Mededeling

Collapse
No announcement yet.

Virus/Spyware Pop-Ups Traag ladend internet enz

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus/Spyware Pop-Ups Traag ladend internet enz

    Ik heb dus sindskort last van langzaam ladende web-pagina's namelijk zo lang dat ik er niet eens op ga zitten wachten, ook tijdens het opstarten krijg ik verscheidene meldingen over missende dll's in de system32 map en komen er een stuk of 7 cmd windows te voorschijn die meteen weer verdwijnen, spybot S&D vind alleen virtumonde.dll en geeft uiteindelijk bij het oplossen ervan de melding failed to load delzip179.dll en system out of memory, loopt uiteindelijk vast.

    Hier mijn HijackThis-log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:03:15, on 26-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Config\csrss.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\svehost.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    E:\Irfan\Prive\Downloads\other\EditPad.Pro.6.1.2\EditPadPro.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [84c06356] rundll32.exe "C:\WINDOWS\system32\btdxeigv.dll",b
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BM87f350ca] Rundll32.exe "C:\WINDOWS\system32\perjybgm.dll",s
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9440] command /c del "C:\WINDOWS\system32\awtsTMCS.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8905] cmd /c del "C:\WINDOWS\system32\awtsTMCS.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8511] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6189] cmd /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7729] command /c del "C:\WINDOWS\system32\kdqrtuyp.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7229] cmd /c del "C:\WINDOWS\system32\kdqrtuyp.dll_old"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2531] command /c del "C:\WINDOWS\system32\awtsTMCS.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7672] cmd /c del "C:\WINDOWS\system32\awtsTMCS.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8520] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1584] cmd /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5563] command /c del "C:\WINDOWS\system32\kdqrtuyp.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1340] cmd /c del "C:\WINDOWS\system32\kdqrtuyp.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208975223921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208975320968
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 8799 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hier zijn de logfiles :
      VirtuMondoBeGone:
      [04/26/2008, 20:45:25] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.703\VirtumundoBeGone.exe" )
      [04/26/2008, 20:46:38] - Detected System Information:
      [04/26/2008, 20:46:38] - Windows Version: 5.1.2600, Service Pack 2
      [04/26/2008, 20:46:38] - Current Username: Administrator (Admin)
      [04/26/2008, 20:46:38] - Windows is in NORMAL mode.
      [04/26/2008, 20:46:38] - Searching for Browser Helper Objects:
      [04/26/2008, 20:46:38] - BHO 1: {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\cbXoMCrQ
      [04/26/2008, 20:46:38] - Key not found: HKLM\...\Winlogon\Notify\cbXoMCrQ, continuing.
      [04/26/2008, 20:46:38] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [04/26/2008, 20:46:38] - BHO 3: {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\awtsTMCS
      [04/26/2008, 20:46:38] - Key not found: HKLM\...\Winlogon\Notify\awtsTMCS, continuing.
      [04/26/2008, 20:46:38] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:46:38] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [04/26/2008, 20:46:38] - BHO 6: {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\nnnnNhHA
      [04/26/2008, 20:46:38] - Found: HKLM\...\Winlogon\Notify\nnnnNhHA - This is probably Virtumundo.
      [04/26/2008, 20:46:38] - Assigning {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} MSEvents Object
      [04/26/2008, 20:46:38] - BHO list has been changed! Starting over...
      [04/26/2008, 20:46:38] - BHO 1: {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\cbXoMCrQ
      [04/26/2008, 20:46:38] - Key not found: HKLM\...\Winlogon\Notify\cbXoMCrQ, continuing.
      [04/26/2008, 20:46:38] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [04/26/2008, 20:46:38] - BHO 3: {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\awtsTMCS
      [04/26/2008, 20:46:38] - Key not found: HKLM\...\Winlogon\Notify\awtsTMCS, continuing.
      [04/26/2008, 20:46:38] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:46:38] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [04/26/2008, 20:46:38] - BHO 6: {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} (MSEvents Object)
      [04/26/2008, 20:46:38] - ALERT: Found MSEvents Object!
      [04/26/2008, 20:46:38] - BHO 7: {F1E7A9DD-F86F-4BBB-8CC1-1A56C57AF8CB} ()
      [04/26/2008, 20:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:38] - Checking for HKLM\...\Winlogon\Notify\mlJBstuv
      [04/26/2008, 20:46:38] - Key not found: HKLM\...\Winlogon\Notify\mlJBstuv, continuing.
      [04/26/2008, 20:46:38] - Finished Searching Browser Helper Objects
      [04/26/2008, 20:46:38] - *** Detected MSEvents Object
      [04/26/2008, 20:46:38] - Trying to remove MSEvents Object...
      [04/26/2008, 20:46:39] - Terminating Process: IEXPLORE.EXE
      [04/26/2008, 20:46:39] - Terminating Process: RUNDLL32.EXE
      [04/26/2008, 20:46:40] - Disabling Automatic Shell Restart
      [04/26/2008, 20:46:40] - Terminating Process: EXPLORER.EXE
      [04/26/2008, 20:46:40] - Suspending the NT Session Manager System Service
      [04/26/2008, 20:46:40] - Terminating Windows NT Logon/Logoff Manager
      [04/26/2008, 20:46:40] - Re-enabling Automatic Shell Restart
      [04/26/2008, 20:46:40] - File to disable: C:\WINDOWS\system32\nnnnNhHA.dll
      [04/26/2008, 20:46:40] - Renaming C:\WINDOWS\system32\nnnnNhHA.dll -> C:\WINDOWS\system32\nnnnNhHA.dll.vir
      [04/26/2008, 20:46:40] - File successfully renamed!
      [04/26/2008, 20:46:40] - Removing HKLM\...\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
      [04/26/2008, 20:46:40] - Removing HKCR\CLSID\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
      [04/26/2008, 20:46:41] - Adding Kill Bit for ActiveX for GUID: {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
      [04/26/2008, 20:46:41] - Deleting ATLEvents/MSEvents Registry entries
      [04/26/2008, 20:46:41] - Removing HKLM\...\Winlogon\Notify\nnnnNhHA
      [04/26/2008, 20:46:41] - Searching for Browser Helper Objects:
      [04/26/2008, 20:46:41] - BHO 1: {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} ()
      [04/26/2008, 20:46:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:41] - Checking for HKLM\...\Winlogon\Notify\cbXoMCrQ
      [04/26/2008, 20:46:41] - Key not found: HKLM\...\Winlogon\Notify\cbXoMCrQ, continuing.
      [04/26/2008, 20:46:41] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [04/26/2008, 20:46:41] - BHO 3: {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} ()
      [04/26/2008, 20:46:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:41] - Checking for HKLM\...\Winlogon\Notify\awtsTMCS
      [04/26/2008, 20:46:41] - Key not found: HKLM\...\Winlogon\Notify\awtsTMCS, continuing.
      [04/26/2008, 20:46:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:46:41] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [04/26/2008, 20:46:41] - BHO 6: {F1E7A9DD-F86F-4BBB-8CC1-1A56C57AF8CB} ()
      [04/26/2008, 20:46:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:46:41] - Checking for HKLM\...\Winlogon\Notify\mlJBstuv
      [04/26/2008, 20:46:41] - Key not found: HKLM\...\Winlogon\Notify\mlJBstuv, continuing.
      [04/26/2008, 20:46:41] - Finished Searching Browser Helper Objects
      [04/26/2008, 20:46:41] - Finishing up...
      [04/26/2008, 20:46:41] - A restart is needed.
      [04/26/2008, 20:46:41] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [04/26/2008, 20:48:41] - Attempting to Restart via STOP error (Blue Screen!)



