Mededeling

Collapse
No announcement yet.

bravesentry/spywaresherrif

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • bravesentry/spywaresherrif

    Hallo,

    Mijn pc is besmet met bravesentry/spywaresherrif . Spywaresherrif wordt overigens niet aangeven rechtsonder in de taakbalk, alleen door avg antispyware.

    Ik gebruik windows xp, met firewall en AVG virus en spyware bescherming.
    Kan iemand me helpen dit te verwijderen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:32:05, on 2-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Caere\OmniPagePro90\opware32.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\wind32.exe
    C:\WINDOWS\system32\n2ewma1xxsv2234.exe
    C:\WINDOWS\system32\ws2_64.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\vedxga1me4t1.exe
    C:\WINDOWS\system32\vedxg4am1et2.exe
    C:\WINDOWS\system32\vedxga4me1.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/nl/ý
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O1 - Hosts: 124.217.252.77 www.bravesentry.com
    O1 - Hosts: 124.217.252.77 bravesentry.com
    O1 - Hosts: 124.217.252.78 secure.isoftpay.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Rates - {0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69} - C:\WINDOWS\toprates.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
    O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
    O4 - HKLM\..\Run: [ws2_64.exe] C:\WINDOWS\system32\ws2_64.exe
    O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188836423015
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://80.100.108.20/remote/msrdp.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 10048 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      ---RVAXO.exe Updated: 2008-03-02---first run---
      Uninstallers:
      BraveSentry uninstaller found

      Files found:
      C:\WINDOWS\system32\vedxg3am1et3.exe
      C:\WINDOWS\system32\vedxg4am1et2.exe
      C:\WINDOWS\system32\vedxga1me4t1.exe
      C:\WINDOWS\system32\vedxga4m1et4.exe
      C:\WINDOWS\system32\vedxga4me1.exe
      C:\WINDOWS\system32\vedxga8me6.exe
      C:\WINDOWS\system32\dllgh8jkd1q1.exe
      C:\WINDOWS\system32\dllgh8jkd1q5.exe
      C:\WINDOWS\system32\dllgh8jkd1q6.exe
      C:\WINDOWS\system32\dllgh8jkd1q7.exe
      C:\WINDOWS\system32\dllgh8jkd1q8.exe
      C:\Documents and Settings\Claassen\tmp.exe
      C:\Documents and Settings\Claassen\Local Settings\Temp\NeroDemo9918\Setup\NeroDelTmp.exe
      C:\WINDOWS\system32\vx.tll
      C:\WINDOWS\system32\winsub.xml
      C:\WINDOWS\system32\ntos.exe

      Folders Found:
      C:\Program Files\BraveSentry
      C:\Program Files\advantage
      C:\WINDOWS\system32\wsnpoem

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      Deckard's System Scanner v20071014.68
      Run by Claassen on 2008-03-02 11:14:22
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Failed to create restore point; System Restore is disabled (service is not running).


      -- Last 5 Restore Point(s) --
      85: 2008-03-01 21:58:44 UTC - RP205 - Controlepunt van systeem
      84: 2008-02-29 20:31:40 UTC - RP204 - Controlepunt van systeem
      83: 2008-02-28 20:07:44 UTC - RP203 - Controlepunt van systeem
      82: 2008-02-27 20:03:19 UTC - RP202 - Controlepunt van systeem
      81: 2008-02-26 18:27:57 UTC - RP201 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-12-03 20:08:58 UTC - RP121 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Claassen.exe) --------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:15:22, on 2-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\ATKKBService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Caere\OmniPagePro90\opware32.exe
      C:\WINDOWS\system32\ntvdm.exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\WINDOWS\system32\n2ewma1xxsv2234.exe
      C:\WINDOWS\system32\ws2_64.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\Claassen\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Claassen.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/nl/ý
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Rates - {0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69} - C:\WINDOWS\toprates.dll (file missing)
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
      O4 - HKLM\..\Run: [ws2_64.exe] C:\WINDOWS\system32\ws2_64.exe
      O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188836423015
      O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://80.100.108.20/remote/msrdp.cab
      O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 9396 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080302-102212-111 O1 - Hosts: 124.217.252.77 www.bravesentry.com
      backup-20080302-102212-170 O1 - Hosts: 124.217.252.77 bravesentry.com
      backup-20080302-102212-266 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
      backup-20080302-102212-368 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
      backup-20080302-102212-475 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
      backup-20080302-102212-522 O1 - Hosts: 124.217.252.77 bravesentry.com
      backup-20080302-102212-636 O1 - Hosts: 124.217.252.78 secure.isoftpay.com
      backup-20080302-102212-700 O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
      backup-20080302-102212-717 O1 - Hosts: 124.217.252.77 www.bravesentry.com
      backup-20080302-102212-785 O1 - Hosts: 124.217.252.77 www.bravesentry.com
      backup-20080302-102212-871 O1 - Hosts: 124.217.252.77 bravesentry.com
      backup-20080302-102212-903 O1 - Hosts: 124.217.252.77 www.bravesentry.com
      backup-20080302-102212-971 O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
      backup-20080302-102212-992 O1 - Hosts: 124.217.252.77 bravesentry.com

