------ C:\WINDOWS\cygz.dll
      2008-02-24 17:41:46 1126281 --a------ C:\WINDOWS\cygwin1.dll <Not Verified; Red Hat; Cygwin>
      2008-02-24 15:24:01 0 d-------- C:\Programme\Sony
      2008-02-22 19:18:06 0 d-------- C:\Programme\Hitman Pro
      2008-02-07 22:28:51 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TransRender
      2008-02-07 22:28:31 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Temporary
      2008-02-07 17:06:30 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
      2008-02-07 16:39:48 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
      2008-02-05 17:14:44 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Lavasoft
      2008-01-31 19:35:23 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe
      2008-01-31 18:50:48 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla
      2008-01-21 22:49:34 0 d-------- C:\Programme\MSXML 6.0
      2008-01-21 22:48:27 454964 --a------ C:\WINDOWS\system32\perfh007.dat
      2008-01-21 22:48:27 83846 --a------ C:\WINDOWS\system32\perfc007.dat
      2008-01-20 20:05:19 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Publish Providers
      2008-01-20 20:04:28 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony
      2008-01-20 19:55:56 0 d-------- C:\Programme\Vstplugins
      2008-01-20 19:47:24 0 d-------- C:\Programme\MSBuild
      2008-01-20 19:42:39 0 d-------- C:\Programme\Reference Assemblies
      2008-01-19 10:13:39 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony Setup
      2008-01-18 13:38:35 0 d-------- C:\Programme\Sony Setup
      2008-01-09 21:00:58 0 d-------- C:\Programme\HighMAT CD Writing Wizard
      2008-01-09 16:48:45 0 d-------- C:\Programme\MagicISO
      2008-01-09 16:48:45 0 d-------- C:\Programme\LimeWire
      2008-01-09 16:48:43 0 d-------- C:\Programme\DivX
      2008-01-09 16:48:40 0 d-------- C:\Programme\Winamp
      2008-01-09 16:48:40 0 d-------- C:\Programme\VDMSound
      2008-01-09 16:48:35 0 d-------- C:\Programme\Windows Media Connect 2
      2008-01-09 16:48:34 0 d-------- C:\Programme\QuickTime Alternative
      2007-12-29 17:43:05 0 d-------- C:\Programme\Windows Media Connect


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
      04.10.2007 21:06 1135968 --a------ C:\Programme\Winamp Toolbar\winamptb.dll

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [04.10.2007 21:06 1135968]

      [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
      [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12.01.2005 21:05]
      "Dit"="Dit.exe" [20.07.2004 18:18 C:\WINDOWS\Dit.exe]
      "Cmaudio"="cmicnfg.cpl"
      "AGRSMMSG"="AGRSMMSG.exe" [08.10.2004 10:50 C:\WINDOWS\AGRSMMSG.exe]
      "AOLDialer"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [21.06.2007 13:42]
      "Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [25.01.2005 11:03]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
      "PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [21.02.2005 18:08]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08.10.2004 10:52]
      "LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [18.01.2005 16:47]
      "LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [18.01.2005 16:37]
      "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
      "HostManager"="C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe" [17.11.2006 14:16]
      "WinampAgent"="C:\Programme\Winamp\wianmpa.exe"
      "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [05.02.2008 17:20]
      "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:54]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00]
      "LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [18.01.2005 16:07]
      "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11.06.2007 13:08]
      "Orb"="C:\Programme\Winamp Remote\bin\OrbTray.exe" [07.01.2008 21:02]
      "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [03.11.2006 09:56]


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f039ae1-8468-11d9-8a72-001109df9636}]
      AutoRun\command- L:\OEMBranding.exe




      -- End of Deckard's System Scanner: finished at 2008-02-25 23:23:24 ------------

      Wat dien ik nu nog te doen?? Kun je ook alle overbodige troep eens bekijken of een en ander weg kan op de pc van mijn broer?
      Dank wederom.

      Comment


      • #4
        Bedankt voor je snelle antwoord Smeek!

        Hier logfile van RVAXO en daar beneden de inhoud van main.txt

        ---RVAXO.exe Updated: 2008-02-25---first run---
        Uninstallers:

        Files found:
        C:\Dokumente und Einstellungen\Besitzer\FAVORI~1\Online Security Test.url

        Folders Found:
        C:\Programme\NetProject

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------
        Files found:

        Folders Found:

        --------------RVAXO.exe finished----------------




        Deckard's System Scanner v20071014.68
        Run by Besitzer on 2008-02-25 23:16:22
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------

        Successfully created a Deckard's System Scanner Restore Point.