      RVAXO:

      ---RVAXO.exe Updated: 2008-04-25---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BM87f350ca.xml
      C:\WINDOWS\BM87f350ca.txt
      C:\WINDOWS\system32\vutsBJlm.ini2

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner:

      Deckard's System Scanner v20071014.68
      Run by Administrator on 2008-04-26 21:13:23
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      47: 2008-04-26 19:13:28 UTC - RP47 - Deckard's System Scanner Restore Point
      46: 2008-04-26 16:26:35 UTC - RP46 - Software Distribution Service 3.0
      45: 2008-04-26 00:24:00 UTC - RP45 - Installed Ad-Aware 2007
      44: 2008-04-25 13:30:53 UTC - RP44 - Software Distribution Service 3.0
      43: 2008-04-25 08:59:19 UTC - RP43 - Installed Windows Media Player 10


      -- First Restore Point --
      1: 2008-04-23 18:16:26 UTC - RP1 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Administrator.exe) ---------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:14:22, on 26-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\LogMeIn\x86\RaMaint.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Documents and Settings\Administrator\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} - C:\WINDOWS\system32\cbXoMCrQ.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} - C:\WINDOWS\system32\awtsTMCS.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {AB4B5A6B-04EF-4A6B-B128-AFDCB5C68F85} - C:\WINDOWS\system32\mlJBstuv.dll
      O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - (no file)
      O2 - BHO: {6b10776a-332a-c088-b1c4-7afe26926dbf} - {fbd62962-efa7-4c1b-880c-a233a67701b6} - C:\WINDOWS\system32\mqvthope.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [84c06356] rundll32.exe "C:\WINDOWS\system32\btdxeigv.dll",b
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [BM87f350ca] Rundll32.exe "C:\WINDOWS\system32\sjoycuiw.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\RunOnce: [SpybotDeletingB8520] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208975223921
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208975320968
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
      O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

      --
      End of file - 8031 bytes

      -- File Associations -----------------------------------------------------------

      .txt - txtfile - shell\open\command - "E:\Irfan\Prive\Downloads\other\EditPad.Pro.6.1.2\EditPadPro.exe" "%1"


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>

      S3 PCANDIS5_RETWIFI (PCANDIS5_RETWIFI Protocol Driver) - c:\progra~1\eeyedi~1\retina~1\pcandis5_retwifi.sys (file missing)
      S3 PCANDIS5_WIFISCAN.SYS - c:\program files\eeye digital security\retina wireless scanner\pcandis5_wifiscan.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
      S3 SQTECH930B (Trust WB-3500T USB2 Webcam) - c:\windows\system32\drivers\capt930b.sys (file missing)
      S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
      R2 aspnet_admin (ASP.NET Admin Service) - c:\windows\microsoft.net\framework\v2.0.40607\aspnet_admin.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
      R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
      Description:
      Device ID: ACPI\HPQ0006\2&DABA3FF&0
      Manufacturer:
      Name:
      PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
      Service:

      Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
      Description: SM-buscontroller
      Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
      Manufacturer:
      Name: SM-buscontroller
      PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
      Service:


      -- Scheduled Tasks -------------------------------------------------------------

      2008-04-24 18:00:22 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


      -- Files created between 2008-03-26 and 2008-04-26 -----------------------------

      2008-04-26 21:10:10 192639 --ahs---- C:\WINDOWS\system32\vutsBJlm.ini2
      2008-04-26 21:07:09 0 d-------- C:\RVAXO
      2008-04-26 20:59:21 803317 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-26 20:59:21 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-26 20:54:23 107072 --a------ C:\WINDOWS\system32\mqvthope.dll
      2008-04-26 20:45:53 106048 --a------ C:\WINDOWS\system32\sjoycuiw.dll
      2008-04-26 20:45:03 283136 --a------ C:\WINDOWS\system32\mlJBstuv.dll
      2008-04-26 18:30:55 0 d-------- C:\Program Files\Trend Micro
      2008-04-26 02:24:03 0 d-------- C:\Program Files\Lavasoft
      2008-04-26 02:24:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-26 02:22:37 0 d-------- C:\Program Files\XeroBank
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\UC.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\RAR.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\PKZIP.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\PKUNZIP.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\NOCLOSE.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\LHA.PIF
      2008-04-25 19:37:45 545 --a------ C:\WINDOWS\ARJ.PIF
      2008-04-25 19:37:39 0 d-------- C:\totalcmd
      2008-04-25 18:00:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-25 10:59:19 0 d-------- C:\WINDOWS\RegisteredPackages
      2008-04-25 10:58:54 0 d-------- C:\Program Files\DAEMON Tools Lite
      2008-04-25 10:34:07 0 d-------- C:\BMW M3 Challenge
      2008-04-25 09:11:30 0 d-------- C:\Program Files\MSECache
      2008-04-25 04:35:06 0 d-------- C:\WINDOWS\SHELLNEW
      2008-04-25 04:24:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-04-25 04:24:24 0 dr-h----- C:\MSOCache
      2008-04-25 02:00:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\JGsoft
      2008-04-24 20:18:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall
      2008-04-24 18:57:28 0 d-------- C:\WINDOWS\PixArt
      2008-04-24 18:57:27 0 d-------- C:\Program Files\Common Files\PCCamera
      2008-04-24 18:56:59 0 d-------- C:\WINDOWS\Downloaded Installations
      2008-04-24 18:36:17 0 d-------- C:\Program Files\Trust
      2008-04-24 18:36:07 0 d-------- C:\download
      2008-04-24 18:02:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
      2008-04-24 18:02:22 0 d-------- C:\Program Files\iPod
      2008-04-24 18:02:13 0 d-------- C:\Program Files\iTunes
      2008-04-24 18:01:57 0 d-------- C:\Program Files\Bonjour
      2008-04-24 18:01:07 0 d-------- C:\Program Files\QuickTime
      2008-04-24 18:01:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-04-24 18:00:15 0 d-------- C:\Program Files\Apple Software Update
      2008-04-24 17:59:27 0 d-------- C:\Program Files\Common Files\Apple
      2008-04-24 17:59:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-04-24 15:44:59 0 d-------- C:\Program Files\KanjiGold
      2008-04-24 15:43:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\ESET
      2008-04-24 15:34:38 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-04-24 15:34:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
      2008-04-24 11:21:12 0 d-------- C:\Program Files\LogMeIn
      2008-04-24 01:36:40 0 d-------- C:\Program Files\Microsoft ActiveSync
      2008-04-24 01:28:26 0 d--hs---- C:\WINDOWS\CSC
      2008-04-24 01:03:46 0 d-------- C:\Program Files\Common Files\Stardock
      2008-04-24 00:54:15 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
      2008-04-24 00:54:12 3932160 --a------ C:\Documents and Settings\Administrator\ntuser.dat
      2008-04-24 00:48:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
      2008-04-23 23:50:20 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-04-23 23:40:37 0 d-------- C:\Program Files\Samurize
      2008-04-23 23:25:55 0 d--h----- C:\WINDOWS\PIF
      2008-04-23 23:22:29 0 d-------- C:\Program Files\eEye Digital Security
      2008-04-23 23:22:29 0 d-------- C:\Program Files\Common Files\eEye Digital Security
      2008-04-23 23:16:54 0 d-------- C:\Intel
      2008-04-23 22:58:30 0 d-------- C:\Program Files\Lavalys
      2008-04-23 22:51:14 0 d-------- C:\Program Files\SP35954
      2008-04-23 22:16:55 0 d-------- C:\WINDOWS\system32\Lang
      2008-04-23 22:11:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
      2008-04-23 22:11:24 0 d-------- C:\Program Files\Common Files\Adobe
      2008-04-23 21:17:09 0 d-------- C:\Program Files\CONEXANT
      2008-04-23 21:17:07 0 d-------- C:\Program Files\SP23455
      2008-04-23 21:15:32 0 d-------- C:\Program Files\Broadcom
      2008-04-23 21:15:28 0 d-------- C:\Program Files\Common Files\InstallShield
      2008-04-23 21:13:39 0 d-------- C:\Program Files\Hewlett-Packard
      2008-04-23 21:13:07 0 d-------- C:\swsetup
      2008-04-23 21:04:46 0 d--hs---- C:\WINDOWS\Installer
      2008-04-23 21:04:45 0 d-------- C:\Program Files\Common Files\ODBC
      2008-04-23 21:04:42 0 d-------- C:\Program Files\Common Files\SpeechEngines
      2008-04-23 21:04:41 0 dr------- C:\Program Files
      2008-04-23 21:04:41 0 d-------- C:\Program Files\Common Files
      2008-04-23 21:04:07 0 d--h----- C:\Documents and Settings\Default User\Sjablonen
      2008-04-23 21:04:07 0 dr-h----- C:\Documents and Settings\Default User\SendTo
      2008-04-23 21:04:07 0 d--h----- C:\Documents and Settings\Default User\Onlangs geopend
      2008-04-23 21:04:07 0 d--h----- C:\Documents and Settings\Default User\Netwerkprinteromgeving
      2008-04-23 21:04:07 0 d--h----- C:\Documents and Settings\Default User\NetHood
      2008-04-23 21:04:07 0 d-------- C:\Documents and Settings\Default User\Mijn documenten
      2008-04-23 21:04:07 0 dr------- C:\Documents and Settings\Default User\Menu Start
      2008-04-23 21:04:07 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
      2008-04-23 21:04:07 0 d-------- C:\Documents and Settings\Default User\Favorieten
      2008-04-23 21:04:07 0 d---s---- C:\Documents and Settings\Default User\Cookies
      2008-04-23 21:04:07 0 d-------- C:\Documents and Settings\Default User\Bureaublad
      2008-04-23 21:04:07 0 d--h----- C:\Documents and Settings\All Users\Sjablonen
      2008-04-23 21:04:07 0 dr------- C:\Documents and Settings\All Users\Menu Start
      2008-04-23 21:04:07 0 d-------- C:\Documents and Settings\All Users\Favorieten
      2008-04-23 21:04:07 0 dr------- C:\Documents and Settings\All Users\Documenten
      2008-04-23 21:04:07 0 d-------- C:\Documents and Settings\All Users\Bureaublad
      2008-04-23 21:03:56 0 d-------- C:\WINDOWS\system32\CatRoot2
      2008-04-23 21:03:56 0 d-------- C:\WINDOWS\system32\CatRoot
      2008-04-23 21:03:51 0 dr-h----- C:\Documents and Settings\Default User\Application Data
      2008-04-23 21:03:51 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
      2008-04-23 21:03:50 0 dr-h----- C:\Documents and Settings\All Users\Application Data
      2008-04-23 21:03:50 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
      2008-04-23 21:03:24 0 d-------- C:\Documents and Settings
      2008-04-23 21:03:23 0 d--hs---- C:\System Volume Information
      2008-04-23 21:00:38 164352 --a------ C:\WINDOWS\system32\unrar.dll
      2008-04-23 21:00:35 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
      2008-04-23 21:00:35 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
      2008-04-23 21:00:35 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
      2008-04-23 21:00:35 2102272 --a------ C:\WINDOWS\system32\x264vfw.dll
      2008-04-23 21:00:35 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
      2008-04-23 21:00:35 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
      2008-04-23 21:00:35 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
      2008-04-23 21:00:35 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
      2008-04-23 21:00:34 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
      2008-04-23 21:00:34 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
      2008-04-23 21:00:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
      2008-04-23 21:00:32 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
      2008-04-23 21:00:31 0 d-------- C:\Program Files\K-Lite Codec Pack
      2008-04-23 20:58:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\WinSxS
      2008-04-23 20:56:40 0 dr------- C:\WINDOWS\Web
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\twain_32
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\wins
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\wbem
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\usmt
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\spool
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\ShellExt
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\Setup
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\ras
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\oobe
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\npp
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\mui
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\inetsrv
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\IME
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\icsxml
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\ias
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\export
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\drivers
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\drivers\etc
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\drivers\disdn
      2008-04-23 20:56:40 0 dr-hs--c- C:\WINDOWS\system32\dllcache
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\dhcp
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\config
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\3com_dmi
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\3076
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\2052
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1054
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1043
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1042
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1041
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1037
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1033
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1031
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1028
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system32\1025
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\system
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\security
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Resources
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\repair
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Provisioning
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\PeerNet
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\pchealth
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\NLDRV
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\mui
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\msapps
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\msagent
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Media
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\java
      2008-04-23 20:56:40 0 d--h----- C:\WINDOWS\inf
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\ime
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Help
      2008-04-23 20:56:40 0 dr--s---- C:\WINDOWS\Fonts
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\ehome
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Driver Cache
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Debug
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Cursors
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Connection Wizard
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\Config
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\AppPatch
      2008-04-23 20:56:40 0 d-------- C:\WINDOWS\addins
      2008-04-23 20:54:40 0 d-------- C:\WINDOWS\system32\LogFiles
      2008-04-23 20:54:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
      2008-04-23 20:40:33 0 d-------- C:\Program Files\Messenger Plus! Live
      2008-04-23 20:35:24 0 d-------- C:\Documents and Settings\Administrator\Contacts
      2008-04-23 20:35:05 0 d------c- C:\WINDOWS\system32\DRVSTORE
      2008-04-23 20:32:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
      2008-04-23 20:30:49 0 d-------- C:\WINDOWS\system32\PreInstall
      2008-04-23 20:30:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-04-23 20:30:33 0 d-------- C:\Program Files\Windows Live
      2008-04-23 20:30:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-23 20:27:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
      2008-04-23 20:20:13 0 d-------- C:\WINDOWS\system32\nl-nl
      2008-04-23 20:19:11 0 d--h----- C:\WINDOWS\$hf_mig$
      2008-04-23 20:15:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
      2008-04-23 20:15:14 1692 --a------ C:\WINDOWS\mozver.dat
      2008-04-23 20:11:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ViStart
      2008-04-23 20:09:18 0 d-------- C:\WINDOWS\system32\VIRepair
      2008-04-23 20:09:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Styler
      2008-04-23 20:09:12 0 d-------- C:\Program Files\TrueTransparency
      2008-04-23 20:09:11 0 d-------- C:\Program Files\WinFlip
      2008-04-23 20:09:10 0 d-------- C:\Program Files\Styler
      2008-04-23 20:05:50 0 d-------- C:\WINDOWS\system32\VITrans
      2008-04-23 20:05:49 111104 --a------ C:\WINDOWS\system32\Uharc.exe
      2008-04-23 20:05:49 19968 --a------ C:\WINDOWS\system32\reico.exe <Not Verified; Dead Knight; >
      2008-04-23 20:05:49 94208 --a------ C:\WINDOWS\system32\pskill.exe <Not Verified; Sysinternals - www.sysinternals.com; Systems Internals pkill>
      2008-04-23 20:05:49 8636 --a------ C:\WINDOWS\system32\modifype.exe
      2008-04-23 20:05:49 0 d-------- C:\VTPFiles
      2008-04-23 20:05:26 37888 --a------ C:\WINDOWS\system32\jkkICuSl.dll
      2008-04-23 20:04:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-23 20:00:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-23 19:57:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
      2008-04-23 19:57:54 0 d-------- C:\Program Files\SystemRequirementsLab
      2008-04-23 19:57:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
      2008-04-23 19:57:38 0 d-------- C:\WINDOWS\Sun
      2008-04-23 19:57:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
      2008-04-23 19:57:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
      2008-04-23 19:56:16 0 d-------- C:\Program Files\Java
      2008-04-23 19:55:39 0 d-------- C:\Program Files\Common Files\Java
      2008-04-23 19:50:11 0 d-------- C:\Program Files\uTorrent
      2008-04-23 19:50:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
      2008-04-23 19:49:35 0 --a------ C:\WINDOWS\nsreg.dat
      2008-04-23 19:49:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
      2008-04-23 19:47:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
      2008-04-23 19:27:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
      2008-04-23 19:18:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
      2008-04-23 19:14:28 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-04-23 19:14:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
      2008-04-23 19:14:28 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-04-23 19:14:28 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-04-23 19:14:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
      2008-04-23 19:14:28 0 dr------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-04-23 19:14:28 0 dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-04-23 19:14:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
      2008-04-23 19:14:28 0 dr------- C:\Documents and Settings\Administrator\Favorieten
      2008-04-23 19:14:28 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
      2008-04-23 19:14:28 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-04-23 19:14:28 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
      2008-04-23 19:14:24 0 d-------- C:\WINDOWS\SoftwareDistribution
      2008-04-23 19:14:21 0 d---s---- C:\WINDOWS\system32\Microsoft
      2008-04-23 19:14:21 0 d-------- C:\WINDOWS\Prefetch
      2008-04-23 19:14:20 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
      2008-04-23 19:14:20 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
      2008-04-23 19:14:20 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
      2008-04-23 19:14:20 0 d-------- C:\Documents and Settings\LocalService\Application Data
      2008-04-23 19:14:20 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
      2008-04-23 19:14:17 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
      2008-04-23 19:14:17 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
      2008-04-23 19:14:17 0 d-------- C:\Documents and Settings\NetworkService\Application Data
      2008-04-23 19:14:17 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
      2008-04-23 19:14:16 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
      2008-04-23 19:10:39 0 d-------- C:\WINDOWS\system32\xircom
      2008-04-23 19:10:39 0 d-------- C:\Program Files\msn gaming zone
      2008-04-23 19:10:39 0 d-------- C:\Program Files\microsoft frontpage
      2008-04-23 19:10:27 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
      2008-04-23 19:10:22 0 -rahs---- C:\MSDOS.SYS
      2008-04-23 19:10:22 0 -rahs---- C:\IO.SYS
      2008-04-23 19:10:22 0 --a------ C:\CONFIG.SYS
      2008-04-23 19:10:22 0 --a------ C:\AUTOEXEC.BAT
      2008-04-23 19:09:40 0 d--hs---- C:\Documents and Settings\All Users\DRM
      2008-04-23 19:09:33 0 dr------- C:\WINDOWS\Offline Web Pages
      2008-04-23 19:09:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
      2008-04-23 19:09:23 0 d--h----- C:\Program Files\WindowsUpdate
      2008-04-23 19:09:22 0 d-------- C:\Program Files\Online Services
      2008-04-23 19:09:05 0 d-------- C:\WINDOWS\system32\DirectX
      2008-04-23 19:08:22 0 d---s---- C:\WINDOWS\Tasks
      2008-04-23 19:08:21 0 d-------- C:\Program Files\Common Files\MSSoap
      2008-04-23 19:08:17 0 d-------- C:\WINDOWS\srchasst
      2008-04-23 19:08:16 0 d-------- C:\WINDOWS\system32\Macromed
      2008-04-23 19:08:06 0 d-------- C:\Program Files\Movie Maker
      2008-04-23 19:07:56 0 d-------- C:\WINDOWS\system32\Restore
      2008-04-23 19:07:16 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
      2008-04-23 19:07:13 0 d-------- C:\WINDOWS\Registration
      2008-04-23 19:06:41 0 d-------- C:\Program Files\Windows NT
      2008-04-23 19:06:39 215552 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
      2008-04-23 19:06:38 0 d-------- C:\WINDOWS\system32\MsDtc
      2008-04-23 19:06:36 0 d-------- C:\WINDOWS\system32\Com
      2008-04-23 18:27:03 1548288 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