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
      R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
      R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
      R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
      R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
      R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
      R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
      R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

      S1 oxser (OX16C95x Serial port driver) - c:\windows\system32\drivers\oxser.sys <Not Verified; OEM; OX16C95x>
      S2 asc3550p - c:\windows\system32\drivers\asc3550p.sys
      S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
      S3 taskmon.sys - c:\windows\system32\taskmon.sys


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
      R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
      R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
      R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
      Description: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
      Device ID: ACPI\PNP0303\4&38D79619&0
      Manufacturer: (standaardtoetsenbord)
      Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
      PNP Device ID: ACPI\PNP0303\4&38D79619&0
      Service: i8042prt


      -- Files created between 2008-02-02 and 2008-03-02 -----------------------------

      2008-03-02 11:12:10 0 d-------- C:\RVAXO
      2008-03-02 11:10:42 719362 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-02 11:10:42 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-02 10:18:16 0 d-------- C:\Program Files\Yahoo!
      2008-03-02 10:18:11 0 d-------- C:\Program Files\CCleaner
      2008-03-02 10:17:31 0 d-------- C:\Program Files\Trend Micro
      2008-03-02 09:26:01 18368 --a------ C:\WINDOWS\system32\taskmon.sys
      2008-03-02 09:25:13 10 --a------ C:\WINDOWS\system32\kr_done1
      2008-03-02 09:25:11 14336 --a------ C:\WINDOWS\system32\ws2_64.exe
      2008-03-02 09:25:08 13824 --a------ C:\WINDOWS\system32\m1ax1d121322116143v.exe
      2008-03-02 09:25:05 12796 --a------ C:\WINDOWS\system32\n2ewma1xxsv2234.exe
      2008-03-02 09:25:04 1175630 --a------ C:\Documents and Settings\Claassen\Application Data\Install.dat
      2008-03-02 09:24:51 17872 --a------ C:\WINDOWS\system32\wind32.exe
      2008-02-27 19:39:54 0 d-------- C:\Documents and Settings\Claassen\Application Data\cerasus.media
      2008-02-27 19:39:11 0 d-------- C:\Program Files\Animal Agents - NL
      2008-02-25 20:22:48 0 d-------- C:\games
      2008-02-25 20:22:39 0 d--h----- C:\WINDOWS\PIF
      2008-02-24 11:32:00 0 d-------- C:\Documents and Settings\Claassen\Application Data\TVU Networks
      2008-02-24 11:31:57 0 d-------- C:\Program Files\TVUPlayer
      2008-02-24 11:31:37 0 d-------- C:\Program Files\TVAnts
      2008-02-24 11:31:28 0 d-------- C:\Program Files\Satellite TV for PC
      2008-02-22 18:43:49 0 d-------- C:\Program Files\Luxor 3
      2008-02-20 20:56:39 0 d-------- C:\Documents and Settings\Claassen\Application Data\Big Fish Games
      2008-02-20 20:56:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Big Fish Games
      2008-02-20 20:56:23 0 d-------- C:\Program Files\[email protected] Puzzle 2
      2008-02-17 17:37:35 0 d-------- C:\Program Files\Fab Fashion
      2008-02-16 19:24:26 0 d-------- C:\Documents and Settings\Claassen\Application Data\Magic Seeds
      2008-02-09 16:55:18 0 d-------- C:\Program Files\PlayFirst
      2008-02-08 19:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Friday's games
      2008-02-08 19:36:49 0 d-------- C:\Program Files\Natalie Brooks - Secrets of Treasure House NL
      2008-02-03 12:06:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
      2008-02-02 15:51:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
      2008-02-02 15:51:04 0 d-------- C:\Program Files\BFG


