Mededeling

Collapse
No announcement yet.

trojan.vundo meldingen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.vundo meldingen

    hey,
    Laatst nieuwe laptop gekocht, staat ie al volspyware :s irritating!!!
    probs: ongewenste websites die openen met reclame
    -> er openen zich ook zeer regelmatig onbekende scanners
    trage IE browser en downloads
    virusscanner(bullguard) flipt (melding om de minuut)
    heb dus de 2 scanners van sticky gedownload en 1 uitgevoerd (spybot is corrupt?)
    hier hb je mn logje
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:44:44, on 27/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\ProgramData\pkzkzehs\rcvefudo.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rubarmhy.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynMedion.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
    O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
    O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
    O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
    O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
    O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

    --
    End of file - 7893 bytes

    hulp gevraagd

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      hey pimmerd,
      Eerst en vooral dank voor de tijd. Zie dat je ver aan 1000 berichten zit, kan er binnekort een jubeleum gevierd worde .
      anyway, heb gedaan wat je vroeg en dit is de status nu:
      -tijdens het rebooten kreeg ik de volgende melding: Er is een fout opgetreden bij het laden van c:\windows\system32\khfDwwus.dll
      -virusscanner(bullguard) geeft nog steeds meldingen van verschillende trojans (waaronder de vundo)
      -wel krijg ik voorlopig geen vervelende spam meer in IE

      dit is de log van combofix:

      ComboFix 08-04-26.3 - splinter_x 2008-04-27 16:35:05.4 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1190 [GMT 2:00]
      Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
      .

      Geen nieuwe bestanden aangemaakt in deze periode

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-27 12:04 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
      2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
      2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
      2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
      2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-27 08:54 --------- d-----w C:\ProgramData\BullGuard
      2008-04-25 23:48 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
      2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
      2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
      2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
      2008-04-25 09:59 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
      2008-04-25 09:42 102,400 ----a-w C:\Windows\System32\rubarmhy.exe
      2008-04-25 09:42 --------- d-----w C:\ProgramData\pkzkzehs
      2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
      2008-04-24 09:29 98,304 ----a-w C:\Windows\olgdqarf.exe
      2008-04-24 09:29 90,112 ----a-w C:\Windows\wxvgsdbq.exe
      2008-04-24 09:29 319,488 ----a-w C:\Windows\wdpoefan.dll
      2008-04-24 09:29 270,336 ----a-w C:\Windows\qnmargolxgn.dll
      2008-04-24 09:29 221,184 ----a-w C:\Windows\vadokmxt.dll
      2008-04-22 20:55 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
      2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
      2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
      2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
      2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
      2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
      2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
      2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
      2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
      2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
      2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
      2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
      2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
      2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
      2008-04-18 21:24 249,856 ------w C:\Windows\Setup1.exe
      2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
      2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
      2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
      2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
      2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
      2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
      2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
      2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
      2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
      2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
      2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
      2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
      2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
      2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
      2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
      2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
      2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
      2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
      2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
      2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
      2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
      2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
      2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
      2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
      2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
      2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
      2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
      2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
      2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
      2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
      2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
      2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
      2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
      2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
      2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
      2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
      2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
      2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
      2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
      .

      ((((((((((((((((((((((((((((( snapshot_2008-04-27_16.28.36,01 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-27 14:25:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-27 14:35:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6FD945-14B0-41F8-84FB-74DEF17528BB}]
      2008-04-24 11:29 270336 --a------ C:\Windows\qnmargolxgn.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
      "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
      "gwvoltmg"="C:\Windows\system32\rubarmhy.exe" [2008-04-25 11:42 102400]
      "emqhztmi"="C:\ProgramData\emqhztmi\pmdonwrm.exe" [2008-04-25 14:30 90112]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
      "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
      "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
      "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
      "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
      "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
      "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
      "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
      "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
      "MSServer"="C:\Windows\system32\khfDwwus.dll" [2008-04-25 11:43 40448]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "4b0wWc5XV0"= C:\ProgramData\pkzkzehs\rcvefudo.exe