      -- Find3M Report ---------------------------------------------------------------

      2008-04-26 21:11:28 453900 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-26 21:11:28 76892 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-24 01:37:42 2528 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
      2008-04-23 21:04:07 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FFA4CEC-B807-4734-B1E2-B7FA91C5C491}]
      C:\WINDOWS\system32\cbXoMCrQ.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CCD98A6-8E55-41EE-8286-D9116BCC40A4}]
      C:\WINDOWS\system32\awtsTMCS.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4B5A6B-04EF-4A6B-B128-AFDCB5C68F85}]
      26-04-2008 20:45 283136 --a------ C:\WINDOWS\system32\mlJBstuv.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbd62962-efa7-4c1b-880c-a233a67701b6}]
      26-04-2008 20:54 107072 --a------ C:\WINDOWS\system32\mqvthope.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10-01-2007 15:13]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15-02-2008 12:46]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [15-02-2008 12:46]
      "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [15-02-2008 12:46]
      "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03-08-2007 15:09]
      "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [30-01-2008 12:37]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]
      "84c06356"="C:\WINDOWS\system32\btdxeigv.dll"
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 07:00]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [31-12-2002 14:00]
      "EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [17-03-2008 00:00]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01-04-2008 11:39]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-2007 11:34]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
      "SpybotDeletingB8520"=command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"

      C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\
      Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [29-8-2007 0:23:36]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLowDiskSpaceChecks"=1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoLowDiskSpaceChecks"=1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
      LMIinit.dll 15-11-2007 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJBstuv

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec24de6-1291-11dd-8fca-001a7310498f}]
      AutoRun\command- G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




      -- End of Deckard's System Scanner: finished at 2008-04-26 21:15:11 ------------


      Er opende een bestandje extra.txt na de scan van Deckard, deze post ik hier ook aangezien ik hem niet als bijlage kan invoegen(er gebeurt niks als ik op bijlage klik)

      Comment


      • #4
        Deckard's System Scanner v20071014.68
        Extra logfile - please post this as an attachment with your post.
        --------------------------------------------------------------------------------

        -- System Information ----------------------------------------------------------

        Microsoft Windows XP Professional (build 2600) SP 2.0
        Architecture: X86; Language: Dutch

        CPU 0: Genuine Intel(R) CPU T2060 @ 1.60GHz
        CPU 1: Genuine Intel(R) CPU T2060 @ 1.60GHz
        Percentage of Memory in Use: 42%
        Physical Memory (total/avail): 1014.04 MiB / 584.1 MiB
        Pagefile Memory (total/avail): 2439.92 MiB / 2094.44 MiB
        Virtual Memory (total/avail): 2047.88 MiB / 1915.1 MiB

        C: is Fixed (NTFS) - 74.52 GiB total, 56.11 GiB free.
        D: is CDROM (No Media)
        F: is CDROM (No Media)

        \\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 1 partition
        \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



        -- Security Center -------------------------------------------------------------

        AUOptions is scheduled to auto-install.
        Windows Internal Firewall is enabled.

        FirstRunDisabled is set.
        AntiVirusDisableNotify is set.
        FirewallDisableNotify is set.
        UpdatesDisableNotify is set.

        FW: ESET Persoonlijke firewall v3.0.630.0 (ESET, spol. s r. o.)
        AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
        "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
        "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
        "E:\\Irfan\\Prive\\Mijn Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"="E:\\Irfan\\Prive\\Mijn Games\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"


        -- Environment Variables -------------------------------------------------------

        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        APPDATA=C:\Documents and Settings\Administrator\Application Data
        CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
        CLIENTNAME=Console
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=RETESTRAK
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Documents and Settings\Administrator
        LOGONSERVER=\\RETESTRAK
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0e0c
        ProgramFiles=C:\Program Files
        PROMPT=$P$G
        QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
        SamDir=SINSTDIR
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
        TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
        USERDOMAIN=RETESTRAK
        USERNAME=Administrator
        USERPROFILE=C:\Documents and Settings\Administrator
        windir=C:\WINDOWS


        -- User Profiles ---------------------------------------------------------------

        Administrator (admin)


        -- Add/Remove Programs ---------------------------------------------------------

        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
        Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
        Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
        Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
        Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
        Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
        µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
        Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
        Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
        BMW M3 Challenge --> "C:\BMW M3 Challenge\Support\unins000.exe"
        Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
        Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
        Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpv30A5a.inf
        eEye Digital Security Retina Wifi Scanner --> MsiExec.exe /I{3E4E4BB3-5B9C-4D5E-8EE1-57869A3AA2B0}
        ESET Smart Security --> MsiExec.exe /I{D5480218-2D05-4B99-BCDE-1FF6E4A738FE}
        EVEREST Ultimate Edition v4.50 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
        HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VENICE_HSF\UIU32m.exe -U -IwqcVen5m.inf
        HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
        HP Wireless Assistant --> MsiExec.exe /I{6FE30813-AC60-40A3-BE53-F6713A1F3893}
        Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
        iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
        Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
        K-Lite Codec Pack 3.9.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
        Kanji Gold 2.10 --> "C:\Program Files\KanjiGold\unins000.exe"
        LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
        Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
        Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
        Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
        Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
        Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
        Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
        Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
        Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
        Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
        Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
        Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
        Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
        Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
        Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
        Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
        Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
        Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
        Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
        Microsoft Office Visio Viewer 2007 --> MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
        Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
        Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
        QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
        Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
        Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
        Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
        Serious Samurize --> "C:\Program Files\Samurize\Uninstall.exe"
        Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
        System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
        Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
        Trust WB-1400T Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F6CE1230-A694-4B86-B21C-A11A112689DA} /l1033
        Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
        Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
        Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
        Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
        Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
        Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
        Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
        Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
        Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
        Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
        Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
        Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
        Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
        Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
        Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
        Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
        Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
        Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
        Windows Live Mail --> MsiExec.exe /I{DB8DEC88-4D53-4A3A-964A-D22509D27455}
        Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
        WinRAR --> C:\Program Files\WinRAR\uninstall.exe


        -- Application Event Log -------------------------------------------------------

        Event Record #/Type471 / Error
        Event Submitted/Written: 04/25/2008 04:30:28 AM
        Event ID/Source: 11500 / MsiInstaller
        Event Description:
        Product: Microsoft Office Proof (Dutch) 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

        Event Record #/Type470 / Error
        Event Submitted/Written: 04/25/2008 04:30:27 AM
        Event ID/Source: 11500 / MsiInstaller
        Event Description:
        Product: Microsoft Office Proof (Dutch) 2007 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

        Event Record #/Type469 / Warning
        Event Submitted/Written: 04/25/2008 04:30:25 AM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {90120000-001F-0413-0000-0000000FF1CE}, functie SpellingAndGrammarFilesExp1_1043 is mislukt tijdens het aanvragen van onderdeel {0CB03F4D-528F-4102-B147-7EB3E655CB47}

        Event Record #/Type468 / Warning
        Event Submitted/Written: 04/25/2008 04:30:04 AM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {90120000-0030-0000-0000-0000000FF1CE}, functie EXCELFiles is mislukt tijdens het aanvragen van onderdeel {0638C49D-BB8B-4CD1-B191-052E8F325736}

        Event Record #/Type448 / Warning
        Event Submitted/Written: 04/25/2008 04:27:48 AM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {90120000-0030-0000-0000-0000000FF1CE}, functie WORDSharedFiles is mislukt tijdens het aanvragen van onderdeel {CEB02EF1-C9B5-4FCA-8A93-1B83C601A703}



        -- Security Event Log ----------------------------------------------------------

        No Errors/Warnings found.


        -- System Event Log ------------------------------------------------------------

        Event Record #/Type1185 / Error
        Event Submitted/Written: 04/25/2008 08:42:20 AM
        Event ID/Source: 7000 / Service Control Manager
        Event Description:
        De PCANDIS5_RETWIFI Protocol Driver-service kan vanwege de volgende fout niet worden gestart:
        %%2

        Event Record #/Type1184 / Error
        Event Submitted/Written: 04/25/2008 08:42:20 AM
        Event ID/Source: 7000 / Service Control Manager
        Event Description:
        De PCANDIS5_RETWIFI Protocol Driver-service kan vanwege de volgende fout niet worden gestart:
        %%2

        Event Record #/Type1155 / Warning
        Event Submitted/Written: 04/25/2008 05:38:10 AM
        Event ID/Source: 256 / PlugPlayManager
        Event Description:
        Time-out tijdens verzenden van melding over wijziging van apparaatinterface naar venster van SAS window

        Event Record #/Type1154 / Warning
        Event Submitted/Written: 04/25/2008 05:38:10 AM
        Event ID/Source: 57 / Ftdisk
        Event Description:
        Het legen van gegevens naar het transactielogboek is mislukt. De gegevens kunnen beschadigd raken.