      -- Find3M Report ---------------------------------------------------------------

      2008-03-02 11:11:12 0 d-------- C:\Documents and Settings\Claassen\Application Data\uTorrent
      2008-03-02 08:37:58 0 d-------- C:\Documents and Settings\Claassen\Application Data\AVG7
      2008-02-29 22:56:26 0 d-------- C:\Documents and Settings\Claassen\Application Data\Canon
      2008-02-17 16:39:40 0 d-------- C:\Documents and Settings\Claassen\Application Data\PlayFirst
      2008-02-15 16:09:08 0 d-------- C:\Program Files\Bit Che
      2008-02-05 18:37:45 0 d-------- C:\Program Files\Travelogue 360 Rome
      2008-02-05 18:37:26 0 d-------- C:\Program Files\Zylom Games
      2008-02-05 16:57:14 0 d-------- C:\Documents and Settings\Claassen\Application Data\Identities
      2008-02-02 15:22:29 0 d-------- C:\Documents and Settings\Claassen\Application Data\LimeWire
      2008-01-28 16:13:37 0 d-------- C:\Documents and Settings\Claassen\Application Data\Real
      2008-01-27 15:48:03 0 d-------- C:\Program Files\Torrent Harvester
      2008-01-27 15:47:44 0 d-------- C:\Program Files\Peril at End House
      2008-01-27 15:46:13 0 d-------- C:\Program Files\Mystery Case Files Huntsville
      2008-01-27 15:45:58 0 d-------- C:\Program Files\Jigsaw Puzzle Platinum Edition
      2008-01-24 16:54:48 0 d-------- C:\Documents and Settings\Claassen\Application Data\Valusoft
      2008-01-20 18:11:58 0 d-------- C:\Documents and Settings\Claassen\Application Data\BloodTies
      2008-01-19 15:28:04 0 d-------- C:\Documents and Settings\Claassen\Application Data\Oberon Games
      2008-01-19 15:27:34 0 d-------- C:\Program Files\Turbo Subs
      2008-01-08 18:50:06 0 d-------- C:\Documents and Settings\Claassen\Application Data\Zylom
      2008-01-06 19:12:06 0 d-------- C:\Documents and Settings\Claassen\Application Data\Home Sweet Home
      2008-01-06 15:24:35 0 d-------- C:\Program Files\Pizza Chef
      2008-01-05 19:33:27 0 d-------- C:\Program Files\Google
      2008-01-05 10:46:17 0 d-------- C:\Documents and Settings\Claassen\Application Data\Teggo


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69}]
      C:\WINDOWS\toprates.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [01-08-2006 12:10 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [16-05-2006 11:04 C:\WINDOWS\SkyTel.exe]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-2006 14:43]
      "nwiz"="nwiz.exe" [11-08-2006 14:43 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11-08-2006 14:43]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21-12-2007 08:41]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [26-10-2006 23:47]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03-09-2007 17:18]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
      "OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [15-12-1998 10:48]
      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [17-10-2006 02:20]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [15-08-2007 15:59]
      "SystemSv121"="C:\WINDOWS\system32\n2ewma1xxsv2234.exe" [02-03-2008 09:25]
      "ws2_64.exe"="C:\WINDOWS\system32\ws2_64.exe" [02-03-2008 09:25]
      "taskmon"="C:\WINDOWS\taskmon.exe"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21-04-2006 16:03]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 11:54]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [9-11-2007 22:22:58]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
      "C:\Program Files\AdVantage\AdVantage.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
      "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87fe699-7b57-11dc-8754-001966328d5b}]
      AutoRun\command- H:\InstallTomTomHOME.exe




      -- End of Deckard's System Scanner: finished at 2008-03-02 11:15:50 ------------

      Comment


      • #4
        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
        O2 - BHO: Rates - {0EB6AF05-AB7F-47C2-8ABC-9B985FE27A69} - C:\WINDOWS\toprates.dll (file missing)
        O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
        O4 - HKLM\..\Run: [ws2_64.exe] C:\WINDOWS\system32\ws2_64.exe
        O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Herstart daarna je computer.


