Mededeling

**smeenk** · 26-04-08, 20:18

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**vanDyk** · 26-04-08, 20:48

VirtumundoBeGone log:
-----------------------
[04/26/2008, 20:24:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jacques\Bureaublad\VirtumundoBeGone.exe" )
[04/26/2008, 20:24:47] - Detected System Information:
[04/26/2008, 20:24:47] - Windows Version: 5.1.2600, Service Pack 2
[04/26/2008, 20:24:47] - Current Username: Jacques (Admin)
[04/26/2008, 20:24:47] - Windows is in NORMAL mode.
[04/26/2008, 20:24:47] - Searching for Browser Helper Objects:
[04/26/2008, 20:24:47] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 20:24:47] - BHO 2: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} ()
[04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\khfDsqoO
[04/26/2008, 20:24:47] - Found: HKLM\...\Winlogon\Notify\khfDsqoO - This is probably Virtumundo.
[04/26/2008, 20:24:47] - Assigning {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} MSEvents Object
[04/26/2008, 20:24:47] - BHO list has been changed! Starting over...
[04/26/2008, 20:24:47] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 20:24:47] - BHO 2: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} (MSEvents Object)
[04/26/2008, 20:24:47] - ALERT: Found MSEvents Object!
[04/26/2008, 20:24:47] - BHO 3: {e8ad1930-5dda-4b02-896e-aff23957a357} ()
[04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\rrjnmyub
[04/26/2008, 20:24:47] - Key not found: HKLM\...\Winlogon\Notify\rrjnmyub, continuing.
[04/26/2008, 20:24:47] - BHO 4: {F90578A8-1011-4EA1-A212-94F041B60B52} ()
[04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\pmnNGWPH
[04/26/2008, 20:24:47] - Key not found: HKLM\...\Winlogon\Notify\pmnNGWPH, continuing.
[04/26/2008, 20:24:47] - Finished Searching Browser Helper Objects
[04/26/2008, 20:24:47] - *** Detected MSEvents Object
[04/26/2008, 20:24:47] - Trying to remove MSEvents Object...
[04/26/2008, 20:24:48] - Terminating Process: IEXPLORE.EXE
[04/26/2008, 20:24:50] - Terminating Process: RUNDLL32.EXE
[04/26/2008, 20:24:50] - Disabling Automatic Shell Restart
[04/26/2008, 20:24:50] - Terminating Process: EXPLORER.EXE
[04/26/2008, 20:24:51] - Suspending the NT Session Manager System Service
[04/26/2008, 20:24:51] - Terminating Windows NT Logon/Logoff Manager
[04/26/2008, 20:24:51] - Re-enabling Automatic Shell Restart
[04/26/2008, 20:24:51] - File to disable: C:\WINDOWS\system32\khfDsqoO.dll
[04/26/2008, 20:24:51] - Removing HKLM\...\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
[04/26/2008, 20:24:51] - Removing HKCR\CLSID\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
[04/26/2008, 20:24:51] - Adding Kill Bit for ActiveX for GUID: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
[04/26/2008, 20:24:51] - Deleting ATLEvents/MSEvents Registry entries
[04/26/2008, 20:24:51] - Removing HKLM\...\Winlogon\Notify\khfDsqoO
[04/26/2008, 20:24:51] - Searching for Browser Helper Objects:
[04/26/2008, 20:24:51] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 20:24:51] - BHO 2: {e8ad1930-5dda-4b02-896e-aff23957a357} ()
[04/26/2008, 20:24:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 20:24:51] - Checking for HKLM\...\Winlogon\Notify\rrjnmyub
[04/26/2008, 20:24:51] - Key not found: HKLM\...\Winlogon\Notify\rrjnmyub, continuing.
[04/26/2008, 20:24:51] - BHO 3: {F90578A8-1011-4EA1-A212-94F041B60B52} ()
[04/26/2008, 20:24:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 20:24:51] - Checking for HKLM\...\Winlogon\Notify\pmnNGWPH
[04/26/2008, 20:24:51] - Key not found: HKLM\...\Winlogon\Notify\pmnNGWPH, continuing.
[04/26/2008, 20:24:51] - Finished Searching Browser Helper Objects
[04/26/2008, 20:24:51] - Finishing up...
[04/26/2008, 20:24:51] - A restart is needed.
[04/26/2008, 20:25:04] - Attempting to Restart via STOP error (Blue Screen!)
-----------------------