        -- Last 5 Restore Point(s) --
        51: 2008-02-25 22:16:31 UTC - RP173 - Deckard's System Scanner Restore Point
        50: 2008-02-22 19:09:43 UTC - RP172 - Software Distribution Service 3.0
        49: 2008-02-18 20:16:38 UTC - RP171 - Systemprüfpunkt
        48: 2008-02-17 17:24:25 UTC - RP170 - Systemprüfpunkt
        47: 2008-02-16 06:02:46 UTC - RP169 - Systemprüfpunkt


        -- First Restore Point --
        1: 2007-11-26 22:38:59 UTC - RP123 - Systemprüfpunkt


        Backed up registry hives.
        Performed disk cleanup.



        -- HijackThis (run as Besitzer.exe) --------------------------------------------

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 23:22:39, on 25.02.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
        C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
        C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
        C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
        C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\wanmpsvc.exe
        C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
        C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\Dit.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
        C:\Programme\Home Cinema\PowerCinema\PCMService.exe
        C:\WINDOWS\system32\LVCOMSX.EXE
        C:\Programme\Logitech\Video\LogiTray.exe
        C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
        C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
        C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Programme\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Programme\Winamp Remote\bin\OrbTray.exe
        C:\Programme\Windows Media Player\WMPNSCFG.exe
        C:\Programme\Logitech\Video\FxSvr2.exe
        C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
        C:\Programme\Winamp Remote\bin\Orb.exe
        C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
        C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
        C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLUPnPBrowser.exe
        C:\Dokumente und Einstellungen\Besitzer\Desktop\dss.exe
        C:\PROGRA~1\TRENDM~1\HIJACK~1\Besitzer.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
        O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [Dit] Dit.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
        O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
        O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\wianmpa.exe
        O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
        O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [Orb] "C:\Programme\Winamp Remote\bin\OrbTray.exe" /background
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe
        O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
        O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
        O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

        --
        End of file - 11748 bytes

        -- File Associations -----------------------------------------------------------

        All associations okay.


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
        R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
        R1 StarOpen - c:\windows\system32\drivers\staropen.sys
        R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
        R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
        R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
        R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
        R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
        R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
        R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
        R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

        S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
        S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
        S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
        R2 BlueSoleil Hid Service - c:\programme\ivt corporation\bluesoleil\btntservice.exe
        R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\programme\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
        R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\programme\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
        R2 CyberLink Media Library Service - "c:\programme\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
        R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


        -- Device Manager: Disabled ----------------------------------------------------

        Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
        Description: Bluetooth AV/HS Audio
        Device ID: ROOT\MEDIA\0000
        Manufacturer: IVT Corporation.
        Name: Bluetooth AV/HS Audio
        PNP Device ID: ROOT\MEDIA\0000
        Service:


        -- Scheduled Tasks -------------------------------------------------------------

        2005-10-22 12:22:59 340 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1121033559.job


        -- Files created between 2008-01-25 and 2008-02-25 -----------------------------

        2008-02-25 23:13:12 0 d-------- C:\RVAXO
        2008-02-25 23:13:09 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
        2008-02-25 23:03:35 711103 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-02-25 23:03:35 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-02-25 18:56:59 0 d-------- C:\Programme\Trend Micro
        2008-02-25 00:01:54 0 d-------- C:\Programme\FontysEloNatschool
        2008-02-09 13:33:16 0 d-------- C:\Programme\Belastingdienst
        2008-02-05 17:17:18 0 d-------- C:\Programme\Avira
        2008-01-31 19:35:05 1142 --a------ C:\WINDOWS\mozver.dat