        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting items>>log.txt
        FOR %%g in (
        C:\WINDOWS\system32\taskmon.sys
        C:\WINDOWS\system32\kr_done1
        C:\WINDOWS\system32\ws2_64.exe
        C:\WINDOWS\system32\m1ax1d121322116143v.exe
        C:\WINDOWS\system32\n2ewma1xxsv2234.exe
        "C:\Documents and Settings\Claassen\Application Data\Install.dat"
        C:\WINDOWS\system32\wind32.exe) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat er opent een logje.

        Herstart naar normale modus, post dit logje tesamen met een nieuw logje van Deckard's System Scanner

        Comment


        • #5
          Deleting items
          C:\WINDOWS\system32\taskmon.sys deleted
          C:\WINDOWS\system32\kr_done1 deleted
          C:\WINDOWS\system32\ws2_64.exe deleted
          C:\WINDOWS\system32\m1ax1d121322116143v.exe deleted
          C:\WINDOWS\system32\n2ewma1xxsv2234.exe deleted
          "C:\Documents and Settings\Claassen\Application Data\Install.dat" deleted
          C:\WINDOWS\system32\wind32.exe deleted

          Deckard's System Scanner v20071014.68
          Run by Claassen on 2008-03-02 17:12:06
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------



          -- HijackThis (run as Claassen.exe) --------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 17:12:09, on 2-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Caere\OmniPagePro90\opware32.exe
          C:\WINDOWS\system32\ntvdm.exe
          C:\Program Files\TomTom HOME 2\HOMERunner.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\ATKKBService.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\Documents and Settings\Claassen\Bureaublad\dss.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\Claassen.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/nl/ý
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
          O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
          O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
          O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
          O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: BlueSoleil.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188836423015
          O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://80.100.108.20/remote/msrdp.cab
          O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
          O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
          O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
          O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

          --
          End of file - 8971 bytes

          -- Files created between 2008-02-02 and 2008-03-02 -----------------------------

          2008-03-02 11:12:10 0 d-------- C:\RVAXO
          2008-03-02 11:10:42 719362 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-03-02 11:10:42 69632 --a------ C:\WINDOWS\system32\remove.exe
          2008-03-02 10:18:16 0 d-------- C:\Program Files\Yahoo!
          2008-03-02 10:18:11 0 d-------- C:\Program Files\CCleaner
          2008-03-02 10:17:31 0 d-------- C:\Program Files\Trend Micro
          2008-02-27 19:39:54 0 d-------- C:\Documents and Settings\Claassen\Application Data\cerasus.media
          2008-02-27 19:39:11 0 d-------- C:\Program Files\Animal Agents - NL
          2008-02-25 20:22:48 0 d-------- C:\games
          2008-02-25 20:22:39 0 d--h----- C:\WINDOWS\PIF
          2008-02-24 11:32:00 0 d-------- C:\Documents and Settings\Claassen\Application Data\TVU Networks
          2008-02-24 11:31:57 0 d-------- C:\Program Files\TVUPlayer
          2008-02-24 11:31:37 0 d-------- C:\Program Files\TVAnts
          2008-02-24 11:31:28 0 d-------- C:\Program Files\Satellite TV for PC
          2008-02-22 18:43:49 0 d-------- C:\Program Files\Luxor 3
          2008-02-20 20:56:39 0 d-------- C:\Documents and Settings\Claassen\Application Data\Big Fish Games
          2008-02-20 20:56:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Big Fish Games
          2008-02-20 20:56:23 0 d-------- C:\Program Files\[email protected] Puzzle 2
          2008-02-17 17:37:35 0 d-------- C:\Program Files\Fab Fashion
          2008-02-16 19:24:26 0 d-------- C:\Documents and Settings\Claassen\Application Data\Magic Seeds
          2008-02-09 16:55:18 0 d-------- C:\Program Files\PlayFirst
          2008-02-08 19:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Friday's games
          2008-02-08 19:36:49 0 d-------- C:\Program Files\Natalie Brooks - Secrets of Treasure House NL
          2008-02-03 12:06:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
          2008-02-02 15:51:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
          2008-02-02 15:51:04 0 d-------- C:\Program Files\BFG