        Event Record #/Type1153 / Warning
        Event Submitted/Written: 04/25/2008 05:38:10 AM
        Event ID/Source: 57 / Ftdisk
        Event Description:
        Het legen van gegevens naar het transactielogboek is mislukt. De gegevens kunnen beschadigd raken.



        -- End of Deckard's System Scanner: finished at 2008-04-26 21:15:11 ------------

        Comment


        • #5
          Start Hijackthis en vink alleen de volgende regels aan:
          O2 - BHO: (no name) - {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} - C:\WINDOWS\system32\cbXoMCrQ.dll (file missing)
          O2 - BHO: (no name) - {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} - C:\WINDOWS\system32\awtsTMCS.dll (file missing)
          O2 - BHO: (no name) - {AB4B5A6B-04EF-4A6B-B128-AFDCB5C68F85} - C:\WINDOWS\system32\mlJBstuv.dll
          O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - (no file)
          O2 - BHO: {6b10776a-332a-c088-b1c4-7afe26926dbf} - {fbd62962-efa7-4c1b-880c-a233a67701b6} - C:\WINDOWS\system32\mqvthope.dll
          O4 - HKLM\..\Run: [84c06356] rundll32.exe "C:\WINDOWS\system32\btdxeigv.dll",b
          O4 - HKLM\..\Run: [BM87f350ca] Rundll32.exe "C:\WINDOWS\system32\sjoycuiw.dll",s

          Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".


          Open een kladblokbestand.
          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

          @ECHO OFF
          IF EXIST log.txt DEL log.txt
          ECHO Deleting files>>log.txt
          FOR %%g in (
          C:\WINDOWS\system32\vutsBJlm.ini2
          C:\WINDOWS\system32\mqvthope.dll
          C:\WINDOWS\system32\sjoycuiw.dll
          C:\WINDOWS\system32\mlJBstuv.dll) DO (
          del /q %%gNUCIA
          IF EXIST %%g (
          ATTRIB -r -s -h %%g
          DEL %%g
          REN %%g *NUCIA
          IF EXIST %%gNUCIA (
          ECHO renamed to %%gNUCIA>>log.txt)
          IF EXIST %%g (
          ECHO %%g not deleted>>log.txt
          ) ELSE (
          ECHO %%g deleted>>log.txt)
          ) ELSE (
          ECHO %%g not found>>log.txt))
          START NOTEPAD.EXE log.txt

          Ga naar Bestand - Opslaan als.
          Bij "Opslaan in" kies je: Bureaublad
          Bij "Bestandsnaam" zet je: del.bat
          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
          Klik op de knop Opslaan.

          Dubbelklik op del.bat en post het logje van del.bat

          Herstart je computer.

          Post na de herstart een nieuw logje van Hijackthis

          Comment


          • #6
            De HijackThis-log:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 21:48:20, on 26-4-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
            C:\WINDOWS\system32\igfxtray.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
            C:\WINDOWS\system32\igfxsrvc.exe
            C:\Program Files\ESET\ESET Smart Security\egui.exe
            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
            C:\Program Files\DAEMON Tools Lite\daemon.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
            C:\Program Files\LogMeIn\x86\RaMaint.exe
            C:\Program Files\LogMeIn\x86\LogMeIn.exe
            C:\WINDOWS\System32\PAStiSvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
            C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
            C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
            C:\Program Files\Windows Live\Messenger\usnsvc.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
            O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\RunOnce: [SpybotDeletingB8520] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
            O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208975223921
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208975320968
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
            O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
            O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

            --
            End of file - 7088 bytes

            Comment


            • #7
              del.bat gaf geen logje?

              Download The Avenger en pak het programma uit op je bureaublad.
              Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
              In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


              Files to delete:
              C:\WINDOWS\system32\mlJBstuv.dll


              Klik daarna op de knop Execute.
              The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
              Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

              Comment


              • #8
                Log Avenger:
                Logfile of The Avenger Version 2.0, (c) by Swandog46
                http://swandog46.geekstogo.com

                Platform: Windows XP

                *******************

                Script file opened successfully.
                Script file read successfully.

                Backups directory opened successfully at C:\Avenger

                *******************

                Beginning to process script file:

                Rootkit scan active.
                No rootkits found!

                File "C:\WINDOWS\system32\mlJBstuv.dll" deleted successfully.

                Completed script processing.

                *******************

                Finished! Terminate.

                Log HijackThis:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 22:47:40, on 26-4-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                E:\Irfan\Prive\Downloads\other\EditPad.Pro.6.1.2\EditPadPro.exe
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                C:\WINDOWS\system32\igfxtray.exe
                C:\WINDOWS\system32\hkcmd.exe
                C:\WINDOWS\system32\igfxsrvc.exe
                C:\WINDOWS\system32\igfxpers.exe
                C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
                C:\Program Files\ESET\ESET Smart Security\egui.exe
                C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
                C:\Program Files\DAEMON Tools Lite\daemon.exe
                C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
                C:\Program Files\Bonjour\mDNSResponder.exe
                C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                C:\Program Files\LogMeIn\x86\RaMaint.exe
                C:\Program Files\LogMeIn\x86\LogMeIn.exe
                C:\WINDOWS\System32\PAStiSvc.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
                C:\WINDOWS\system32\wuauclt.exe
                C:\Program Files\Windows Live\Messenger\usnsvc.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: (no name) - {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} - C:\WINDOWS\system32\cbXoMCrQ.dll (file missing)
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: (no name) - {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} - C:\WINDOWS\system32\awtsTMCS.dll (file missing)
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - (no file)
                O2 - BHO: (no name) - {CE2B950C-16D0-4F20-B14E-0B19EDE9AA6D} - C:\WINDOWS\system32\mlJBstuv.dll (file missing)
                O2 - BHO: {6b10776a-332a-c088-b1c4-7afe26926dbf} - {fbd62962-efa7-4c1b-880c-a233a67701b6} - C:\WINDOWS\system32\mqvthope.dll (file missing)
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
                O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
                O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                O4 - HKCU\..\RunOnce: [SpybotDeletingB8520] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208975223921
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208975320968
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
                O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
                O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

                --
                End of file - 8053 bytes

                Comment


                • #9
                  Start Hijackthis en vink alleen de volgende regels aan:
                  O2 - BHO: (no name) - {0FFA4CEC-B807-4734-B1E2-B7FA91C5C491} - C:\WINDOWS\system32\cbXoMCrQ.dll (file missing)
                  O2 - BHO: (no name) - {5CCD98A6-8E55-41EE-8286-D9116BCC40A4} - C:\WINDOWS\system32\awtsTMCS.dll (file missing)
                  O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - (no file)
                  O2 - BHO: (no name) - {CE2B950C-16D0-4F20-B14E-0B19EDE9AA6D} - C:\WINDOWS\system32\mlJBstuv.dll (file missing)
                  O2 - BHO: {6b10776a-332a-c088-b1c4-7afe26926dbf} - {fbd62962-efa7-4c1b-880c-a233a67701b6} - C:\WINDOWS\system32\mqvthope.dll (file missing)

                  Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                  Herstart je computer.

                  Post na de herstart een nieuw logje van Hijackthis

                  Comment


                  • #10
                    HijackThis-log:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 23:40:59, on 26-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                    C:\WINDOWS\system32\igfxtray.exe
                    C:\WINDOWS\system32\hkcmd.exe
                    C:\WINDOWS\system32\igfxpers.exe
                    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
                    C:\WINDOWS\system32\igfxsrvc.exe
                    C:\Program Files\ESET\ESET Smart Security\egui.exe
                    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
                    C:\Program Files\DAEMON Tools Lite\daemon.exe
                    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
                    C:\Program Files\Bonjour\mDNSResponder.exe
                    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                    C:\Program Files\LogMeIn\x86\RaMaint.exe
                    C:\Program Files\LogMeIn\x86\LogMeIn.exe
                    C:\WINDOWS\System32\PAStiSvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
                    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
                    C:\Program Files\Windows Live\Messenger\usnsvc.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\Mozilla Firefox\firefox.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
                    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
                    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - HKCU\..\RunOnce: [SpybotDeletingB8520] command /c del "C:\WINDOWS\system32\btdxeigv.dll_old"
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208975223921
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208975320968
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
                    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
                    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

                    --
                    End of file - 7494 bytes

                    Comment


                    • #11
                      Doe dit nog:

                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Zijn alle problemen nu voorbij?

                      Comment


                      • #12
                        het lijkt er wel op, krijg tijdens het opstarten(na het inloggen) nog wel 2 cmd windows te zien, 1tje met iets van c:\windows\system32\ntvdm en de andere gewoon commmand. Ik weet niet of dit iets schadelijks oid is?

