Mededeling

Collapse
No announcement yet.

Bedreigingsmonitoor probleem ?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Bedreigingsmonitoor probleem ?

    Hallo,

    Ik heb steeds last van een website die te voorschijn komt met dat ik de pc moet laten scannen iets van een bedreigingsmonitoor popup???

    Ook kom ik heel moeilijk nu op internet en wordt de pc steeds trager.

    Hier mijn hijackthis file. en alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:35:11, on 23-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Ahead\NeroNET\NeroNET.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\RaboCommSrv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [1862ba1c] rundll32.exe "C:\WINDOWS\system32\bsimkbsx.dll",b
    O4 - HKLM\..\Run: [BM1b518980] Rundll32.exe "C:\WINDOWS\system32\vbppbnwc.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Download FTN post - {239ADE46-7037-4F27-A58F-01AC32050708} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193647191765
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52BB9589-CEB8-4E81-A85D-573EDECE9F4D}: NameServer = 194.134.5.55,194.134.5.5
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
    O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
    O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\System32\RaboCommSrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12641 bytes


  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Herstart de computer en plaats ook een nieuw HJT logje

    Comment


    • #3
      Bij het opnieuw opstarten meldingen van rundll??

      Hier het logje van MBAM en daarna hijackthis file.

      Malwarebytes' Anti-Malware 1.11
      Database versie: 673

      Scan type: Snelle Scan
      Objecten gescand: 41294
      Verstreken tijd: 13 minute(s), 10 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 3
      Registersleutels geïnfecteerd: 16
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 2
      Bestanden geïnfecteerd: 10

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\bsimkbsx.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\ssqRHBUk.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\wjtkedfe.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35715cfa-1c43-4064-b314-7b85cebb4bd2} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{35715cfa-1c43-4064-b314-7b85cebb4bd2} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b8f8ee71-2a14-4b02-935d-4ccef1f7272e} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8f8ee71-2a14-4b02-935d-4ccef1f7272e} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1862ba1c (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1b518980 (Trojan.Agent) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrhbuk -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrhbuk -> Delete on reboot.

      Mappen geïnfecteerd:
      C:\Program Files\Tencent (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Tencent\QQLive (Adware.Agent) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\bsimkbsx.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\xsbkmisb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssqRHBUk.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\kUBHRqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\kUBHRqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wjtkedfe.dll (Trojan.Vundo) -> Delete on reboot.
      C:\Program Files\Tencent\QQLive\busy.gif (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Tencent\QQLive\loading.gif (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Tencent\QQLive\notAllowd.gif (Adware.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vbppbnwc.dll (Trojan.Agent) -> Delete on reboot.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:41:14, on 23-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\Program Files\Ahead\NeroNET\NeroNET.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\RaboCommSrv.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\WINDOWS\Dit.exe
      C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\DitExp.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
      O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Download FTN post - {239ADE46-7037-4F27-A58F-01AC32050708} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
      O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
      O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193647191765
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader4.cab
      O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
      O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
      O17 - HKLM\System\CCS\Services\Tcpip\..\{52BB9589-CEB8-4E81-A85D-573EDECE9F4D}: NameServer = 194.134.5.55,194.134.5.5
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: jkkKaaby - jkkKaaby.dll (file missing)
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
      O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
      O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\System32\RaboCommSrv.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

      --
      End of file - 13051 bytes

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O20 - Winlogon Notify: jkkKaaby - jkkKaaby.dll (file missing)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook een nieuw logje van Hijackthis

        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

        Comment


        • #5
          RVAXO logje!

