Mededeling

Collapse
No announcement yet.

Virus winbooster

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus winbooster

    Ik heb een virus genaamd winbooster (tenminste dat haal ik er uit op) op mijn computer.

    Ik heb een knalrode desktop met daarop: "Your privacy is in danger! Download privacy software now" Daarbij heb ik drie iconen cadeau gekregen bij deze desktop. Ik krijg heel veel internet explorer pop-ups met daarin onder andere de website virusisolator scanner en spywareiso spyiso free scanner . Ook pop-ups van "windows" met spyware alert. Ik kan geen enkele website meer normaal bezoeken. Mozilla sluit ook niet meer af.
    Kaspersky en spybot zijn erover geweest. In spybot wel een aantal dingen verwijderd maar probleem blijft.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:33:29, on 16-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: E-mail.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O21 - SSODL: pmsoarbf - {92012D45-566E-4271-BCAC-0CC61C997F33} - C:\WINDOWS\pmsoarbf.dll
    O21 - SSODL: omlbpkaw - {51C76041-1F11-4FDC-9AE5-FEB419B1C47E} - C:\WINDOWS\omlbpkaw.dll
    O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    Last edited by Vezel; 16-04-08, 02:34.

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      RVAOXO uitgevoerd hier zijn de resultaten:

      ---RVAXO.exe Updated: 2008-04-15---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\lgmxvpatkmb.dll
      C:\WINDOWS\qtvglped.dll
      C:\WINDOWS\omlbpkaw.dll
      C:\WINDOWS\pmsoarbf.dll
      C:\Documents and Settings\Celina Hagebeuk\Bureau~1\Error Cleaner.url
      C:\Documents and Settings\Celina Hagebeuk\Bureau~1\Spyware&Malware Protection.url
      C:\Documents and Settings\Celina Hagebeuk\Bureau~1\Privacy Protector.url
      C:\Documents and Settings\Celina Hagebeuk\FAVORI~1\Error Cleaner.url
      C:\Documents and Settings\Celina Hagebeuk\FAVORI~1\Privacy Protector.url
      C:\Documents and Settings\Celina Hagebeuk\FAVORI~1\Spyware&Malware Protection.url

      Folders Found:
      C:\WINDOWS\privacy_danger

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Nieuwe Hijackthis log:

      Logfile of HijackThis v1.99.1
      Scan saved at 10:40:54, on 16-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\HJT\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll (file missing)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: E-mail.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O11 - Options group: [TABS] Tabbed Browsing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
      O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

      Ik ga nu Deckard's System Scanner doen.

      Comment


      • #4
        Dit zijn de resultaten van DSS:
        Misschien hoort het hier niet maar sinds dit heb ik dat bij de firefox documenten in mijn lokale mappen een internet explorer logo'tje staat, kan ik dit ook nog aanpassen?

        Main.txt:


        Deckard's System Scanner v20071014.68
        Run by Celina Hagebeuk on 2008-04-16 10:44:17
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------

        Successfully created a Deckard's System Scanner Restore Point.


        -- Last 5 Restore Point(s) --
        15: 2008-04-16 08:44:24 UTC - RP44 - Deckard's System Scanner Restore Point
        14: 2008-04-15 20:21:30 UTC - RP43 - Installed SmartFTP Client
        13: 2008-04-15 11:51:19 UTC - RP42 - Controlepunt van systeem
        12: 2008-04-10 20:51:32 UTC - RP41 - Software Distribution Service 3.0
        11: 2008-04-08 11:50:21 UTC - RP40 - Controlepunt van systeem


        -- First Restore Point --
        1: 2008-03-20 16:36:21 UTC - RP30 - Geïnstalleerd: Nokia PC Suite


        Backed up registry hives.
        Performed disk cleanup.