                        Voor de rest is alles weg internetten gaat weer snel, scanners vinden niks

                        Dus heel erg bedankt

                        Comment


                        • #13
                          Even zoeken naar restantjes:

                          Download dit bestand: zoek.exe
                          Dubbelklik het, na een tijdje opent er een logje.
                          Post de inhoud van dit logje in je volgende bericht

                          Comment


                          • #14
                            ======C:\WINDOWS====
                            ----a-w 0 2008-04-27 13:23:09 C:\WINDOWS\0.log
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\ARJ.PIF
                            ----a-w 4,762 2008-04-23 19:15:38 C:\WINDOWS\bcmwl.log
                            ----a-w 508 2008-04-26 19:25:09 C:\WINDOWS\BM87f350ca.txt
                            ----a-w 0 2008-04-26 19:09:10 C:\WINDOWS\BM87f350ca.xml
                            --s-a-w 2,048 2008-04-27 13:21:57 C:\WINDOWS\bootstat.dat
                            ----a-w 200 2008-04-23 17:06:19 C:\WINDOWS\cmsetacl.log
                            ----a-w 1,436 2008-04-23 17:21:24 C:\WINDOWS\COM+.log
                            ----a-w 209,547 2008-04-25 13:32:34 C:\WINDOWS\comsetup.log
                            ----a-w 0 2008-04-23 17:10:22 C:\WINDOWS\control.ini
                            ----a-w 6,312 2008-04-23 18:35:05 C:\WINDOWS\DPINST.LOG
                            ----a-w 133 2008-04-23 17:07:12 C:\WINDOWS\DtcInstall.log
                            ----a-w 598,922 2008-04-25 13:32:34 C:\WINDOWS\FaxSetup.log
                            ----a-w 78,942 2008-04-23 18:05:59 C:\WINDOWS\Icon_1.ico
                            ----a-w 33,964 2008-04-23 18:19:45 C:\WINDOWS\IDNMitigationAPIs.log
                            ----a-w 92,169 2008-04-23 18:20:26 C:\WINDOWS\ie7.log
                            ----a-w 15,845 2008-04-23 18:20:36 C:\WINDOWS\ie7_main.log
                            ----a-w 683,054 2008-04-25 13:32:34 C:\WINDOWS\iis6.log
                            ----a-w 1,374 2008-04-25 13:31:59 C:\WINDOWS\imsins.BAK
                            ----a-w 1,374 2008-04-25 13:32:34 C:\WINDOWS\imsins.log
                            ----a-w 91,369 2008-04-23 19:03:04 C:\WINDOWS\KB873339.log
                            ----a-w 38,925 2008-04-23 18:44:16 C:\WINDOWS\KB885835.log
                            ----a-w 97,116 2008-04-23 19:04:53 C:\WINDOWS\KB885836.log
                            ----a-w 45,979 2008-04-23 18:53:12 C:\WINDOWS\KB886185.log
                            ----a-w 5,434 2008-04-23 21:50:41 C:\WINDOWS\KB888111.log
                            ----a-w 84,340 2008-04-23 18:53:54 C:\WINDOWS\KB888302.log
                            ----a-w 35,956 2008-04-23 18:42:58 C:\WINDOWS\KB890046.log
                            ----a-w 79,668 2008-04-23 18:45:34 C:\WINDOWS\KB890859.log
                            ----a-w 81,233 2008-04-23 19:01:34 C:\WINDOWS\KB891781.log
                            ----a-w 34,580 2008-04-23 18:30:57 C:\WINDOWS\KB892130.log
                            ----a-w 96,907 2008-04-23 19:04:01 C:\WINDOWS\KB893756.log
                            ----a-w 38,631 2008-04-23 18:30:11 C:\WINDOWS\KB893803v2.log
                            ----a-w 80,112 2008-04-23 18:46:06 C:\WINDOWS\KB894391.log
                            ----a-w 82,956 2008-04-23 19:02:19 C:\WINDOWS\KB896358.log
                            ----a-w 94,005 2008-04-23 19:03:29 C:\WINDOWS\KB896423.log
                            ----a-w 80,089 2008-04-23 18:52:27 C:\WINDOWS\KB896428.log
                            ----a-w 36,325 2008-04-23 18:30:51 C:\WINDOWS\KB898461.log
                            ----a-w 103,852 2008-04-23 19:05:23 C:\WINDOWS\KB899587.log
                            ----a-w 96,706 2008-04-23 19:04:10 C:\WINDOWS\KB899591.log
                            ----a-w 13,326 2008-04-24 16:59:04 C:\WINDOWS\KB900485.log
                            ----a-w 85,862 2008-04-23 18:53:40 C:\WINDOWS\KB900725.log
                            ----a-w 96,386 2008-04-23 19:04:15 C:\WINDOWS\KB901017.log
                            ----a-w 91,458 2008-04-23 18:54:37 C:\WINDOWS\KB901214.log
                            ----a-w 85,764 2008-04-23 19:01:24 C:\WINDOWS\KB902400.log
                            ----a-w 92,984 2008-04-23 18:54:55 C:\WINDOWS\KB905414.log
                            ----a-w 81,846 2008-04-23 18:52:41 C:\WINDOWS\KB905749.log
                            ----a-w 77,709 2008-04-23 18:45:54 C:\WINDOWS\KB908519.log
                            ----a-w 82,753 2008-04-23 18:52:54 C:\WINDOWS\KB908531.log
                            ----a-w 6,057 2008-04-23 23:36:57 C:\WINDOWS\KB909394.log
                            ----a-w 16,152 2008-04-23 19:02:03 C:\WINDOWS\KB910437.log
                            ----a-w 95,801 2008-04-23 19:03:50 C:\WINDOWS\KB911280.log
                            ----a-w 94,764 2008-04-23 19:03:40 C:\WINDOWS\KB911562.log
                            ----a-w 11,619 2008-04-23 19:01:58 C:\WINDOWS\KB911564.log
                            ----a-w 96,836 2008-04-23 19:04:20 C:\WINDOWS\KB911927.log
                            ----a-w 81,995 2008-04-23 18:52:36 C:\WINDOWS\KB913580.log
                            ----a-w 76,838 2008-04-23 19:00:29 C:\WINDOWS\KB914388.log
                            ----a-w 77,480 2008-04-23 18:45:43 C:\WINDOWS\KB914389.log
                            ----a-w 34,914 2008-04-23 18:19:20 C:\WINDOWS\KB915865.log
                            ----a-w 81,414 2008-04-23 18:53:08 C:\WINDOWS\KB916595.log
                            ----a-w 86,827 2008-04-23 18:54:08 C:\WINDOWS\KB918118.log
                            ----a-w 81,896 2008-04-23 19:01:29 C:\WINDOWS\KB918439.log
                            ----a-w 76,223 2008-04-23 19:00:35 C:\WINDOWS\KB919007.log
                            ----a-w 84,247 2008-04-23 18:53:34 C:\WINDOWS\KB920213.log
                            ----a-w 81,677 2008-04-23 19:01:40 C:\WINDOWS\KB920670.log
                            ----a-w 77,938 2008-04-23 18:45:48 C:\WINDOWS\KB920683.log
                            ----a-w 96,215 2008-04-23 19:04:06 C:\WINDOWS\KB920685.log
                            ----a-w 14,589 2008-04-24 16:58:53 C:\WINDOWS\KB920872.log
                            ----a-w 53,855 2008-04-23 18:54:19 C:\WINDOWS\KB922582.log
                            ----a-w 99,886 2008-04-23 19:04:59 C:\WINDOWS\KB922819.log
                            ----a-w 88,283 2008-04-23 18:54:25 C:\WINDOWS\KB923191.log
                            ----a-w 63,976 2008-04-23 19:48:00 C:\WINDOWS\KB923414.log
                            ----a-w 35,268 2008-04-26 20:11:52 C:\WINDOWS\KB923689.log
                            ----a-w 96,449 2008-04-23 19:03:56 C:\WINDOWS\KB923980.log
                            ----a-w 93,355 2008-04-23 19:03:24 C:\WINDOWS\KB924270.log
                            ----a-w 49,168 2008-04-23 19:47:47 C:\WINDOWS\KB924667.log
                            ----a-w 13,097 2008-04-23 19:02:13 C:\WINDOWS\KB925398.log
                            ----a-w 50,884 2008-04-23 19:47:34 C:\WINDOWS\KB925902.log
                            ----a-w 85,651 2008-04-23 18:54:03 C:\WINDOWS\KB926255.log
                            ----a-w 76,483 2008-04-23 19:00:54 C:\WINDOWS\KB926436.log
                            ----a-w 103,280 2008-04-23 19:05:18 C:\WINDOWS\KB927779.log
                            ----a-w 100,039 2008-04-23 19:05:12 C:\WINDOWS\KB927802.log
                            ----a-w 25,830 2008-04-23 19:02:55 C:\WINDOWS\KB927891.log
                            ----a-w 98,356 2008-04-23 19:04:38 C:\WINDOWS\KB928255.log
                            ----a-w 75,122 2008-04-23 18:45:26 C:\WINDOWS\KB928843.log
                            ----a-w 82,584 2008-04-23 19:01:47 C:\WINDOWS\KB929123.log
                            ----a-w 76,828 2008-04-23 19:00:45 C:\WINDOWS\KB930178.log
                            ----a-w 81,463 2008-04-23 18:53:04 C:\WINDOWS\KB930916.log
                            ----a-w 91,933 2008-04-23 19:03:19 C:\WINDOWS\KB931261.log
                            ----a-w 99,076 2008-04-23 19:04:28 C:\WINDOWS\KB931784.log
                            ----a-w 93,546 2008-04-23 18:54:50 C:\WINDOWS\KB932168.log
                            ----a-w 8,170 2008-04-23 19:47:54 C:\WINDOWS\KB933729.log
                            ----a-w 80,256 2008-04-23 18:52:20 C:\WINDOWS\KB935839.log
                            ----a-w 82,518 2008-04-23 18:53:28 C:\WINDOWS\KB935840.log
                            ----a-w 95,301 2008-04-23 19:03:45 C:\WINDOWS\KB936021.log
                            ----a-w 50,584 2008-04-23 19:47:40 C:\WINDOWS\KB936357.log
                            ----a-w 34,318 2008-04-25 13:31:59 C:\WINDOWS\KB936782.log
                            ----a-w 99,205 2008-04-23 19:04:49 C:\WINDOWS\KB937894.log
                            ----a-w 82,101 2008-04-23 18:53:00 C:\WINDOWS\KB938127-IE7.log
                            ----a-w 94,365 2008-04-23 19:03:36 C:\WINDOWS\KB938828.log
                            ----a-w 87,218 2008-04-23 18:54:13 C:\WINDOWS\KB941202.log
                            ----a-w 84,845 2008-04-23 18:53:59 C:\WINDOWS\KB941568.log
                            ----a-w 91,470 2008-04-26 20:12:24 C:\WINDOWS\KB941569.log
                            ----a-w 92,258 2008-04-23 19:02:59 C:\WINDOWS\KB941644.log
                            ----a-w 91,487 2008-04-23 19:02:48 C:\WINDOWS\KB941693.log
                            ----a-w 61,112 2008-04-23 19:47:24 C:\WINDOWS\KB942763.log
                            ----a-w 79,892 2008-04-23 18:52:15 C:\WINDOWS\KB943055.log
                            ----a-w 32,199 2008-04-23 19:05:08 C:\WINDOWS\KB943460.log
                            ----a-w 82,160 2008-04-23 18:53:24 C:\WINDOWS\KB943485.log
                            ----a-w 76,716 2008-04-23 18:45:38 C:\WINDOWS\KB944653.log
                            ----a-w 82,689 2008-04-23 18:53:18 C:\WINDOWS\KB945553.log
                            ----a-w 91,314 2008-04-23 19:02:43 C:\WINDOWS\KB946026.log
                            ----a-w 30,754 2008-04-23 19:02:38 C:\WINDOWS\KB947864-IE7.log
                            ----a-w 84,783 2008-04-23 18:53:49 C:\WINDOWS\KB948590.log
                            ----a-w 29,060 2008-04-23 19:04:42 C:\WINDOWS\KB948881.log
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\LHA.PIF
                            ----a-w 41,862 2008-04-25 13:32:34 C:\WINDOWS\MedCtrOC.log
                            ----a-w 2,288 2008-04-26 21:49:47 C:\WINDOWS\mozver.dat
                            ----a-w 29,565 2008-04-25 13:32:34 C:\WINDOWS\msgsocm.log
                            ----a-w 189,336 2008-04-25 13:32:33 C:\WINDOWS\msmqinst.log
                            ----a-w 105,675 2008-04-25 13:32:34 C:\WINDOWS\netfxocm.log
                            ----a-w 33,898 2008-04-23 18:19:34 C:\WINDOWS\NLSDownlevelMapping.log
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\NOCLOSE.PIF
                            ----a-w 0 2008-04-23 17:49:35 C:\WINDOWS\nsreg.dat
                            ----a-w 318,766 2008-04-26 19:05:07 C:\WINDOWS\ntbtlog.txt
                            ----a-w 125,331 2008-04-25 13:32:34 C:\WINDOWS\ntdtcsetup.log
                            ----a-w 310,115 2008-04-25 13:32:34 C:\WINDOWS\ocgen.log
                            ----a-w 37,555 2008-04-25 13:32:34 C:\WINDOWS\ocmsn.log
                            ----a-w 4,205 2008-04-23 17:10:13 C:\WINDOWS\ODBCINST.INI
                            ----a-w 833 2008-04-23 17:18:30 C:\WINDOWS\OEWABLog.txt
                            ----a-w 52 2008-04-23 17:14:24 C:\WINDOWS\oobeact.log
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\PKUNZIP.PIF
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\PKZIP.PIF
                            ----a-w 22 2008-04-26 19:09:10 C:\WINDOWS\pskt.ini
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\RAR.PIF
                            ----a-w 8,192 2008-04-23 17:14:20 C:\WINDOWS\REGLOCS.OLD
                            ----a-w 1,672 2008-04-23 19:04:41 C:\WINDOWS\regopt.log
                            ----a-w 4,690 2008-04-26 19:03:42 C:\WINDOWS\SchedLgU.Txt
                            ----a-w 1,022 2008-04-23 17:07:35 C:\WINDOWS\sessmgr.setup.log
                            ----a-w 179,733 2008-04-25 07:19:41 C:\WINDOWS\setupact.log
                            ----a-w 944,273 2008-04-26 20:42:44 C:\WINDOWS\setupapi.log
                            ----a-w 1,109 2008-04-23 17:13:19 C:\WINDOWS\setuperr.log
                            ----a-w 720,070 2008-04-23 17:14:24 C:\WINDOWS\setuplog.txt
                            ----a-w 8,086 2008-04-26 16:19:44 C:\WINDOWS\spupdsvc.log
                            ----a-w 0 2008-04-23 19:06:10 C:\WINDOWS\Sti_Trace.log
                            ----a-w 231 2008-04-23 19:04:41 C:\WINDOWS\system.ini
                            ----a-w 30,797 2008-04-25 13:32:34 C:\WINDOWS\tabletoc.log
                            ----a-w 278,247 2008-04-25 13:32:34 C:\WINDOWS\tsoc.log
                            ----a-w 545 2008-04-22 05:03:00 C:\WINDOWS\UC.PIF
                            ----a-w 72,686 2008-04-26 20:12:24 C:\WINDOWS\updspapi.log
                            ----a-w 36 2008-04-23 17:07:14 C:\WINDOWS\vb.ini
                            ----a-w 37 2008-04-23 17:07:14 C:\WINDOWS\vbaddin.ini
                            ----a-w 39,255 2008-04-23 18:52:08 C:\WINDOWS\WgaNotify.log
                            ----a-w 157 2008-04-27 13:22:40 C:\WINDOWS\wiadebug.log
                            ----a-w 49 2008-04-27 13:22:40 C:\WINDOWS\wiaservc.log
                            ----a-w 726 2008-04-24 17:03:08 C:\WINDOWS\win.ini
                            ----a-w 2,553 2008-04-26 23:31:14 C:\WINDOWS\wincmd.ini
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\WindowsShell.Manifest
                            ----a-w 1,712,428 2008-04-27 13:24:42 C:\WINDOWS\WindowsUpdate.log
                            ----a-w 154 2008-04-26 21:30:06 C:\WINDOWS\wininit.ini
                            ----a-w 44,411 2008-04-26 16:19:32 C:\WINDOWS\wmsetup.log
                            ----a-w 459 2008-04-25 09:00:49 C:\WINDOWS\wmsetup10.log
                            ----a-w 316,640 2008-04-25 08:59:47 C:\WINDOWS\WMSysPr9.prx