          ---RVAXO.exe Updated: 2008-04-22---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\BM1b518980.xml
          C:\WINDOWS\BM1b518980.txt
          C:\WINDOWS\system32\jkkKaaby.dll__DELETE_ON_REBOOT
          C:\WINDOWS\system32\kUBHRqss.ini
          C:\WINDOWS\hosts
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\wininit.ini
          C:\WINDOWS\system32\clkcnt.txt

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:22:50, on 23-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\SCardSvr.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\WINDOWS\Dit.exe
          C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
          C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
          C:\WINDOWS\System32\rundll32.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\Program Files\Ahead\NeroNET\NeroNET.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\WINDOWS\System32\RaboCommSrv.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\WINDOWS\notepad.exe
          C:\WINDOWS\notepad.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
          O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: BTTray.lnk = ?
          O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
          O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Download FTN post - {239ADE46-7037-4F27-A58F-01AC32050708} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
          O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
          O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
          O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193647191765
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader4.cab
          O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
          O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
          O17 - HKLM\System\CCS\Services\Tcpip\..\{52BB9589-CEB8-4E81-A85D-573EDECE9F4D}: NameServer = 194.134.5.55,194.134.5.5
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
          O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
          O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\System32\RaboCommSrv.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

          --
          End of file - 12843 bytes


          DSS file

          Deckard's System Scanner v20071014.68
          Run by ..... on 2008-04-23 20:14:28
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------

          -- System Restore --------------------------------------------------------------

          Successfully created a Deckard's System Scanner Restore Point.


          -- Last 5 Restore Point(s) --
          14: 2008-04-23 18:14:37 UTC - RP242 - Deckard's System Scanner Restore Point
          13: 2008-04-23 14:37:21 UTC - RP241 - Software Distribution Service 3.0
          12: 2008-04-23 13:06:59 UTC - RP240 - Removed RealSpeak Solo for UK English Emily
          11: 2008-04-22 18:33:24 UTC - RP239 - Last known good configuration
          10: 2008-04-22 18:33:09 UTC - RP238 - Controlepunt van systeem


          -- First Restore Point --
          1: 2008-04-22 18:33:07 UTC - RP229 - Installiert Speak&Win


          Backed up registry hives.
          Performed disk cleanup.

          System Drive C: has 2.26 GiB (less than 15%) free.


          -- HijackThis (run as .....exe) ---------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:19:06, on 23-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\SCardSvr.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\WINDOWS\Dit.exe
          C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
          C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
          C:\WINDOWS\System32\rundll32.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\Program Files\Ahead\NeroNET\NeroNET.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\WINDOWS\System32\RaboCommSrv.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe
          C:\Documents and Settings\...\Bureaublad\dss.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\......exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
          O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: BTTray.lnk = ?
          O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
          O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Download FTN post - {239ADE46-7037-4F27-A58F-01AC32050708} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
          O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
          O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
          O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193647191765
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader4.cab
          O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
          O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
          O17 - HKLM\System\CCS\Services\Tcpip\..\{52BB9589-CEB8-4E81-A85D-573EDECE9F4D}: NameServer = 194.134.5.55,194.134.5.5
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
          O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
          O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\System32\RaboCommSrv.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

          --
          End of file - 12875 bytes

          -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

          backup-20080423-193433-156 O20 - Winlogon Notify: jkkKaaby - jkkKaaby.dll (file missing)
          backup-20080423-193433-376 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          backup-20080423-193433-459 R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

          -- File Associations -----------------------------------------------------------

          .reg - regfile - shell\open\command - regedit.exe "%1" %*
          .scr - scrfile - shell\open\command - "%1" %*


          -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

          R0 giveio - c:\windows\system32\giveio.sys
          R0 nlem32nt - c:\windows\system32\drivers\nlem32nt.sys
          R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
          R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
          R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
          R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
          R0 xmasbus - c:\windows\system32\drivers\xmasbus.sys
          R0 xmasscsi - c:\windows\system32\drivers\xmasscsi.sys
          R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
          R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
          R2 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys <Not Verified; Protect Software GmbH; >
          R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
          R3 GISscd - c:\windows\system32\drivers\gisscd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
          R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
          R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
          R3 SG762_XP (SAGEM 802.11g XG762 1211B Driver) - c:\windows\system32\drivers\wlanbzxp.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
          R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