        -- HijackThis (run as Celina Hagebeuk.exe) -------------------------------------

        Logfile of HijackThis v1.99.1
        Scan saved at 10:45:43, on 16-4-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
        C:\Program Files\Mozilla Thunderbird\thunderbird.exe
        C:\Documents and Settings\Celina Hagebeuk\Bureaublad\dss.exe
        C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
        C:\PROGRA~1\HJT\Celina Hagebeuk.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll (file missing)
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Startup: E-mail.lnk = ?
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O11 - Options group: [INTERNATIONAL] International*
        O11 - Options group: [TABS] Tabbed Browsing
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
        O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
        O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


        -- File Associations -----------------------------------------------------------

        .js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
        .js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
        R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

        S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


        -- Device Manager: Disabled ----------------------------------------------------

        Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
        Description: PCI Simple Communications-controller
        Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_104016BE&REV_00\3&61AAA01&0&40
        Manufacturer:
        Name: PCI Simple Communications-controller
        PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_104016BE&REV_00\3&61AAA01&0&40
        Service:


        -- Scheduled Tasks -------------------------------------------------------------

        2008-03-16 16:16:30 410 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1205676943.job


        -- Files created between 2008-03-16 and 2008-04-16 -----------------------------

        2008-04-16 10:35:08 0 d-------- C:\RVAXO
        2008-04-16 10:29:26 790777 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-04-16 10:29:26 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-04-16 01:25:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-04-16 01:11:39 0 d-------- C:\Program Files\HJT
        2008-04-16 00:46:00 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\TmpRecentIcons
        2008-04-15 23:16:11 10240 --a------ C:\WINDOWS\system32\wlcstp32.dll
        2008-04-15 23:16:08 36352 --a------ C:\WINDOWS\system32\hgGvwxxu.dll
        2008-04-15 23:16:04 98304 --a------ C:\WINDOWS\system32\ncxmdgxk.exe
        2008-04-15 23:16:03 81920 --a------ C:\WINDOWS\rtqmekwg.exe
        2008-04-15 23:16:03 94208 --a------ C:\WINDOWS\npqtsrak.exe
        2008-04-15 23:16:00 0 d-------- C:\Documents and Settings\All Users\Application Data\furahmxm
        2008-04-15 23:15:55 98304 --a------ C:\WINDOWS\system32\nglkrify.exe
        2008-04-15 22:26:40 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\SmartFTP
        2008-04-15 22:21:34 0 d-------- C:\Program Files\SmartFTP Client
        2008-04-15 22:16:52 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
        2008-03-31 16:18:25 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Datalayer
        2008-03-31 16:18:21 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Phone Browser
        2008-03-31 16:14:13 0 d-------- C:\Program Files\Incomplete
        2008-03-31 16:13:59 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Incomplete
        2008-03-31 16:01:34 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\LimeWire
        2008-03-31 15:32:40 0 d-------- C:\Program Files\LimeWire
        2008-03-31 15:31:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
        2008-03-31 15:31:43 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Azureus
        2008-03-31 15:27:44 0 d-------- C:\Program Files\Azureus
        2008-03-20 23:57:36 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Nokia
        2008-03-20 23:55:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
        2008-03-20 23:50:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
        2008-03-20 17:13:07 0 d-------- C:\WINDOWS\system32\NtmsData
        2008-03-16 23:53:14 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Zylom
        2008-03-16 23:51:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
        2008-03-16 23:51:04 0 d-------- C:\Program Files\Zylom Games
        2008-03-16 23:41:11 0 d-------- C:\Program Files\Google
        2008-03-16 23:30:25 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
        2008-03-16 23:21:18 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
        2008-03-16 23:08:41 0 d-------- C:\Program Files\QuickTime
        2008-03-16 22:53:02 0 d-------- C:\Program Files\Bonjour
        2008-03-16 22:41:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
        2008-03-16 22:22:23 0 d-------- C:\Program Files\DIFX
        2008-03-16 22:21:44 0 d-------- C:\Program Files\Common Files\Nokia
        2008-03-16 22:21:23 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\PC Suite