                            Entries: 162 (160)
                            Directories: 0 Files: 162
                            Bytes: 14,047,310 Blocks: 27,521
                            ======C:\WINDOWS\system32=====
                            ----a-w 1,260 2008-04-23 17:13:42 C:\WINDOWS\System32\$winnt$.inf
                            ----a-w 16,832 2008-04-25 09:00:30 C:\WINDOWS\System32\amcompat.tlb
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\System32\cdplayer.exe.manifest
                            ----a-w 2,845 2008-04-23 17:10:22 C:\WINDOWS\System32\CONFIG.NT
                            ----a-w 552 2008-04-23 17:57:57 C:\WINDOWS\System32\d3d8caps.dat
                            ----a-w 664 2008-04-23 20:31:31 C:\WINDOWS\System32\d3d9caps.dat
                            ----a-w 682,496 2008-03-31 21:25:46 C:\WINDOWS\System32\divx.dll
                            ----a-w 81,920 2008-03-21 20:28:54 C:\WINDOWS\System32\dpl100.dll
                            ----a-w 21,748 2008-04-23 17:07:16 C:\WINDOWS\System32\emptyregdb.dat
                            ----a-w 169,064 2008-03-16 22:00:00 C:\WINDOWS\System32\everest_cpl.cpl
                            ----a-w 63 2008-04-27 13:22:39 C:\WINDOWS\System32\everest_cpl.ini
                            ----a-w 7,680 2008-03-28 17:41:32 C:\WINDOWS\System32\ff_vfw.dll
                            ----a-w 134,072 2008-04-26 22:45:19 C:\WINDOWS\System32\FNTCACHE.DAT
                            ----a-w 0 2008-04-23 19:06:15 C:\WINDOWS\System32\h323log.txt
                            ----a-w 37,888 2008-04-23 18:05:26 C:\WINDOWS\System32\jkkICuSl.dll
                            ----a-w 6,300 2008-04-23 17:56:37 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                            ------w 1,480,232 2008-03-20 16:06:36 C:\WINDOWS\System32\LegitCheckControl.dll
                            ---ha-r 488 2008-04-23 17:09:32 C:\WINDOWS\System32\logonui.exe.manifest
                            ----a-w 19,836,024 2008-04-05 20:56:22 C:\WINDOWS\System32\MRT.exe
                            ----a-w 124,688 2008-04-23 18:04:54 C:\WINDOWS\System32\MSWINSCK.OCX
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\System32\ncpa.cpl.manifest
                            ----a-w 23,392 2008-04-25 09:00:30 C:\WINDOWS\System32\nscompat.tlb
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\System32\nwc.cpl.manifest
                            ----a-w 59,490 2008-04-26 22:50:08 C:\WINDOWS\System32\perfc009.dat
                            ----a-w 76,892 2008-04-26 22:50:08 C:\WINDOWS\System32\perfc013.dat
                            ----a-w 393,814 2008-04-26 22:50:08 C:\WINDOWS\System32\perfh009.dat
                            ----a-w 453,900 2008-04-26 22:50:08 C:\WINDOWS\System32\perfh013.dat
                            ----a-w 994,018 2008-04-26 22:50:07 C:\WINDOWS\System32\PerfStringBackup.INI
                            --sha-w 190,230 2008-04-26 00:35:54 C:\WINDOWS\System32\QrCMoXbc.ini
                            ----a-w 3,596,288 2008-03-21 20:30:08 C:\WINDOWS\System32\qt-dx331.dll
                            ----a-w 57,344 2008-03-28 21:37:26 C:\WINDOWS\System32\QuickTime.qts
                            ----a-w 90,112 2008-03-28 21:37:26 C:\WINDOWS\System32\QuickTimeVR.qtx
                            ----a-w 803,317 2008-04-25 11:36:48 C:\WINDOWS\System32\RVAXO.bat
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\System32\sapi.cpl.manifest
                            --sha-w 211,962 2008-04-26 18:38:44 C:\WINDOWS\System32\SCMTstwa.ini
                            ----a-w 1,548,288 2008-04-23 16:27:03 C:\WINDOWS\System32\sfcfiles.dll
                            ----a-w 993,280 2008-04-23 16:25:59 C:\WINDOWS\System32\syssetup.dll
                            ----a-w 138,760 2008-04-23 19:47:17 C:\WINDOWS\System32\TZLog.log
                            --sh--w 294 2008-04-26 16:30:45 C:\WINDOWS\System32\vgiexdtb.ini
                            --sha-w 206,326 2008-04-26 20:44:05 C:\WINDOWS\System32\vutsBJlm.ini
                            --sha-w 205,777 2008-04-26 20:41:10 C:\WINDOWS\System32\vutsBJlm.ini2
                            ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
                            ---ha-r 488 2008-04-23 17:09:32 C:\WINDOWS\System32\WindowsLogon.manifest
                            ----a-w 2,228 2008-04-27 13:23:26 C:\WINDOWS\System32\wpa.dbl
                            ---ha-r 749 2008-04-23 17:09:27 C:\WINDOWS\System32\wuaucpl.cpl.manifest
                            ----a-w 2,102,272 2008-04-01 22:28:48 C:\WINDOWS\System32\x264vfw.dll
                            --sh--w 1,506,091 2008-04-25 16:52:21 C:\WINDOWS\System32\ybvlyijo.ini