RVAXO log:
-----------------------
---RVAXO.exe Updated: 2008-04-25---first run---
Uninstallers:

Files found:
C:\WINDOWS\BM33e68236.xml
C:\WINDOWS\BM33e68236.txt
C:\WINDOWS\system32\khfDsqoO.dll__DELETE_ON_REBOOT
C:\WINDOWS\system32\HPWGNnmp.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\libssl32.dll
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\libcurl.dll

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------
-----------------------

Deckard's System Scanner main-log:
-----------------------
Deckard's System Scanner v20071014.68
Run by Jacques on 2008-04-26 20:39:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
18: 2008-04-26 18:39:31 UTC - RP346 - Deckard's System Scanner Restore Point
17: 2008-04-26 18:10:20 UTC - RP345 - Installed Trend Micro PC-cillin Internet Security 2007.
16: 2008-04-26 15:43:05 UTC - RP344 - Windows XP Service Pack 2 is geïnstalleerd.
15: 2008-04-24 21:05:16 UTC - RP343 - Removed Google Toolbar for Internet Explorer
14: 2008-04-24 21:05:16 UTC - RP342 - Controlepunt van systeem

-- First Restore Point --
1: 2008-04-24 21:05:16 UTC - RP329 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jacques.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:11, on 26-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools\daemon.exe
D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Jacques\Bureaublad\dss.exe
C:\DOCUME~1\ADMINI~1.JAC\BUREAU~1\Jacques.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {753a7593-2ffa-e698-20b4-add50391da8e} - {e8ad1930-5dda-4b02-896e-aff23957a357} - C:\WINDOWS\system32\rrjnmyub.dll
O2 - BHO: (no name) - {F90578A8-1011-4EA1-A212-94F041B60B52} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - D:\Nero7Premium\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7554 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 CloneCD (CloneCD I/O Driver) - c:\windows\system32\drivers\clonecd.sys <Not Verified; Elaborate Bytes; CloneCD>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 AVCamUSB20 (AVerTV USB 2.0) - c:\windows\system32\drivers\avtvcsmini20.sys (file missing)
S3 Usb20Scan (USB 2.0 Still Image) - c:\windows\system32\drivers\cresscan.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - "d:\pinnacle\shared files\programs\mediaserver\pmshost.exe" <Not Verified; Pinnacle Systems; Media Server>