          -- Find3M Report ---------------------------------------------------------------

          2008-03-02 17:06:49 0 d-------- C:\Documents and Settings\Claassen\Application Data\uTorrent
          2008-03-02 08:37:58 0 d-------- C:\Documents and Settings\Claassen\Application Data\AVG7
          2008-02-29 22:56:26 0 d-------- C:\Documents and Settings\Claassen\Application Data\Canon
          2008-02-17 16:39:40 0 d-------- C:\Documents and Settings\Claassen\Application Data\PlayFirst
          2008-02-15 16:09:08 0 d-------- C:\Program Files\Bit Che
          2008-02-05 18:37:45 0 d-------- C:\Program Files\Travelogue 360 Rome
          2008-02-05 18:37:26 0 d-------- C:\Program Files\Zylom Games
          2008-02-05 16:57:14 0 d-------- C:\Documents and Settings\Claassen\Application Data\Identities
          2008-02-02 15:22:29 0 d-------- C:\Documents and Settings\Claassen\Application Data\LimeWire
          2008-01-28 16:13:37 0 d-------- C:\Documents and Settings\Claassen\Application Data\Real
          2008-01-27 15:48:03 0 d-------- C:\Program Files\Torrent Harvester
          2008-01-27 15:47:44 0 d-------- C:\Program Files\Peril at End House
          2008-01-27 15:46:13 0 d-------- C:\Program Files\Mystery Case Files Huntsville
          2008-01-27 15:45:58 0 d-------- C:\Program Files\Jigsaw Puzzle Platinum Edition
          2008-01-24 16:54:48 0 d-------- C:\Documents and Settings\Claassen\Application Data\Valusoft
          2008-01-20 18:11:58 0 d-------- C:\Documents and Settings\Claassen\Application Data\BloodTies
          2008-01-19 15:28:04 0 d-------- C:\Documents and Settings\Claassen\Application Data\Oberon Games
          2008-01-19 15:27:34 0 d-------- C:\Program Files\Turbo Subs
          2008-01-08 18:50:06 0 d-------- C:\Documents and Settings\Claassen\Application Data\Zylom
          2008-01-06 19:12:06 0 d-------- C:\Documents and Settings\Claassen\Application Data\Home Sweet Home
          2008-01-06 15:24:35 0 d-------- C:\Program Files\Pizza Chef
          2008-01-05 19:33:27 0 d-------- C:\Program Files\Google
          2008-01-05 10:46:17 0 d-------- C:\Documents and Settings\Claassen\Application Data\Teggo


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RTHDCPL"="RTHDCPL.EXE" [01-08-2006 12:10 C:\WINDOWS\RTHDCPL.exe]
          "SkyTel"="SkyTel.EXE" [16-05-2006 11:04 C:\WINDOWS\SkyTel.exe]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-2006 14:43]
          "nwiz"="nwiz.exe" [11-08-2006 14:43 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11-08-2006 14:43]
          "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21-12-2007 08:41]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 15:40]
          "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [26-10-2006 23:47]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03-09-2007 17:18]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
          "OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [15-12-1998 10:48]
          "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [17-10-2006 02:20]
          "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [15-08-2007 15:59]
          "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04-08-2004 13:00]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21-04-2006 16:03]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 11:54]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [9-11-2007 22:22:58]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
          "DisableRegistryTools"=0 (0x0)

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
          @="Service"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
          "C:\Program Files\AdVantage\AdVantage.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
          "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
          "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
          "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87fe699-7b57-11dc-8754-001966328d5b}]
          AutoRun\command- H:\InstallTomTomHOME.exe




          -- End of Deckard's System Scanner: finished at 2008-03-02 17:12:26 ------------

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Vertel of er nog problemen zijn

            Comment


            • #7
              Ziet er allemaal goed uit. Bedankt voor je hulp!

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X