        2008-03-16 22:21:20 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
        2008-03-16 22:21:13 0 d-------- C:\Program Files\Common Files\PCSuite
        2008-03-16 22:20:40 0 d-------- C:\Program Files\Nokia
        2008-03-16 22:20:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
        2008-03-16 22:09:58 0 d-------- C:\Program Files\CWebCam
        2008-03-16 21:29:20 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Adobe
        2008-03-16 21:14:39 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Sun
        2008-03-16 21:14:17 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Macromedia
        2008-03-16 20:53:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
        2008-03-16 20:53:26 0 d-------- C:\Program Files\Common Files\Logitech
        2008-03-16 20:53:23 0 d-------- C:\Program Files\Logitech
        2008-03-16 20:53:23 0 d--h----- C:\Program Files\InstallShield Installation Information
        2008-03-16 20:52:35 0 d-------- C:\Program Files\Common Files\InstallShield
        2008-03-16 20:42:27 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Contacts
        2008-03-16 20:32:51 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Thunderbird
        2008-03-16 20:27:40 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Mozilla
        2008-03-16 20:26:05 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Application Data\Identities
        2008-03-16 20:25:56 0 d--h----- C:\Documents and Settings\Celina Hagebeuk\Sjablonen
        2008-03-16 20:25:56 0 dr-h----- C:\Documents and Settings\Celina Hagebeuk\SendTo
        2008-03-16 20:25:56 0 dr-h----- C:\Documents and Settings\Celina Hagebeuk\Onlangs geopend
        2008-03-16 20:25:56 3145728 --ah----- C:\Documents and Settings\Celina Hagebeuk\NTUSER.DAT
        2008-03-16 20:25:56 0 d--h----- C:\Documents and Settings\Celina Hagebeuk\Netwerkprinteromgeving
        2008-03-16 20:25:56 0 d--h----- C:\Documents and Settings\Celina Hagebeuk\NetHood
        2008-03-16 20:25:56 0 dr------- C:\Documents and Settings\Celina Hagebeuk\Mijn documenten
        2008-03-16 20:25:56 0 dr------- C:\Documents and Settings\Celina Hagebeuk\Menu Start
        2008-03-16 20:25:56 0 d--h----- C:\Documents and Settings\Celina Hagebeuk\Local Settings
        2008-03-16 20:25:56 0 dr------- C:\Documents and Settings\Celina Hagebeuk\Favorieten
        2008-03-16 20:25:56 0 d--hs---- C:\Documents and Settings\Celina Hagebeuk\Cookies
        2008-03-16 20:25:56 0 d-------- C:\Documents and Settings\Celina Hagebeuk\Bureaublad
        2008-03-16 20:25:56 0 dr------- C:\Documents and Settings\Celina Hagebeuk\Application Data
        2008-03-16 20:02:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
        2008-03-16 20:02:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
        2008-03-16 20:00:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
        2008-03-16 19:59:53 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
        2008-03-16 19:59:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
        2008-03-16 19:59:53 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
        2008-03-16 19:59:53 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
        2008-03-16 19:59:53 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
        2008-03-16 19:59:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
        2008-03-16 19:59:53 0 dr------- C:\Documents and Settings\Administrator\Mijn documenten
        2008-03-16 19:59:53 0 dr------- C:\Documents and Settings\Administrator\Menu Start
        2008-03-16 19:59:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
        2008-03-16 19:59:53 0 dr------- C:\Documents and Settings\Administrator\Favorieten
        2008-03-16 19:59:53 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
        2008-03-16 19:59:53 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
        2008-03-16 19:59:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
        2008-03-16 19:59:53 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
        2008-03-16 19:50:30 1158 --a------ C:\WINDOWS\mozver.dat
        2008-03-16 19:43:29 0 d-------- C:\WINDOWS\pss
        2008-03-16 17:52:04 0 d-------- C:\Program Files\Mozilla Thunderbird
        2008-03-16 17:47:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
        2008-03-16 17:46:20 0 d-------- C:\Program Files\Messenger Plus! Live
        2008-03-16 17:46:04 17856 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
        2008-03-16 17:37:57 0 d------c- C:\WINDOWS\system32\DRVSTORE
        2008-03-16 17:27:55 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
        2008-03-16 17:27:49 0 d-------- C:\Program Files\Windows Live
        2008-03-16 17:27:34 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-03-16 16:29:12 0 --a------ C:\WINDOWS\nsreg.dat
        2008-03-16 16:05:38 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS <Not Verified; Oak Technology Inc.; AFS>
        2008-03-16 16:03:15 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
        2008-03-16 16:01:52 0 d-------- C:\Program Files\Hewlett-Packard
        2008-03-16 16:01:06 16622 -----n--- C:\WINDOWS\hpomdl01.dat
        2008-03-16 16:01:06 20458 --a------ C:\WINDOWS\hpoins01.dat