S3 NBService - d:\nero7premium\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 20:35:35 0 d-------- C:\RVAXO
2008-04-26 20:32:18 803317 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-26 20:32:18 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-26 20:16:50 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-26 20:10:28 0 d-------- C:\Program Files\Trend Micro
2008-04-26 19:54:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Macromedia
2008-04-26 18:59:26 0 d-------- C:\WINDOWS\Prefetch
2008-04-26 17:03:23 0 d-------- C:\Documents and Settings\Jacques\Application Data\Lavasoft
2008-04-26 16:50:40 0 d-------- C:\Documents and Settings\Jacques\Application Data\PC Tools
2008-04-26 16:47:31 0 d-------- C:\Documents and Settings\Jacques\Application Data\Webroot
2008-04-26 16:19:33 0 d-------- C:\Program Files\Enigma Software Group
2008-04-26 12:38:58 107072 --a------ C:\WINDOWS\system32\rrjnmyub.dll
2008-04-26 11:48:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Micrografx
2008-04-26 10:48:02 107072 --a------ C:\WINDOWS\system32\ycultlbp.dll
2008-04-24 22:41:09 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Lavasoft
2008-04-24 22:08:26 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 22:08:10 0 d-------- C:\Program Files\Spyware Doctor
2008-04-24 22:08:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\PC Tools
2008-04-24 22:07:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-24 22:07:41 0 d-------- C:\Program Files\Webroot
2008-04-24 22:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-24 22:07:30 164 --a------ C:\install.dat
2008-04-24 22:07:24 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Webroot
2008-04-24 22:05:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 22:05:09 0 d-------- C:\Program Files\Lavasoft
2008-04-24 22:04:35 0 d-------- C:\Program Files\SpywareBlaster
2008-04-24 22:03:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-04-24 22:03:18 0 d-------- C:\Temp
2008-04-24 21:59:33 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Local Settings
2008-04-24 21:59:33 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Favorieten
2008-04-24 21:59:33 0 d--hs---- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Cookies
2008-04-24 21:59:33 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad
2008-04-24 21:59:33 0 dr-h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data
2008-04-24 21:59:33 0 d---s---- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Microsoft
2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Sjablonen
2008-04-24 21:59:32 0 dr-h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\SendTo
2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Onlangs geopend
2008-04-24 21:59:32 2359296 --ah----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\NTUSER.DAT
2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Netwerkprinteromgeving
2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\NetHood
2008-04-24 21:59:32 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Mijn documenten
2008-04-24 21:59:32 0 dr------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Menu Start
2008-04-24 21:59:24 0 d--hs---- C:\WINDOWS\CSC
2008-04-24 21:56:57 0 d-------- C:\Program Files\Hitman Pro
2008-04-24 19:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Bimesoft
2008-04-20 14:15:40 0 dr-h----- C:\Documents and Settings\Jacques\Onlangs geopend

-- Find3M Report ---------------------------------------------------------------

2008-04-26 20:40:13 483442 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-26 20:40:13 88762 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-26 17:46:33 0 d-------- C:\Program Files\Messenger
2008-04-24 21:59:13 0 d-------- C:\Program Files\Google
2008-03-23 15:45:08 0 d-------- C:\Documents and Settings\Jacques\Application Data\Ahead
2008-02-23 19:57:05 30832 --a------ C:\Documents and Settings\Jacques\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8ad1930-5dda-4b02-896e-aff23957a357}]
26-04-2008 12:38 107072 --a------ C:\WINDOWS\system32\rrjnmyub.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F90578A8-1011-4EA1-A212-94F041B60B52}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"Norton Ghost 12.0"="D:\Norton Ghost\Agent\VProTray.exe" [28-03-2007 20:41]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20-07-2006 07:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13-07-2006 08:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
"nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14-01-2004 03:10]
"NWEReboot"=""

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [11-03-2004 00:26]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [14-05-2007 18:01]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25-10-2006 10:03]
"OpwareSE4"="D:\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04-02-2007 13:02]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 11:55]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [08-03-2007 02:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 03:03]
"DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [04-04-2007 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12-03-2007 13:49]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]
Microsoft Office.lnk - D:\Microsoft Office\Office10\OSA.EXE [13-2-2001 10:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-04-26 20:41:19 ------------
-----------------------

Deckard's System Scanner extra-log:
-----------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2031.1 MiB / 1245.84 MiB
Pagefile Memory (total/avail): 3908.21 MiB / 3320.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.67 MiB

C: is Fixed (NTFS) - 24.41 GiB total, 12.04 GiB free.
D: is Fixed (NTFS) - 37.41 GiB total, 34.09 GiB free.
E: is Fixed (NTFS) - 37.11 GiB total, 10.01 GiB free.
F: is Fixed (NTFS) - 83.84 GiB total, 4.16 GiB free.
G: is Fixed (NTFS) - 269.24 GiB total, 50.83 GiB free.
H: is Fixed (NTFS) - 107.42 GiB total, 93.66 GiB free.
I: is Fixed (NTFS) - 45.23 GiB total, 41.6 GiB free.
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is Removable (No Media)
N: is Removable (No Media)
O: is Removable (No Media)
P: is Removable (No Media)
Q: is CDROM (No Media)
Y: is Fixed (NTFS) - 19.53 GiB total, 19.45 GiB free.
Z: is Fixed (NTFS) - 12.86 GiB total, 8.06 GiB free.