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"= C:\Windows\system32\khfDwwus.dll [2008-04-25 11:43 40448]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "vadokmxt"= {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll [2008-04-24 11:29 221184]
      "wdpoefan"= {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll [2008-04-24 11:29 319488]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
      "UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
      R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
      R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
      R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
      R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
      R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
      R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-27 16:36:17
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-04-27 16:36:56
      ComboFix-quarantined-files.txt 2008-04-27 14:36:52
      ComboFix2.txt 2008-04-27 14:29:04
      ComboFix3.txt 2008-04-26 20:13:41
      ComboFix4.txt 2008-04-25 12:32:16

      Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
      Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

      195 --- E O F --- 2008-04-24 23:33:45

      Comment


      • #4
        en dit de nieuwe Hijack:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:44:44, on 27/04/2008
        Platform: Windows Vista (WinNT 6.00.1904)
        MSIE: Internet Explorer v7.00 (7.00.6000.16643)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\ProgramData\pkzkzehs\rcvefudo.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Windows\RtHDVCpl.exe
        C:\Program Files\Launch Manager\LaunchAp.exe
        C:\Program Files\Launch Manager\HotkeyApp.exe
        C:\Program Files\Launch Manager\OSD.exe
        C:\Program Files\Launch Manager\WButton.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Windows\ehome\ehtray.exe
        C:\Windows\System32\rubarmhy.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\Synaptics\SynTP\SynMedion.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
        C:\Windows\System32\rundll32.exe
        C:\Windows\ehome\ehmsas.exe
        C:\Program Files\Internet Explorer\ieuser.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Windows\Explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        C:\Windows\system32\SearchFilterHost.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
        O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
        O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
        O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
        O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
        O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
        O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
        O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
        O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
        O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
        O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
        O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
        O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
        O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O13 - Gopher Prefix:
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
        O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
        O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
        O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
        O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

        --
        End of file - 7893 bytes

        Greetz,
        SPLINTER

        Comment


        • #5
          Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

          File::
          C:\Windows\System32\rubarmhy.exe
          C:\Windows\olgdqarf.exe
          C:\Windows\wxvgsdbq.exe
          C:\Windows\wdpoefan.dll
          C:\Windows\qnmargolxgn.dll
          C:\Windows\vadokmxt.dll
          C:\Windows\Setup1.exe
          C:\Windows\system32\khfDwwus.dll

          Folder::
          C:\ProgramData\pkzkzehs

          Registry::
          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6FD945-14B0-41F8-84FB-74DEF17528BB}]
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "gwvoltmg"=-
          "emqhztmi"=-
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MSServer"=-
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
          "4b0wWc5XV0"=-
          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"=-
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
          "vadokmxt"=-
          "wdpoefan"=-


          Sla dit op op je Bureaublad als CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

          Hoe is het met je problemen?
          Groet,
          Pimmerd

          Comment


          • #6
            Hey pimmerd,
            Heb gedaan wat je gevraagd hebt
            Bullguard vindt echter nog twee virussen, met name
            de trojan.vundo (lijkt me wel ee harnekkig virus hé ) en een nieuwe
            Adware.systemerrorfixer. We zijn er bijna

            Combo log:

            ComboFix 08-04-28.2 - splinter_x 2008-04-29 19:11:56.6 - NTFSx86
            Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1244 [GMT 2:00]
            Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
            Command switches used :: C:\Users\splinter_x\Desktop\CFScript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE ::
            C:\Windows\olgdqarf.exe
            C:\Windows\qnmargolxgn.dll
            C:\Windows\Setup1.exe
            C:\Windows\system32\khfDwwus.dll
            C:\Windows\System32\rubarmhy.exe
            C:\Windows\vadokmxt.dll
            C:\Windows\wdpoefan.dll
            C:\Windows\wxvgsdbq.exe
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))
            .