        -- Find3M Report ---------------------------------------------------------------

        2008-03-30 14:16:58 512410 --a------ C:\WINDOWS\system32\perfh013.dat
        2008-03-30 14:16:58 92052 --a------ C:\WINDOWS\system32\perfc013.dat
        2008-03-16 23:28:17 0 d-------- C:\Program Files\Common Files\Adobe
        2008-03-16 22:41:06 0 d-------- C:\Program Files\Common Files
        2008-03-10 15:52:20 0 d-------- C:\Program Files\MSXML 6.0
        2008-03-10 15:51:58 0 d-------- C:\Program Files\MSXML 4.0
        2008-03-10 15:25:31 0 d-------- C:\Program Files\Java
        2008-03-10 15:24:08 0 d-------- C:\Program Files\Common Files\Java
        2008-03-10 15:15:50 0 d-------- C:\Program Files\Common Files\Nero
        2008-03-10 15:14:33 0 d-------- C:\Program Files\Nero
        2008-03-10 15:00:21 0 d-------- C:\Program Files\Common Files\ODBC
        2008-03-10 15:00:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
        2008-03-10 14:59:37 62 --ahs---- C:\Documents and Settings\Celina Hagebeuk\Application Data\desktop.ini
        2008-03-10 14:58:29 0 d-------- C:\Program Files\Kaspersky Lab
        2008-03-10 14:56:10 0 d-------- C:\Program Files\Microsoft.NET
        2008-03-10 14:50:38 0 d-------- C:\Program Files\SiS7012
        2008-03-10 14:39:31 592 --a------ C:\WINDOWS\chgkey.vbs
        2008-03-10 14:35:16 0 d-------- C:\Program Files\MSBuild
        2008-03-10 14:30:00 0 d-------- C:\Program Files\Reference Assemblies
        2008-03-10 14:17:35 0 d-------- C:\Program Files\microsoft frontpage
        2008-03-10 14:13:11 0 -rahs---- C:\MSDOS.SYS
        2008-03-10 14:13:11 0 -rahs---- C:\IO.SYS
        2008-03-10 14:13:11 0 --a------ C:\CONFIG.SYS
        2008-03-10 14:13:11 0 --a------ C:\AUTOEXEC.BAT
        2008-03-10 14:11:28 0 d--h----- C:\Program Files\WindowsUpdate
        2008-03-10 14:11:22 0 d-------- C:\Program Files\Online Services
        2008-03-10 14:10:27 0 d-------- C:\Program Files\Common Files\MSSoap
        2008-03-10 14:10:18 0 d-------- C:\Program Files\Movie Maker
        2008-03-10 14:09:11 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
        2008-03-10 14:08:29 0 d-------- C:\Program Files\Windows Media Connect 2
        2008-03-10 14:08:17 0 d-------- C:\Program Files\Messenger
        2008-03-10 14:08:12 0 d-------- C:\Program Files\MSN Gaming Zone
        2008-03-10 14:08:02 0 d-------- C:\Program Files\Windows NT


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52676F4A-D830-4513-BE81-3A0C28B32C2F}]
        C:\WINDOWS\lgmxvpatkmb.dll