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 12.86 GiB - Z:

\\.\PHYSICALDRIVE1 - Maxtor 6Y160P0 - 152.66 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 152.66 GiB - H: - I:

\\.\PHYSICALDRIVE3 - WDC WD4000KS-00MNB0 - 372.61 GiB - 3 partitions
\PARTITION0 - Installable File System - 83.84 GiB - F:
\PARTITION1 - Installable File System - 269.24 GiB - G:
\PARTITION2 - Installable File System - 19.53 GiB - Y:

\\.\PHYSICALDRIVE2 - WDC WD800JD-22MSA1 - 74.53 GiB - 2 partitions
\PARTITION0 - Installable File System - 37.41 GiB - D:
\PARTITION1 - Installable File System - 37.11 GiB - E:

\\.\PHYSICALDRIVE5 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE7 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE6 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

FW: Trend Micro PC-cillin Internet Security v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1234 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"D:\\Pinnacle\\Studio 10\\programs\\RM.exe"="D:\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"D:\\Pinnacle\\Studio 10\\programs\\Studio.exe"="D:\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"D:\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="D:\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"D:\\Pinnacle\\Studio 10\\programs\\umi.exe"="D:\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"D:\\NewsSearcher\\NewsSearcher.exe"="D:\\NewsSearcher\\NewsSearcher.exe:*:Enabled:NewsSearcher"
"D:\\Nero7Premium\\Nero 7\\Nero ShowTime\\ShowTime.exe"="D:\\Nero7Premium\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jacques\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JACQUES-7CCA63C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jacques
LOGONSERVER=\\JACQUES-7CCA63C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\Pinnacle\Shared Files;D:\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jacques\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jacques\LOCALS~1\Temp
USERDOMAIN=JACQUES-7CCA63C
USERNAME=Jacques
USERPROFILE=C:\Documents and Settings\Jacques
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jacques (admin)
Administrator.JACQUES-7CCA63C (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> D:\Nero7Premium\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.32 --> "D:\7-Zip\Uninstall.exe"
Aangifte inkomstenbelasting 2007 --> d:\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.2 (alleen verwijderen) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0413.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan 8800F --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805 /L0x0013
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CDisplay 1.8 --> D:\CDisplay\unins000.exe
CloneCD --> C:\WINDOWS\IsUninst.exe -f"d:\dvd progjes\Elaborate Bytes\CloneCD\Uninst.isu"
Compatibiliteitspakket voor het 2007 Microsoft Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
Corel(R) DESIGNER(TM) 9 --> MsiExec.exe /I{E54A8977-22E8-4A64-BF2C-E60FE122733A}
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only) --> "D:\DVD progjes\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "D:\DVD Shrink\unins000.exe"
EVEREST Ultimate Edition v3.01 --> "D:\EVEREST Ultimate Edition\unins000.exe"
FLAC 1.1.4b (remove only) --> D:\FLAC\uninstall.exe
FreeRIP v2.70 --> "d:\Program Files\FreeRIP2\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-NLD$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB897338) --> "C:\WINDOWS\$NtUninstallKB897338$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB917021) --> "C:\WINDOWS\$NtUninstallKB917021$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB918093) --> "C:\WINDOWS\$NtUninstallKB918093$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB918997) --> "C:\WINDOWS\$NtUninstallKB918997$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB921411) --> "C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB924867) --> "C:\WINDOWS\$NtUninstallKB924867$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB924941) --> "C:\WINDOWS\$NtUninstallKB924941$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Intel(R) Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
InterVideo FilterSDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Micrografx Picture Publisher 10 --> MsiExec.exe /I{04AABF6D-55C5-4779-ABF9-992016E913A2}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{91110413-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (PINNACLESYS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MIDI MP3 Converter 3.00 --> "D:\MIDI MP3 Converter\unins000.exe"
MIKSOFT Mobile AMR converter --> "C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 Premium --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1043}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher --> "D:\NewsLeecher\uninstall.exe"
NewsSearcher --> "D:\NewsSearcher\Uninstall.exe"
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x13 UNINSTALL
Pinnacle MediaServer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x13 UNINSTALL
PowerQuest PartitionMagic Pro 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}\Setup.exe"
Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QuickPar 0.9 --> D:\QuickPar\uninst.exe
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SilverFast CanonSDK-SE 6.5.0r7a --> d:\SilverFast Application\SilverFast CanonSDK-SE\uninst.exe
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x13 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x13 UNINSTALL
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Terugwaartse compatibiliteit van Windows Rights Management Client SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Update voor Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update voor Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB916846) --> "C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update voor Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922120) --> "C:\WINDOWS\$NtUninstallKB922120$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client met Service Pack 2 --> MsiExec.exe /X{13902DA3-1CE3-47E8-A42F-440FFC2BAC2F}
WinRail 5.0 --> D:\WINRAI~1.0\UNWISE.EXE D:\WINRAI~1.0\INSTALL.LOG
WinRAR --> D:\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type11554 / Warning
Event Submitted/Written: 04/26/2008 08:35:46 PM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type11545 / Warning
Event Submitted/Written: 04/26/2008 08:27:01 PM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type11540 / Error
Event Submitted/Written: 04/26/2008 08:11:58 PM
Event ID/Source: 8 / crypt32
Event Description:
Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode verlopen is.