        -- Find3M Report ---------------------------------------------------------------

        2008-02-25 23:15:23 46464 --a------ C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat
        2008-02-25 20:50:10 0 d-------- C:\Programme\Winamp Remote
        2008-02-24 23:19:54 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TVU networks
        2008-02-24 23:19:04 0 d-------- C:\Programme\TVUPlayer
        2008-02-24 17:41:46 35328 --a------ C:\WINDOWS\system32\cygz.dll
        2008-02-24 17:41:46 1126281 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
        2008-02-24 17:41:46 35328 --a------ C:\WINDOWS\cygz.dll
        2008-02-24 17:41:46 1126281 --a------ C:\WINDOWS\cygwin1.dll <Not Verified; Red Hat; Cygwin>
        2008-02-24 15:24:01 0 d-------- C:\Programme\Sony
        2008-02-22 19:18:06 0 d-------- C:\Programme\Hitman Pro
        2008-02-07 22:28:51 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TransRender
        2008-02-07 22:28:31 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Temporary
        2008-02-07 17:06:30 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
        2008-02-07 16:39:48 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
        2008-02-05 17:14:44 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Lavasoft
        2008-01-31 19:35:23 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe
        2008-01-31 18:50:48 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla
        2008-01-21 22:49:34 0 d-------- C:\Programme\MSXML 6.0
        2008-01-21 22:48:27 454964 --a------ C:\WINDOWS\system32\perfh007.dat
        2008-01-21 22:48:27 83846 --a------ C:\WINDOWS\system32\perfc007.dat
        2008-01-20 20:05:19 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Publish Providers
        2008-01-20 20:04:28 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony
        2008-01-20 19:55:56 0 d-------- C:\Programme\Vstplugins
        2008-01-20 19:47:24 0 d-------- C:\Programme\MSBuild
        2008-01-20 19:42:39 0 d-------- C:\Programme\Reference Assemblies
        2008-01-19 10:13:39 0 d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony Setup
        2008-01-18 13:38:35 0 d-------- C:\Programme\Sony Setup
        2008-01-09 21:00:58 0 d-------- C:\Programme\HighMAT CD Writing Wizard
        2008-01-09 16:48:45 0 d-------- C:\Programme\MagicISO
        2008-01-09 16:48:45 0 d-------- C:\Programme\LimeWire
        2008-01-09 16:48:43 0 d-------- C:\Programme\DivX
        2008-01-09 16:48:40 0 d-------- C:\Programme\Winamp
        2008-01-09 16:48:40 0 d-------- C:\Programme\VDMSound
        2008-01-09 16:48:35 0 d-------- C:\Programme\Windows Media Connect 2
        2008-01-09 16:48:34 0 d-------- C:\Programme\QuickTime Alternative
        2007-12-29 17:43:05 0 d-------- C:\Programme\Windows Media Connect


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
        04.10.2007 21:06 1135968 --a------ C:\Programme\Winamp Toolbar\winamptb.dll

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
        "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [04.10.2007 21:06 1135968]

        [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
        [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
        [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
        [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12.01.2005 21:05]
        "Dit"="Dit.exe" [20.07.2004 18:18 C:\WINDOWS\Dit.exe]
        "Cmaudio"="cmicnfg.cpl"
        "AGRSMMSG"="AGRSMMSG.exe" [08.10.2004 10:50 C:\WINDOWS\AGRSMMSG.exe]
        "AOLDialer"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [21.06.2007 13:42]
        "Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [25.01.2005 11:03]
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
        "PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [21.02.2005 18:08]
        "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08.10.2004 10:52]
        "LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [18.01.2005 16:47]
        "LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [18.01.2005 16:37]
        "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
        "HostManager"="C:\Programme\Gemeinsame Dateien\AOL\1178978581\ee\AOLSoftware.exe" [17.11.2006 14:16]
        "WinampAgent"="C:\Programme\Winamp\wianmpa.exe"
        "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [05.02.2008 17:20]
        "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:54]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00]
        "LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [18.01.2005 16:07]
        "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11.06.2007 13:08]
        "Orb"="C:\Programme\Winamp Remote\bin\OrbTray.exe" [07.01.2008 21:02]
        "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [03.11.2006 09:56]


        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f039ae1-8468-11d9-8a72-001109df9636}]
        AutoRun\command- L:\OEMBranding.exe




        -- End of Deckard's System Scanner: finished at 2008-02-25 23:23:24 ------------

        Wat dien ik nu nog te doen?? Kun je ook alle overbodige troep eens bekijken of een en ander weg kan op de pc van mijn broer?
        Dank wederom.

        Comment


        • #5
          Het lijkt allemaal vrij schoon

          Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

          Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Vertel maar of er nog problemen zijn

          Comment


          • #6
            Hoi Smeenk,

            Ik heb bovenstaande acties uitgevoerd en ik ondervind geen problemen meer op de pc van mijn broer. Wat mij betreft kan dit topic gesloten worden.
            Hartstikke bedankt!
            Groetjes Remco

            Comment


            • #7
              Graag gedaan hoor Remco

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X