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7348D74C-731B-DECE-9F8A-A37D8214708E}]
        15-04-2008 23:16 10240 --a------ C:\WINDOWS\system32\wlcstp32.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
        "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [23-11-2002 03:15]
        "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15-07-2005 23:48]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [16-03-2008 17:46]
        "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [16-03-2008 21:09]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
        "ShowDeskFix"=regsvr32 /s /n /i:u shell32
        "IE7-11"=rundll32 advpack.dll,LaunchINFSection IE7.inf,AfterUserStart

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]
        path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hp psc 1000 series.lnk
        backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]
        path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
        backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
        "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
        C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup




        -- End of Deckard's System Scanner: finished at 2008-04-16 10:46:34 ------------

        Extra.txt:

        Deckard's System Scanner v20071014.68
        Extra logfile - please post this as an attachment with your post.
        --------------------------------------------------------------------------------

        -- System Information ----------------------------------------------------------

        Microsoft Windows XP Professional (build 2600) SP 2.0
        Architecture: X86; Language: Dutch

        CPU 0: Intel(R) Pentium(R) 4 CPU 2.53GHz
        Percentage of Memory in Use: 43%
        Physical Memory (total/avail): 767.48 MiB / 432.19 MiB
        Pagefile Memory (total/avail): 1878 MiB / 1630.12 MiB
        Virtual Memory (total/avail): 2047.88 MiB / 1912.6 MiB

        A: is Removable (No Media)
        C: is Fixed (NTFS) - 74.52 GiB total, 57.86 GiB free.
        E: is CDROM (No Media)
        F: is CDROM (No Media)

        \\.\PHYSICALDRIVE0 - ST380020A - 74.53 GiB - 1 partition
        \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



        -- Security Center -------------------------------------------------------------

        AUOptions is scheduled to auto-install.
        Windows Internal Firewall is enabled.

        FirstRunDisabled is set.

        AV: Kaspersky Anti-Virus v6.0.2.614 ()

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
        "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
        "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
        "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
        "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
        "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
        "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
        "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"


        -- Environment Variables -------------------------------------------------------

        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        APPDATA=C:\Documents and Settings\Celina Hagebeuk\Application Data
        CLIENTNAME=Console
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=CELINA
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Documents and Settings\Celina Hagebeuk
        LOGONSERVER=\\CELINA
        NUMBER_OF_PROCESSORS=1
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
        PROCESSOR_LEVEL=15
        PROCESSOR_REVISION=0207
        ProgramFiles=C:\Program Files
        PROMPT=$P$G
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\DOCUME~1\CELINA~2\LOCALS~1\Temp
        TMP=C:\DOCUME~1\CELINA~2\LOCALS~1\Temp
        USERDOMAIN=CELINA
        USERNAME=Celina Hagebeuk
        USERPROFILE=C:\Documents and Settings\Celina Hagebeuk
        windir=C:\WINDOWS


        -- User Profiles ---------------------------------------------------------------

        Thuis (admin)
        Celina Hagebeuk_2 (new local, admin)
        Celina Hagebeuk (admin)
        Administrator (new local, admin)