Event Record #/Type11523 / Warning
Event Submitted/Written: 04/26/2008 08:04:26 PM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type11520 / Warning
Event Submitted/Written: 04/26/2008 08:01:52 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Kan geen verbinding met de server maken. Fout: 0x8007043C

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type29041 / Error
Event Submitted/Written: 04/26/2008 08:37:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type29040 / Error
Event Submitted/Written: 04/26/2008 08:37:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type29038 / Error
Event Submitted/Written: 04/26/2008 08:37:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Event Record #/Type29016 / Error
Event Submitted/Written: 04/26/2008 08:32:48 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
De volgende opstartstuurprogramma's zijn niet geladen:
Fips
intelppm
PCLEPCI
tmtdi

Event Record #/Type29015 / Error
Event Submitted/Written: 04/26/2008 08:32:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De Trend Micro Proxy Service-service is afhankelijk van de Trend Micro TDI Driver-service, die vanwege de volgende fout niet kan worden gestart:
%%31

-- End of Deckard's System Scanner: finished at 2008-04-26 20:41:19 ------------
-----------------------

**smeenk** · 26-04-08, 20:52

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: {753a7593-2ffa-e698-20b4-add50391da8e} - {e8ad1930-5dda-4b02-896e-aff23957a357} - C:\WINDOWS\system32\rrjnmyub.dll
O2 - BHO: (no name) - {F90578A8-1011-4EA1-A212-94F041B60B52} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart nu even je computer.

Post na de herstart een nieuw logje van Hijackthis ter controle

**vanDyk** · 26-04-08, 21:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:08, on 26-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools\daemon.exe
D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
R:\HiJackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - D:\Nero7Premium\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7156 bytes

**smeenk** · 26-04-08, 21:03

Verwijder de volgende map:
C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad\backups

Verwijder de volgende bestanden indien aanwezig:
C:\WINDOWS\system32\rrjnmyub.dll
C:\WINDOWS\system32\ycultlbp.dll

Maak dan je prullenbak leeg.

Vertel of er nog problemen zijn

**vanDyk** · 26-04-08, 21:10

De eerste map staat in geen enkele "Documents & Users" map.

Van de 2 bestanden was enkelt de 2de aanwezig, en toen ik ging verrifieren of het werkelijk dit bestand was verdween hij onder mijn neus kort nadat ik een melding kreeg van een Trojan, die ook meteen weer verwijderd werd. En sindsdien is het bestand niet terug gekomen.

Wat moet ik nu doen?

**smeenk** · 26-04-08, 21:14

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Doe daarna eens een volledige systeemscan met je virusscanner en laat alles verwijderen dat gevonden wordt

Mededeling

win32/adware.virtumonde

win32/adware.virtumonde

Comment

Comment

Comment

Comment

Comment

Comment

Comment