                            Entries: 47 (34)
                            Directories: 0 Files: 47
                            Bytes: 38,108,500 Blocks: 74,449
                            ======C:\WINDOWS\system32\drivers=====
                            ----a-w 305,176 2008-04-23 16:26:11 C:\WINDOWS\System32\drivers\iaStor.sys
                            ----a-w 42,512 2008-04-23 18:04:47 C:\WINDOWS\System32\drivers\npf.sys
                            ----a-w 717,296 2008-04-24 13:34:38 C:\WINDOWS\System32\drivers\sptd.sys

                            Entries: 3 (3)
                            Directories: 0 Files: 3
                            Bytes: 1,064,984 Blocks: 2,082
                            =======C:\Program Files=====
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            =======C:=====
                            ----a-w 1,024 2008-04-24 09:21:19 C:\.rnd
                            ----a-w 0 2008-04-23 17:10:22 C:\AUTOEXEC.BAT
                            ----a-w 1,012 2008-04-26 20:44:47 C:\avenger.txt
                            ----a-w 90 2008-04-23 19:15:39 C:\bcmwl5.log
                            --sh--w 211 2008-04-23 17:06:15 C:\boot.ini
                            ----a-w 0 2008-04-23 17:10:22 C:\CONFIG.SYS
                            ----a-w 300 2008-04-26 19:06:07 C:\firstrun5.log
                            --sha-w 1,063,374,848 2008-04-27 13:21:51 C:\hiberfil.sys
                            --sha-r 0 2008-04-23 17:10:22 C:\IO.SYS
                            --sha-r 0 2008-04-23 17:10:22 C:\MSDOS.SYS
                            --sha-w 1,598,029,824 2008-04-27 13:21:49 C:\pagefile.sys
                            ----a-w 435 2008-04-26 19:08:24 C:\RVAXO-results.log
                            ----a-w 45,629 2008-04-26 19:09:03 C:\RVAXO-Vfind.log
                            ----a-w 4,099,295 2008-04-25 09:49:33 C:\wifidbg.txt

                            Entries: 14 (9)
                            Directories: 0 Files: 14
                            Bytes: 2,665,552,668 Blocks: 5,206,161
                            ======C:\Documents and Settings\Administrator\Application Data======
                            ----a-w 2,528 2008-04-23 23:37:42 C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
                            --sha-w 62 2008-04-23 19:04:07 C:\Documents and Settings\Administrator\Application Data\desktop.ini

                            Entries: 2 (1)
                            Directories: 0 Files: 2
                            Bytes: 2,590 Blocks: 6
                            ======C:\Temp======
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            ======C:\Documents and Settings\Administrator======
                            ----a-w 3,932,160 2008-04-27 02:49:07 C:\Documents and Settings\Administrator\ntuser.dat
                            ---ha-w 20,480 2008-04-27 13:25:37 C:\Documents and Settings\Administrator\ntuser.dat.LOG
                            --sh--w 188 2008-04-26 22:44:26 C:\Documents and Settings\Administrator\ntuser.ini

                            Entries: 3 (1)
                            Directories: 0 Files: 3
                            Bytes: 3,952,828 Blocks: 7,721
                            ======C:\WINDOWS\Downloaded Program Files====
                            ---h--w 65 2008-04-23 17:09:32 C:\WINDOWS\Downloaded Program Files\desktop.ini
                            ----a-w 247 2008-03-24 17:18:48 C:\WINDOWS\Downloaded Program Files\swflash.inf

                            Entries: 2 (1)
                            Directories: 0 Files: 2
                            Bytes: 312 Blocks: 2
                            =============

                            Comment


                            • #15
                              Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                              In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                              Files to delete:
                              C:\WINDOWS\BM87f350ca.txt
                              C:\WINDOWS\BM87f350ca.xml
                              C:\WINDOWS\pskt.ini
                              C:\WINDOWS\wininit.ini
                              C:\WINDOWS\System32\jkkICuSl.dll
                              C:\WINDOWS\System32\QrCMoXbc.ini
                              C:\WINDOWS\System32\SCMTstwa.ini
                              C:\WINDOWS\System32\vgiexdtb.ini
                              C:\WINDOWS\System32\vutsBJlm.ini
                              C:\WINDOWS\System32\vutsBJlm.ini2
                              C:\WINDOWS\System32\ybvlyijo.ini


                              Klik daarna op de knop Execute.
                              The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                              Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X