        -- Add/Remove Programs ---------------------------------------------------------

        --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
        --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
        Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
        Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
        Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
        Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
        Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
        Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
        Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
        Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
        Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
        Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
        Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
        Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
        Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
        Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
        Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
        Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
        Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
        Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
        Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
        Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
        Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
        Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
        Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
        Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
        Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
        Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
        Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
        Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
        Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
        Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
        Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
        Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
        Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
        Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
        Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
        Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
        Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
        Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
        Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
        Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
        Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
        Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
        Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
        AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
        Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
        Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
        Cake Mania (remove only) --> "C:\Program Files\Zylom Games\Cake Mania\Uninstall.exe"
        Creative WebCam Driver (1.02.08.0807) --> C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl
        Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
        HijackThis 1.99.1 --> C:\Documents and Settings\Celina Hagebeuk\Local Settings\Temporary Internet Files\Content.IE5\DEOJ2PNE\HijackThis.exe /uninstall
        HP-software voor foto- en beeldbewerking 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
        HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
        HP-software voor foto- en beeldbewerking 2.0 - HP psc 1100 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
        HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
        hp psc 1100 series --> MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
        Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
        Kaspersky Anti Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
        Kaspersky Anti Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
        LimeWire PRO 4.9.37 --> "C:\Program Files\LimeWire\uninstall.exe"
        Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x13 UNINSTALL
        Logitech iTouch-software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x13 UNINSTALL
        Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
        Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
        Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
        Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
        Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
        MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
        Nero 8 --> MsiExec.exe /X{6F8A555E-F2E1-415D-AD8A-67C0A7671043}
        neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
        Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
        Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
        Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
        Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
        PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
        Pizza Frenzy Deluxe --> "C:\Program Files\Zylom Games\Pizza Frenzy Deluxe\GameInstaller.exe" --uninstall UnInstall.log
        SiS Audio Driver --> C:\Program Files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
        SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
        SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
        Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
        Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
        Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
        Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
        Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
        Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
        VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
        Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
        Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
        Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
        Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
        Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
        Windows Presentation Foundation Language Pack (NLD) --> MsiExec.exe /X{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}
        Windows Workflow Foundation NL Language Pack --> MsiExec.exe /I{A06BD059-8EDE-41F3-B91A-73C2C6811187}
        WinRAR --> C:\Program Files\WinRAR\uninstall.exe
        XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
        XML Paper Specification Shared Components Pack 1.0 -->


        -- Application Event Log -------------------------------------------------------

        Event Record #/Type642 / Error
        Event Submitted/Written: 04/15/2008 11:11:05 PM
        Event ID/Source: 1000 / Application Error
        Event Description:
        Vastgelopen toepassing: dreamweaver.exe, versie: 9.0.0.3481, vastgelopen module: msvcr80.dll, versie: 8.0.50727.1433, vastgelopen op: 0x000046b4.
        Verwerken van mediaspecifieke gebeurtenis voor [dreamweaver.exe!ws!]

        Event Record #/Type637 / Success
        Event Submitted/Written: 04/15/2008 01:01:29 PM
        Event ID/Source: 12001 / usnjsvc
        Event Description:
        The Messenger Sharing USN Journal Reader service started successfully.

        Event Record #/Type625 / Success
        Event Submitted/Written: 04/13/2008 01:47:57 PM
        Event ID/Source: 12001 / usnjsvc
        Event Description:
        The Messenger Sharing USN Journal Reader service started successfully.

        Event Record #/Type620 / Error
        Event Submitted/Written: 04/11/2008 08:22:01 PM
        Event ID/Source: 1505 / Userenv
        Event Description:
        Windows kan het gebruikersprofiel niet laden, maar heeft de aanmelding voortgezet met het standaardprofiel van dit systeem.


        Detail: Een van de vereiste bevoegdheden is niet toegekend aan de client.

        Event Record #/Type619 / Error
        Event Submitted/Written: 04/11/2008 08:22:01 PM
        Event ID/Source: 1508 / Userenv
        Event Description:
        Windows kan het register niet laden. Dit wordt vaak veroorzaakt door onvoldoende geheugen of onvoldoende beveiligingsrechten.


        Detail: Een van de vereiste bevoegdheden is niet toegekend aan de client. voor C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat.



        -- Security Event Log ----------------------------------------------------------

        No Errors/Warnings found.