            Geen nieuwe bestanden aangemaakt in deze periode

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-04-29 16:13 --------- d-----w C:\ProgramData\BullGuard
            2008-04-29 16:12 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
            2008-04-28 22:13 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
            2008-04-28 18:33 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
            2008-04-27 21:05 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
            2008-04-27 17:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
            2008-04-27 14:40 --------- d-----w C:\ProgramData\gqkqwnsw
            2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
            2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
            2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
            2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
            2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
            2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
            2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
            2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
            2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
            2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
            2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
            2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
            2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
            2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
            2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
            2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
            2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
            2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
            2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
            2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
            2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
            2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
            2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
            2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
            2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
            2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
            2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
            2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
            2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
            2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
            2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
            2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
            2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
            2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
            2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
            2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
            2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
            2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
            2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
            2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
            2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
            2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
            2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
            2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
            2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
            2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
            2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
            2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
            2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
            2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
            2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
            2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
            2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
            2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
            2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
            2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
            2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
            2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
            2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
            2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
            2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
            2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
            2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
            2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
            2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
            2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
            2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
            2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
            2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
            2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
            2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
            2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
            2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
            2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
            2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
            2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
            2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
            2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
            2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
            2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
            2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
            2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
            2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
            2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
            2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
            2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
            2008-04-12 10:39 33,280 ----a-w C:\Windows\System32\slwmi.dll
            2008-04-12 10:39 296,448 ----a-w C:\Windows\System32\gdi32.dll
            2008-04-12 10:39 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
            2008-04-12 10:39 223,232 ----a-w C:\Windows\System32\SLC.dll
            2008-04-12 10:39 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
            2008-04-12 10:39 186,368 ----a-w C:\Windows\System32\SLLUA.exe
            .

            ((((((((((((((((((((((((((((( snapshot_2008-04-27_23.11.56.12 )))))))))))))))))))))))))))))))))))))))))
            .
            - 2008-04-27 21:06:36 67,584 --s-a-w C:\Windows\bootstat.dat
            + 2008-04-29 16:11:31 67,584 --s-a-w C:\Windows\bootstat.dat
            - 2008-04-27 21:06:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
            + 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
            - 2008-04-27 21:06:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
            + 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
            - 2008-04-27 21:08:39 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
            + 2008-04-29 16:26:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
            - 2008-04-27 21:09:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
            + 2008-04-29 16:13:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
            + 2008-04-29 16:13:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
            - 2008-04-27 21:08:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
            + 2008-04-29 17:11:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
            - 2008-04-27 21:09:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
            + 2008-04-29 16:12:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
            + 2008-04-29 16:12:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
            - 2008-04-27 14:26:03 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
            + 2008-04-29 17:11:52 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
            - 2008-04-27 15:03:03 103,924 ----a-w C:\Windows\System32\perfc009.dat
            + 2008-04-29 16:15:57 103,924 ----a-w C:\Windows\System32\perfc009.dat
            - 2008-04-27 15:03:04 122,796 ----a-w C:\Windows\System32\perfc013.dat
            + 2008-04-29 16:15:57 122,796 ----a-w C:\Windows\System32\perfc013.dat
            - 2008-04-27 15:03:03 610,142 ----a-w C:\Windows\System32\perfh009.dat
            + 2008-04-29 16:15:57 610,142 ----a-w C:\Windows\System32\perfh009.dat
            - 2008-04-27 15:03:04 689,618 ----a-w C:\Windows\System32\perfh013.dat
            + 2008-04-29 16:15:57 689,618 ----a-w C:\Windows\System32\perfh013.dat
            - 2008-04-27 14:59:43 3,242 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
            + 2008-04-29 16:13:28 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
            - 2008-04-27 14:59:43 47,284 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
            + 2008-04-29 16:13:27 47,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
            - 2008-04-27 14:59:41 30,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
            + 2008-04-29 16:13:26 31,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
            .
            -- Snapshot reset to current date --
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
            "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
            "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
            "gqkqwnsw"="C:\ProgramData\gqkqwnsw\mxgxirqt.exe" [2008-04-27 16:40 114688]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
            "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
            "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
            "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
            "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
            "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
            "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
            "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
            "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
            "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
            "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
            "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
            "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
            "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
            "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
            "msacm.l3fhg"= mp3fhg.acm
            "msacm.divxa32"= divxa32.acm

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
            "{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
            "{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
            "{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
            "TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
            "UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
            "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

            R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
            R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
            R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
            R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
            R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
            R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
            R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
            BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