          S1 AMTBDA_P861F (anysee Capture Service) - c:\windows\system32\drivers\anyseetu.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
          S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
          S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
          S3 IIUSBISP (USB Mass Storage for USB ISP) - c:\windows\system32\drivers\iiusbisp.sys (file missing)
          S3 IrCOMM2k (Virtual IR COM Port) - c:\windows\system32\drivers\ircomm2k.sys (file missing)
          S3 MA-660 (Mobile Action MA-660 USB Infrared Adapter) - c:\windows\system32\drivers\ma-660.sys <Not Verified; Mobile Action Tech. Inc.; MA-620 Infrared Driver.>
          S3 Navcar (Navman In-car Navigator USB Driver Service) - c:\windows\system32\drivers\navcar.sys <Not Verified; NAVMAN; In-car Navigator USB Driver>
          S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)
          S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
          S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
          S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
          S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
          S3 wandrv (WAN Network Driver) - c:\windows\system32\drivers\wandrv.sys <Not Verified; America Online, Inc.; WAN Network Driver>
          S3 wanusb (HM121dp USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys (file missing)
          S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)
          S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


          -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

          R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>
          R2 Srv_RaboComm (Rabo Comm Server) - "c:\windows\system32\rabocommsrv.exe" <Not Verified; Rabobank Nederland; RaboCommSrv>

          S2 MSSQLSERVER - c:\program files\microsoft sql server\mssql\binn\sqlservr.exe -smssqlserver (file missing)
          S2 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
          S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing)
          S3 SQLSERVERAGENT - c:\program files\microsoft sql server\mssql\binn\sqlagent.exe -i mssqlserver (file missing)


          -- Device Manager: Disabled ----------------------------------------------------

          Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
          Description: 1394-netwerkkaart
          Device ID: V1394\NIC1394\117FC310DC
          Manufacturer: Microsoft
          Name: 1394-netwerkkaart
          PNP Device ID: V1394\NIC1394\117FC310DC
          Service: NIC1394