        -- System Event Log ------------------------------------------------------------

        Event Record #/Type3005 / Error
        Event Submitted/Written: 04/16/2008 10:34:06 AM
        Event ID/Source: 10005 / DCOM
        Event Description:
        DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
        om de server
        {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

        Event Record #/Type3004 / Error
        Event Submitted/Written: 04/16/2008 10:33:14 AM
        Event ID/Source: 7026 / Service Control Manager
        Event Description:
        De volgende opstartstuurprogramma's zijn niet geladen:
        AFD
        Fips
        intelppm
        IPSec
        kl1
        klif
        MRxSmb
        NetBIOS
        NetBT
        RasAcd
        Rdbss
        Tcpip

        Event Record #/Type3003 / Error
        Event Submitted/Written: 04/16/2008 10:33:14 AM
        Event ID/Source: 7001 / Service Control Manager
        Event Description:
        De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
        %%31

        Event Record #/Type3002 / Error
        Event Submitted/Written: 04/16/2008 10:33:14 AM
        Event ID/Source: 7001 / Service Control Manager
        Event Description:
        De ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
        %%31

        Event Record #/Type3001 / Error
        Event Submitted/Written: 04/16/2008 10:33:14 AM
        Event ID/Source: 7001 / Service Control Manager
        Event Description:
        De TCP/IP NetBIOS Helper-service is afhankelijk van de AFD-service, die vanwege de volgende fout niet kan worden gestart:
        %%31



        -- End of Deckard's System Scanner: finished at 2008-04-16 10:46:34 ------------
        Last edited by Vezel; 16-04-08, 11:04.

        Comment


        • #5
          Open een kladblokbestand.
          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

          @ECHO OFF
          IF EXIST log.txt DEL log.txt
          ECHO Deleting files>>log.txt
          FOR %%g in (
          C:\WINDOWS\system32\wlcstp32.dll
          C:\WINDOWS\system32\hgGvwxxu.dll
          C:\WINDOWS\system32\ncxmdgxk.exe
          C:\WINDOWS\rtqmekwg.exe
          C:\WINDOWS\npqtsrak.exe
          "C:\Documents and Settings\Celina Hagebeuk\Application Data\TmpRecentIcons"
          "C:\Documents and Settings\All Users\Application Data\furahmxm"
          C:\WINDOWS\system32\nglkrify.exe) DO (
          DEL /Q %%gNUCIA
          IF EXIST %%g (
          ATTRIB -r -s -h %%g
          DEL %%g
          REN %%g *NUCIA
          IF EXIST %%gNUCIA (
          ECHO renamed to %%gNUCIA>>log.txt)
          RD /S /Q %%g
          IF EXIST %%g (
          ECHO %%g not deleted>>log.txt
          ) ELSE (
          ECHO %%g deleted>>log.txt)
          ) ELSE (
          ECHO %%g not found>>log.txt))
          START NOTEPAD.EXE log.txt

          Ga naar Bestand - Opslaan als.
          Bij "Opslaan in" kies je: Bureaublad
          Bij "Bestandsnaam" zet je: del.bat
          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
          Klik op de knop Opslaan.

          Dubbelklik op del.bat en post de inhoud van de logfile die opent.

          Comment


          • #6
            Log del.bat

            Deleting files
            renamed to C:\WINDOWS\system32\wlcstp32.dllNUCIA
            C:\WINDOWS\system32\wlcstp32.dll deleted
            C:\WINDOWS\system32\hgGvwxxu.dll deleted
            C:\WINDOWS\system32\ncxmdgxk.exe deleted
            C:\WINDOWS\rtqmekwg.exe deleted
            C:\WINDOWS\npqtsrak.exe deleted

            Hij vraagt nu in mijn cmd of ik C:\Documents and Settings\naam\Application Data\TmpRecentIcons\*. Weet u het zeker? (J/N). Ik ga er van uit dat ik ja moet drukken?

            Comment


            • #7
              Druk maar op J

              Comment


              • #8
                Hij opende nog een log file:

                Deleting files
                renamed to C:\WINDOWS\system32\wlcstp32.dllNUCIA
                C:\WINDOWS\system32\wlcstp32.dll deleted
                C:\WINDOWS\system32\hgGvwxxu.dll deleted
                C:\WINDOWS\system32\ncxmdgxk.exe deleted
                C:\WINDOWS\rtqmekwg.exe deleted
                C:\WINDOWS\npqtsrak.exe deleted
                "C:\Documents and Settings\Celina Hagebeuk\Application Data\TmpRecentIcons" deleted
                "C:\Documents and Settings\All Users\Application Data\furahmxm" deleted
                C:\WINDOWS\system32\nglkrify.exe deleted

                Waarvoor heb ik dit nu gedaan?
                Als dit voor mijn iconen is dan heb ik nog steeds internet explorer iconen bij mijn firefox documenten.