            *Newly Created Service* - CATCHME
            .
            **************************************************************************

            catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-04-29 19:13:21
            Windows 6.0.6000 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-04-29 19:14:11
            ComboFix-quarantined-files.txt 2008-04-29 17:13:58
            ComboFix2.txt 2008-04-27 21:12:39
            ComboFix3.txt 2008-04-27 14:36:57
            ComboFix4.txt 2008-04-27 14:29:04
            ComboFix5.txt 2008-04-26 20:13:41

            Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
            Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

            232 --- E O F --- 2008-04-24 23:33:45


            Hijack:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 12:44:44, on 27/04/2008
            Platform: Windows Vista (WinNT 6.00.1904)
            MSIE: Internet Explorer v7.00 (7.00.6000.16643)
            Boot mode: Normal

            Running processes:
            C:\Windows\system32\taskeng.exe
            C:\Windows\system32\Dwm.exe
            C:\ProgramData\pkzkzehs\rcvefudo.exe
            C:\Program Files\Windows Defender\MSASCui.exe
            C:\Windows\RtHDVCpl.exe
            C:\Program Files\Launch Manager\LaunchAp.exe
            C:\Program Files\Launch Manager\HotkeyApp.exe
            C:\Program Files\Launch Manager\OSD.exe
            C:\Program Files\Launch Manager\WButton.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\Windows\System32\rundll32.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\Windows Sidebar\sidebar.exe
            C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Windows\ehome\ehtray.exe
            C:\Windows\System32\rubarmhy.exe
            C:\Windows\System32\rundll32.exe
            C:\Program Files\Synaptics\SynTP\SynMedion.exe
            C:\Windows\System32\rundll32.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
            C:\Windows\System32\rundll32.exe
            C:\Windows\ehome\ehmsas.exe
            C:\Program Files\Internet Explorer\ieuser.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Windows\Explorer.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
            C:\Windows\system32\SearchFilterHost.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
            O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
            O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
            O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
            O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
            O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
            O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
            O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
            O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
            O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
            O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
            O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
            O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
            O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
            O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
            O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O13 - Gopher Prefix:
            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
            O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
            O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
            O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
            O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

            --
            End of file - 7893 bytes

            greetz,
            SPLINTER

            Comment


            • #7
              Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

              File::
              C:\ProgramData\gqkqwnsw
              C:\ProgramData\emqhztmi

              Registry::
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "gqkqwnsw"=-

              Sla dit op op je Bureaublad als CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

              Hoe is het met je problemen?
              Indien Bullgard nog iets vind, kan je de exacte locatie eens vermelden?
              Groet,
              Pimmerd

              Comment


              • #8
                hey pimmerd,

                Beide virussen zijn nog steeds aanwezig
                locatie van Trojan.vundo.EIO -> C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32

                locatie van Adware.SystemErrorFixer.A ->
                C:\USERS\SPLINTER_X\APPDATA\LOCAL\MICROSOFT\WINDOWS INTERNET FILES\LOW\CONTENT.IE5\QSS0SZTR

                combofix lof:

                ComboFix 08-04-28.2 - splinter_x 2008-05-01 14:51:10.7 - NTFSx86
                Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1209 [GMT 2:00]
                Gestart vanuit: C:\Users\splinter_x\Desktop\ComboFix.exe
                Command switches used :: C:\Users\splinter_x\Desktop\CFScript.txt
                * Nieuw herstelpunt werd aangemaakt

                FILE ::
                C:\ProgramData\emqhztmi
                C:\ProgramData\gqkqwnsw
                .

                (((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))
                .