          -- Scheduled Tasks -------------------------------------------------------------

          2007-10-16 23:50:55 304 --a------ C:\WINDOWS\Tasks\XoftSpy.job


          -- Files created between 2008-03-23 and 2008-04-23 -----------------------------

          2099-03-07 22:14:53 0 d--hs---- C:\$RECYCLE.BIN
          2099-03-07 21:31:40 443912 -rahs---- C:\bootmgr
          2099-03-07 21:31:36 0 d--hs---- C:\Boot
          2099-03-07 20:50:44 0 d-------- C:\$WINDOWS.~LS
          2008-04-23 19:59:28 0 d-------- C:\RVAXO
          2008-04-23 19:35:43 800405 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-04-23 19:35:43 69632 --a------ C:\WINDOWS\system32\remove.exe
          2008-04-23 17:01:14 0 d-------- C:\Documents and Settings\M Huser\Application Data\Malwarebytes
          2008-04-23 17:00:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
          2008-04-23 17:00:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
          2008-04-23 11:42:49 88640 -----n--- C:\WINDOWS\system32\bsimkbsx.dll
          2008-04-23 11:40:17 97856 -----n--- C:\WINDOWS\system32\wjtkedfe.dll
          2008-04-23 11:37:55 95808 -----n--- C:\WINDOWS\system32\vbppbnwc.dll
          2008-04-22 20:32:53 272384 -----n--- C:\WINDOWS\system32\ssqRHBUk.dll
          2008-04-15 16:25:37 0 d-------- C:\Program Files\PC_Navigator6
          2008-04-12 19:40:52 0 d-------- C:\Program Files\Common Files\Mapserv
          2008-04-12 19:40:50 0 d-------- C:\Program Files\Common Files\GIS
          2008-04-12 19:40:32 0 d-------- C:\Program Files\truck navigator
          2008-04-12 00:38:04 0 d-------- C:\Program Files\Microsoft AutoRoute
          2008-04-10 15:52:29 0 d-------- C:\Program Files\map&guide professional Version 13
          2008-04-09 19:36:09 0 d-------- C:\Program Files\SFS
          2008-04-08 01:33:12 125712 --a------ C:\WINDOWS\system32\vb6de.dll <Not Verified; Microsoft Corporation; Visual Basic Environment>
          2008-04-08 01:33:11 22528 --a------ C:\WINDOWS\system32\TABCTDE.DLL <Not Verified; Microsoft Corporation; TabCtl32-Objektbibliothek>
          2008-04-08 01:33:10 14336 --a------ C:\WINDOWS\system32\MSCOMDE.DLL <Not Verified; Microsoft Corporation; MSComm>
          2008-04-08 01:33:08 33792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
          2008-04-08 01:33:00 0 d-------- C:\Program Files\ShowGPS
          2008-04-04 22:46:00 0 d-------- C:\Documents and Settings\M Huser\Bluetooth Software
          2008-04-04 22:39:22 67960 --a------ C:\WINDOWS\system32\drivers\btwusb.sys <Not Verified; Broadcom Corporation.; Bluetooth Software>
          2008-04-04 22:38:46 0 d-------- C:\Program Files\WIDCOMM
          2008-04-04 00:18:03 0 d-------- C:\Documents and Settings\M Huser\babelgum
          2008-04-04 00:17:42 0 d-------- C:\Program Files\Babelgum
          2008-04-03 18:46:29 0 d-------- C:\Program Files\Navigator7
          2008-04-03 13:12:53 0 d-------- C:\Program Files\Riccardo Garofano
          2008-04-03 13:12:53 0 d-------- C:\DestinatorApps <DESTIN~1>
          2008-04-03 09:31:58 0 d-------- C:\Program Files\TeamViewer3
          2008-04-02 15:34:17 0 d-------- C:\Program Files\Common Files\Bcgsoft
          2008-04-02 15:19:46 0 d-------- C:\Program Files\Alturion
          2008-03-29 01:32:58 0 d-------- C:\Program Files\Recuva
          2008-03-27 16:22:35 0 d-------- C:\Documents and Settings\M Huser\Application Data\Manager
          2008-03-26 23:41:35 0 d-------- C:\Program Files\SereneScreen
          2008-03-26 00:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\TVManager
          2008-03-24 21:55:44 0 d-------- C:\Documents and Settings\M Huser\Application Data\TeamViewer
          2008-03-24 21:53:39 0 d-------- C:\Documents and Settings\M Huser\temp
          2008-03-23 23:56:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
          2008-03-23 11:31:25 0 d-------- C:\Program Files\Spyware Doctor