                Comment


                • #9
                  Oorspronkelijk geplaatst door Vezel Bekijk Berichten
                  nog steeds internet explorer iconen bij mijn firefox documenten.
                  Stel FireFox eens opnieuw in als standaard browser, die IE-iconen duidt volgens mij op Internet Explorer als standaard browser.

                  Herstart je computer en post dan ook even een nieuw logje van Hijackthis

                  Comment


                  • #10
                    Pc herstart. Iconen blijven en firefox is mijn standaard browser.

                    Hijackthis log:

                    Logfile of HijackThis v1.99.1
                    Scan saved at 11:40:29, on 16-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                    C:\Program Files\Bonjour\mDNSResponder.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\Program Files\Logitech\iTouch\iTouch.exe
                    C:\Program Files\Google\Gmail Notifier\gnotify.exe
                    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\HJT\HijackThis.exe

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                    O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll (file missing)
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll (file missing)
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
                    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - Startup: E-mail.lnk = ?
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                    O11 - Options group: [INTERNATIONAL] International*
                    O11 - Options group: [TABS] Tabbed Browsing
                    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
                    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
                    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
                    O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
                    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

                    Comment


                    • #11
                      Start Hijackthis en vink alleen de volgende regels aan:
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
                      O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
                      O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\WINDOWS\system32\wlcstp32.dll (file missing)
                      O3 - Toolbar: qtvglped - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - C:\WINDOWS\qtvglped.dll (file missing)

                      Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                      Herstart je computer.

                      Post nogmaals een nieuw logje van Hijackthis ter controle

                      Comment


                      • #12
                        Computer herstart. Hijackthis gescand hieronder nieuwe logfile. Er staat ook een map in mijn program files dat Bonjour heet. Het staat ook in de logfile. Dit had ik voor het virus nog niet. Kan ik daar ook nog vanaf komen?

                        *edit* er staat wel bij dat het van apple is :S

                        Logfile of HijackThis v1.99.1
                        Scan saved at 11:52:43, on 16-4-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\Program Files\Logitech\iTouch\iTouch.exe
                        C:\Program Files\Google\Gmail Notifier\gnotify.exe
                        C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                        C:\Program Files\HJT\HijackThis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
                        O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                        O4 - Startup: E-mail.lnk = ?
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
                        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                        O11 - Options group: [INTERNATIONAL] International*
                        O11 - Options group: [TABS] Tabbed Browsing
                        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
                        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                        O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
                        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
                        O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
                        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                        Last edited by Vezel; 16-04-08, 11:56.

                        Comment


                        • #13
                          mdnsresponder.exe is a process associated with "Bonjour for Windows" software. It is used by ITunes for music sharing. This is a non-essential process. Disabling or enabling it is down to user preference.
                          Logje ziet er verder schoon uit

                          Comment


                          • #14
                            Gaaf

                            Hij is nu dus verder helemaal goed?
                            Op die verrekt iconen na dan.

                            Comment


                            • #15
                              Doe dit nog:

                              Download ATF cleaner (mirror)(gemaakt door Atribune)

                              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                              Dubbelklik op ATF cleaner om het programma te starten.
                              Op het tabblad "Main", plaats je een vinkje bij Select All.
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook FireFox als browser hebt:
                              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook Opera als browser hebt:
                              Klik op tabblad "Opera", plaats een vinkje bij Select All.
                              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              Klik op de knop Empty Selected.
                              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                              Kijk hier hoe je je systeemherstel moet uitschakelen.
                              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                              Voor die iconen weet ik helaas geen oplossing, misschien moet je daarvoor hier een nieuwe vraag posten:

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X