                Geen nieuwe bestanden aangemaakt in deze periode

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-05-01 12:46 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Vso
                2008-04-30 20:27 --------- d-----w C:\ProgramData\BullGuard
                2008-04-29 16:12 13,260 ----a-w C:\Users\splinter_x\AppData\Roaming\nvModes.dat
                2008-04-28 18:33 --------- d-----w C:\Users\splinter_x\AppData\Roaming\BullGuard
                2008-04-27 21:05 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Azureus
                2008-04-27 17:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
                2008-04-27 14:40 --------- d-----w C:\ProgramData\gqkqwnsw
                2008-04-27 10:44 --------- d-----w C:\Program Files\Trend Micro
                2008-04-27 10:06 --------- d-----w C:\ProgramData\Lavasoft
                2008-04-27 09:54 --------- d-----w C:\Program Files\Lavasoft
                2008-04-27 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                2008-04-25 12:30 --------- d-----w C:\ProgramData\emqhztmi
                2008-04-25 11:13 --------- d-----w C:\Program Files\CCleaner
                2008-04-25 10:04 --------- d-----w C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
                2008-04-24 23:47 --------- d-----w C:\Users\splinter_x\AppData\Roaming\LimeWire
                2008-04-22 20:09 --------- d-----w C:\Program Files\DVD Decrypter
                2008-04-22 19:50 --------- d-----w C:\Program Files\NeroInstall.bak
                2008-04-22 19:42 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Nero
                2008-04-22 19:39 --------- d-----w C:\Program Files\Common Files\Nero
                2008-04-22 19:36 --------- d-----w C:\ProgramData\Nero
                2008-04-22 19:36 --------- d-----w C:\Program Files\Nero
                2008-04-22 16:32 --------- d-----w C:\Program Files\MSXML 4.0
                2008-04-20 16:01 --------- d-----w C:\Users\splinter_x\AppData\Roaming\COREL
                2008-04-20 11:14 --------- d-----w C:\Program Files\Common Files\Ahead
                2008-04-20 11:11 --------- d-----w C:\Users\splinter_x\AppData\Roaming\Ahead
                2008-04-20 08:03 --------- d-----w C:\ProgramData\vsosdk
                2008-04-19 21:23 --------- d-----w C:\ProgramData\NVIDIA
                2008-04-18 21:25 --------- d-----w C:\Program Files\SubSync
                2008-04-18 21:24 73,216 ----a-w C:\Windows\ST6UNST.EXE
                2008-04-18 17:23 --------- d-----w C:\Users\splinter_x\AppData\Roaming\vlc
                2008-04-18 17:17 --------- d-----w C:\Program Files\VideoLAN
                2008-04-16 19:10 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
                2008-04-16 19:10 47,360 ----a-w C:\Users\splinter_x\AppData\Roaming\pcouffin.sys
                2008-04-16 19:10 --------- d-----w C:\Program Files\VSO
                2008-04-16 12:12 --------- d-----w C:\ProgramData\Azureus
                2008-04-16 12:11 --------- d-----w C:\Program Files\Azureus
                2008-04-16 07:23 --------- d-----w C:\Program Files\Common Files\Adobe
                2008-04-12 12:18 --------- d-----w C:\Program Files\LimeWire
                2008-04-12 11:30 174 --sha-w C:\Program Files\desktop.ini
                2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Mail
                2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Defender
                2008-04-12 11:25 --------- d-----w C:\Program Files\Windows Calendar
                2008-04-12 11:24 --------- d-----w C:\Program Files\Windows Sidebar
                2008-04-12 11:18 87,040 ----a-w C:\Windows\System32\msoert2.dll
                2008-04-12 11:18 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
                2008-04-12 11:18 205,824 ----a-w C:\Windows\System32\msoeacct.dll
                2008-04-12 11:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
                2008-04-12 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                2008-04-12 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                2008-04-12 11:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
                2008-04-12 11:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
                2008-04-12 11:05 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
                2008-04-12 11:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
                2008-04-12 11:03 414,208 ----a-w C:\Windows\System32\msscp.dll
                2008-04-12 11:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
                2008-04-12 11:00 7,680 ----a-w C:\Windows\System32\spwmp.dll
                2008-04-12 11:00 4,096 ----a-w C:\Windows\System32\dxmasf.dll
                2008-04-12 11:00 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
                2008-04-12 10:58 86,016 ----a-w C:\Windows\System32\icfupgd.dll
                2008-04-12 10:58 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
                2008-04-12 10:58 61,952 ----a-w C:\Windows\System32\cmifw.dll
                2008-04-12 10:58 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
                2008-04-12 10:58 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
                2008-04-12 10:58 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
                2008-04-12 10:58 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
                2008-04-12 10:58 16,896 ----a-w C:\Windows\System32\wfapigp.dll
                2008-04-12 10:58 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
                2008-04-12 10:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                2008-04-12 10:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                2008-04-12 10:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                2008-04-12 10:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
                2008-04-12 10:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                2008-04-12 10:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                2008-04-12 10:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
                2008-04-12 10:54 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
                2008-04-12 10:53 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
                2008-04-12 10:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
                2008-04-12 10:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
                2008-04-12 10:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
                2008-04-12 10:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
                2008-04-12 10:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
                2008-04-12 10:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
                2008-04-12 10:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                2008-04-12 10:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
                2008-04-12 10:44 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
                2008-04-12 10:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
                2008-04-12 10:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
                2008-04-12 10:40 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
                2008-04-12 10:40 223,232 ----a-w C:\Windows\System32\WMASF.DLL
                2008-04-12 10:40 2,048 ----a-w C:\Windows\System32\asferror.dll
                2008-04-12 10:39 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
                2008-04-12 10:39 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
                2008-04-12 10:39 39,936 ----a-w C:\Windows\System32\slcinst.dll
                2008-04-12 10:39 351,232 ----a-w C:\Windows\System32\SLUI.exe
                2008-04-12 10:39 33,280 ----a-w C:\Windows\System32\slwmi.dll
                2008-04-12 10:39 296,448 ----a-w C:\Windows\System32\gdi32.dll
                2008-04-12 10:39 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
                2008-04-12 10:39 223,232 ----a-w C:\Windows\System32\SLC.dll
                2008-04-12 10:39 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
                2008-04-12 10:39 186,368 ----a-w C:\Windows\System32\SLLUA.exe
                .