          -- Find3M Report ---------------------------------------------------------------

          2008-04-23 20:12:28 504036 --a------ C:\WINDOWS\system32\perfh013.dat
          2008-04-23 20:12:28 97368 --a------ C:\WINDOWS\system32\perfc013.dat
          2008-04-23 14:24:02 0 d-------- C:\Program Files\Hitman Pro
          2008-04-23 12:56:39 0 d-------- C:\Program Files\SpywareBlaster
          2008-04-22 20:27:22 0 d-------- C:\Documents and Settings\M Huser\Application Data\Azureus
          2008-04-21 21:04:11 0 d-------- C:\Program Files\eMule v0.48a
          2008-04-19 20:23:27 0 d-------- C:\Program Files\CrossLoop
          2008-04-18 18:48:31 0 d-------- C:\Program Files\TuneUp Utilities 2008
          2008-04-18 17:06:55 0 d-------- C:\Program Files\Azureus
          2008-04-17 22:30:28 0 d-------- C:\Program Files\SlimTV
          2008-04-16 20:41:24 0 d-------- C:\Program Files\Rabotwin
          2008-04-13 11:11:03 1 --a------ C:\WINDOWS\AR.DAT
          2008-04-13 11:11:03 0 d-------- C:\Program Files\AddRemove
          2008-04-12 20:04:41 0 d--h----- C:\Program Files\InstallShield Installation Information
          2008-04-12 19:40:52 0 d-------- C:\Program Files\Common Files
          2008-04-08 16:27:37 0 d-------- C:\Documents and Settings\M Huser\Application Data\LimeWire
          2008-04-04 22:21:56 2528 --a------ C:\Documents and Settings\M Huser\Application Data\$_hpcst$.hpc
          2008-04-04 22:17:42 0 d-------- C:\Program Files\Microsoft ActiveSync
          2008-04-04 21:17:32 0 d-------- C:\Documents and Settings\M Huser\Application Data\Tyre
          2008-04-04 21:17:20 0 d-------- C:\Program Files\Tyre
          2008-04-04 21:12:52 0 d-------- C:\Program Files\K3spel
          2008-04-03 19:00:39 0 d-------- C:\Documents and Settings\M Huser\Application Data\Navigator
          2008-03-30 22:37:26 0 d-------- C:\Program Files\Satellite TV for PC
          2008-03-24 10:37:50 0 d-------- C:\Program Files\Belastingdienst
          2008-03-23 23:56:36 0 d-------- C:\Program Files\Hema Album Software Advanced
          2008-03-23 23:43:35 0 d-------- C:\Program Files\Weight Watchers FlexiPoints
          2008-03-23 19:39:18 0 d-------- C:\Program Files\OfflineList 0.7.2
          2008-03-21 23:36:30 0 d-------- C:\Program Files\Medion Home CinemaXL
          2008-03-20 23:46:56 0 d-------- C:\Program Files\UberIcon
          2008-03-20 19:33:08 0 d-------- C:\Documents and Settings\M Huser\Application Data\Desktop Sidebar
          2008-03-20 18:37:10 0 d-------- C:\Program Files\Macrogaming
          2008-03-20 10:03:25 0 d-------- C:\Program Files\Movie Maker
          2008-03-20 09:59:28 65288 --a------ C:\WINDOWS\BricoPackUninst.cmd
          2008-03-20 09:59:28 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
          2008-03-20 09:59:27 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
          2008-03-19 13:02:50 0 d-------- C:\Program Files\ewido anti-malware
          2008-03-19 09:51:33 0 d-------- C:\Documents and Settings\M Huser\Application Data\PrevxCSI
          2008-03-19 09:51:18 0 d-------- C:\Program Files\Microsoft SQL Server
          2008-03-18 09:04:57 0 d-------- C:\Program Files\Google
          2008-03-16 00:20:33 0 d-------- C:\Documents and Settings\M Huser\Application Data\Corel
          2008-03-16 00:19:37 1056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
          2008-03-13 14:28:29 984 --a------ C:\WINDOWS\ssconf2.bin
          2008-03-13 14:28:11 44239 --a------ C:\sound32.dll
          2008-03-13 09:12:25 0 d-------- C:\Program Files\Picasa2
          2008-03-10 08:37:14 0 d-------- C:\Program Files\Java
          2008-02-29 20:22:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-28 22:54:49 0 d-------- C:\Program Files\MSN Messenger
          2008-02-27 16:25:54 0 d-------- C:\Program Files\Winamp
          2008-02-27 15:12:19 0 d-------- C:\Program Files\BayGenie
          2008-02-24 19:44:55 0 d-------- C:\Program Files\Common Files\Adobe
          2008-02-20 16:12:10 56 --a------ C:\WINDOWS\system32\S-1-5-21-4428206A
          2008-02-08 16:50:59 4096 --a------ C:\WINDOWS\system32\crash
          2008-01-28 15:30:53 4608 --a------ C:\WINDOWS\system32\bbchlp.dll <Not Verified; Blueberry Consultants Ltd.; BB FlashBack>
          2008-01-28 15:30:53 27776 --a------ C:\WINDOWS\system32\bbcap.dll <Not Verified; Blueberry Consultants Ltd.; BB FlashBack>