                ((((((((((((((((((((((((((((( snapshot_2008-04-29_19.13.42,32 )))))))))))))))))))))))))))))))))))))))))
                .
                - 2008-04-29 16:11:31 67,584 --s-a-w C:\Windows\bootstat.dat
                + 2008-04-30 20:22:25 67,584 --s-a-w C:\Windows\bootstat.dat
                - 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
                + 2008-04-30 20:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
                - 2008-04-29 16:11:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
                + 2008-04-30 20:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
                - 2008-04-29 16:26:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                + 2008-05-01 12:37:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                - 2008-04-29 16:13:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                + 2008-04-30 20:25:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                - 2008-04-29 17:11:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                + 2008-05-01 12:50:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                - 2008-04-29 16:12:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                + 2008-04-30 20:25:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                + 2008-04-30 20:25:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
                - 2008-04-27 13:07:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
                + 2008-04-29 19:08:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
                - 2008-04-27 13:07:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                + 2008-04-29 19:08:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                - 2008-04-27 13:07:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                + 2008-04-29 19:08:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                - 2008-04-29 16:15:57 103,924 ----a-w C:\Windows\System32\perfc009.dat
                + 2008-04-30 20:28:25 103,924 ----a-w C:\Windows\System32\perfc009.dat
                - 2008-04-29 16:15:57 122,796 ----a-w C:\Windows\System32\perfc013.dat
                + 2008-04-30 20:28:25 122,796 ----a-w C:\Windows\System32\perfc013.dat
                - 2008-04-29 16:15:57 610,142 ----a-w C:\Windows\System32\perfh009.dat
                + 2008-04-30 20:28:25 610,142 ----a-w C:\Windows\System32\perfh009.dat
                - 2008-04-29 16:15:57 689,618 ----a-w C:\Windows\System32\perfh013.dat
                + 2008-04-30 20:28:25 689,618 ----a-w C:\Windows\System32\perfh013.dat
                - 2008-04-29 16:13:28 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
                + 2008-04-30 20:26:32 3,662 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804389587-1086438779-3256742696-1000_UserData.bin
                - 2008-04-29 16:13:27 47,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                + 2008-04-30 20:26:31 47,510 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                - 2008-04-29 16:13:26 31,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                + 2008-04-30 20:26:29 31,792 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                .
                -- Snapshot reset to current date --
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 12:35 1232896]
                "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-12 14:25 308552]
                "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
                "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
                "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-12 13:07 1006264]
                "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
                "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
                "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-04-16 16:24 192512]
                "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
                "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 12:23 180224]
                "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 15:37 86016]
                "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50 857648]
                "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
                "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
                "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
                "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-12 14:25 308552]
                "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
                "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 01:01 77892]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
                "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 14:35 220160]
                "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16:54 16896]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
                "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                "msacm.l3fhg"= mp3fhg.acm
                "msacm.divxa32"= divxa32.acm

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                "{8CD56CE8-189D-4A9F-A0FF-0B5450E42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
                "{ED89D8F1-34FB-4528-903A-8D17DE9049D0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
                "{D910A642-BE28-4CA3-9F3A-E31A8009A363}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
                "TCP Query User{40AFE31E-81BB-4BE9-8BA6-2BBD90051468}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
                "UDP Query User{9693A19F-9B45-4326-A51D-992185CF1F42}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

                R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
                R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-04-12 11:52]
                R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
                R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-01-08 20:34]
                R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
                R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 13:07]
                R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 21:45]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

                .
                **************************************************************************

                catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-05-01 14:52:49
                Windows 6.0.6000 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-05-01 14:53:35
                ComboFix-quarantined-files.txt 2008-05-01 12:53:26
                ComboFix2.txt 2008-04-29 17:14:12
                ComboFix3.txt 2008-04-27 21:12:39
                ComboFix4.txt 2008-04-27 14:36:57
                ComboFix5.txt 2008-04-27 14:29:04

                Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
                Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

                227 --- E O F --- 2008-04-24 23:33:45


                hijack log:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 12:44:44, on 27/04/2008
                Platform: Windows Vista (WinNT 6.00.1904)
                MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                Boot mode: Normal

                Running processes:
                C:\Windows\system32\taskeng.exe
                C:\Windows\system32\Dwm.exe
                C:\ProgramData\pkzkzehs\rcvefudo.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\Windows\RtHDVCpl.exe
                C:\Program Files\Launch Manager\LaunchAp.exe
                C:\Program Files\Launch Manager\HotkeyApp.exe
                C:\Program Files\Launch Manager\OSD.exe
                C:\Program Files\Launch Manager\WButton.exe
                C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                C:\Windows\System32\rundll32.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                C:\Program Files\Windows Sidebar\sidebar.exe
                C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
                C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                C:\Windows\ehome\ehtray.exe
                C:\Windows\System32\rubarmhy.exe
                C:\Windows\System32\rundll32.exe
                C:\Program Files\Synaptics\SynTP\SynMedion.exe
                C:\Windows\System32\rundll32.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                C:\Windows\System32\rundll32.exe
                C:\Windows\ehome\ehmsas.exe
                C:\Program Files\Internet Explorer\ieuser.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Windows\Explorer.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                C:\Windows\system32\SearchFilterHost.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
                O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
                O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
                O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
                O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
                O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
                O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
                O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
                O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
                O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
                O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O13 - Gopher Prefix:
                O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
                O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
                O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
                O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

                --
                End of file - 7893 bytes


                GREETZ,
                SPLINTER

                Comment


                • #9
                  Deinstalleer Combofix:
                  Ga naar start --> uitvoeren en typ daar: combofix /u
                  Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                  Start je computer in veilige modus:


                  Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


                  C:\Windows\Temp
                  C:\Documents and Settings\<profielnaam>\Local Settings\Temp
                  C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files
                  C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\content.ie5
                  Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

                  Maak je prullenbak leeg.

                  Herstart je computer terug in normale modus.
                  Nog problemen?
                  Groet,
                  Pimmerd

                  Comment


                  • #10
                    hey pimmerd,
                    Moet je tereurstellen maar ze worden nog steeds gevonden
                    Zolang bully ze tegenhoudt geen probleem natuurlek...

                    Heb gedaan wat je vroeg
                    eerste twee temps geleegd
                    ik kreeg geen toegang tot de derde en de vierde was leeg.
                    Mss preventie tegen het verwijderen van het virus?