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [23-11-2002 02:15]
          "Logitech Utility"="Logi_MwX.Exe" [11-12-2005 00:48 C:\WINDOWS\LOGI_MWX.EXE]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04-10-2007 08:22]
          "Dit"="Dit.exe" [28-08-2002 14:43 C:\WINDOWS\Dit.exe]
          "anysee_TR"="C:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe" [20-09-2007 10:45]
          "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [02-01-2008 21:15]
          "PCMService"="C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [17-02-2003 20:35]
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 13:55]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [13-09-2007 15:13]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 10:03]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18-03-2008 14:29]
          "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [02-01-2008 21:15]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34]

          [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
          "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [27-6-2007 22:55:36]
          SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [25-9-2007 13:28:59]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
          "Notification Packages"= scecli

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
          @="Volume shadow copy"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
          backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
          backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCzapper Media Manager.lnk
          backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Rabo Session Monitor.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Rabo Session Monitor.lnk
          backup=C:\WINDOWS\pss\Rabo Session Monitor.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
          backup=C:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^M Huser^Menu Start^Programma's^Opstarten^Event Reminder.lnk]
          path=C:\Documents and Settings\M Huser\Menu Start\Programma's\Opstarten\Event Reminder.lnk
          backup=C:\WINDOWS\pss\Event Reminder.lnkStartup


          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
          "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
          C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroNETTrayIcon]
          C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
          C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
          "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
          "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
          "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
          "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe /c
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
          "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2a\b\HOMERunner.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
          "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
          "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          "PCMService"=C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
          "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
          "SoundMan"=SOUNDMAN.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1504aa36-3057-11dc-a68a-0010dce4d95e}]
          AutoRun\command- Q:\InstallTomTomHOME.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e4d4aa2-1143-11dd-b4c9-0060b34a31e3}]
          AutoRun\command- S:\setupSNK.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75dd21de-cf3b-11dc-b454-0060b34a31e3}]
          AutoRun\command- S:\InstallTomTomHOME.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75dd21df-cf3b-11dc-b454-0060b34a31e3}]
          AutoRun\command- S:\InstallTomTomHOME.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e518a2-0a30-11dd-b4bc-0002720e49c0}]
          AutoRun\command- S:\InstallTomTomHOME.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c640a694-9932-11dc-b3ff-0060b34a31e3}]
          AutoRun\command- S:\InstallTomTomHOME.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c89724bf-d40f-11dc-b45b-0060b34a31e3}]
          AutoRun\command- T:\setupSNK.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8e6040a-e1f2-11dc-b47b-0060b34a31e3}]
          AutoRun\command- S:\setupSNK.exe




          -- End of Deckard's System Scanner: finished at 2008-04-23 20:20:40 ------------

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\system32\bsimkbsx.dll
            C:\WINDOWS\system32\wjtkedfe.dll
            C:\WINDOWS\system32\vbppbnwc.dll
            C:\WINDOWS\system32\ssqRHBUk.dll) DO (
            del /q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post het logje van del.bat

            Comment


            • #7
              Hallo Smeenk,

              Hier het del.bat logje.

              Deleting files
              C:\WINDOWS\system32\bsimkbsx.dll deleted
              C:\WINDOWS\system32\wjtkedfe.dll deleted
              C:\WINDOWS\system32\vbppbnwc.dll deleted
              C:\WINDOWS\system32\ssqRHBUk.dll deleted

              Comment


              • #8
                Doe dit nog:
                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Is alles weer OK?

                Comment


                • #9
                  Smeenk het lijkt erop dat alles weer oke is.
                  Bedankt en ik zal een dezer dagen een donatie verzenden.
                  nogmaals bedankt.

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X