                    Weet niet of je het nodig hebt maar hier heb je nogmaals een logje

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 12:44:44, on 27/04/2008
                    Platform: Windows Vista (WinNT 6.00.1904)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                    Boot mode: Normal

                    Running processes:
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\system32\Dwm.exe
                    C:\ProgramData\pkzkzehs\rcvefudo.exe
                    C:\Program Files\Windows Defender\MSASCui.exe
                    C:\Windows\RtHDVCpl.exe
                    C:\Program Files\Launch Manager\LaunchAp.exe
                    C:\Program Files\Launch Manager\HotkeyApp.exe
                    C:\Program Files\Launch Manager\OSD.exe
                    C:\Program Files\Launch Manager\WButton.exe
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                    C:\Program Files\Windows Sidebar\sidebar.exe
                    C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
                    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                    C:\Windows\ehome\ehtray.exe
                    C:\Windows\System32\rubarmhy.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Program Files\Synaptics\SynTP\SynMedion.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Windows\ehome\ehmsas.exe
                    C:\Program Files\Internet Explorer\ieuser.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Windows\Explorer.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                    C:\Windows\system32\SearchFilterHost.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                    O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
                    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
                    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
                    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
                    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
                    O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
                    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
                    O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
                    O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
                    O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
                    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O13 - Gopher Prefix:
                    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                    O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
                    O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
                    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
                    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

                    --
                    End of file - 7893 bytes

                    greetz,
                    splinter

                    Comment


                    • #11
                      Je hebt het oude logje gepost.

                      Herstart je PC. Open Hijackthis en maak daarmee een nieuwe scan ('Do a system scan and save a logfile'). Kopieer de tekst in het kladblok bestand in je volgende bericht.
                      Groet,
                      Pimmerd

                      Comment


                      • #12
                        hey pimmerd,
                        Dit is nieuwe log;
                        status: vundo nog aanwezig en er staan nu meerdere
                        systemerrorfixers in de map

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 12:44:44, on 27/04/2008
                        Platform: Windows Vista (WinNT 6.00.1904)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                        Boot mode: Normal

                        Running processes:
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\system32\Dwm.exe
                        C:\ProgramData\pkzkzehs\rcvefudo.exe
                        C:\Program Files\Windows Defender\MSASCui.exe
                        C:\Windows\RtHDVCpl.exe
                        C:\Program Files\Launch Manager\LaunchAp.exe
                        C:\Program Files\Launch Manager\HotkeyApp.exe
                        C:\Program Files\Launch Manager\OSD.exe
                        C:\Program Files\Launch Manager\WButton.exe
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                        C:\Program Files\Windows Sidebar\sidebar.exe
                        C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
                        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                        C:\Windows\ehome\ehtray.exe
                        C:\Windows\System32\rubarmhy.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Program Files\Synaptics\SynTP\SynMedion.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Windows\ehome\ehmsas.exe
                        C:\Program Files\Internet Explorer\ieuser.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Windows\Explorer.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                        C:\Windows\system32\SearchFilterHost.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\Windows\qnmargolxgn.dll (file missing)
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
                        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                        O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                        O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                        O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                        O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
                        O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
                        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                        O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                        O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                        O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDwwus.dll,#1
                        O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                        O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
                        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                        O4 - HKCU\..\Run: [gwvoltmg] C:\Windows\system32\rubarmhy.exe
                        O4 - HKCU\..\Run: [emqhztmi] C:\ProgramData\emqhztmi\pmdonwrm.exe
                        O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SPLINT~1\AppData\Local\Temp\fccccCTJ.dll,c
                        O4 - HKCU\..\Run: [e096188d] rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\lgvdkuuk.dll",b
                        O4 - HKCU\..\Run: [BMe3a52b11] Rundll32.exe "C:\Users\SPLINT~1\AppData\Local\Temp\wwpxvkmr.dll",s
                        O4 - HKLM\..\Policies\Explorer\Run: [4b0wWc5XV0] C:\ProgramData\pkzkzehs\rcvefudo.exe
                        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                        O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O13 - Gopher Prefix:
                        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                        O21 - SSODL: vadokmxt - {C9D7719A-9B83-43D3-8692-59847C1B2DA8} - C:\Windows\vadokmxt.dll (file missing)
                        O21 - SSODL: wdpoefan - {091710D8-A8AB-41D9-B404-0E437C154AC4} - C:\Windows\wdpoefan.dll (file missing)
                        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
                        O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                        O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
                        O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

                        --
                        End of file - 7893 bytes

                        Comment


                        • #13
                          Scan saved at 12:44:44, on 27/04/2008
                          Het is nog steeds het oude logje
                          Laat deze maar zitten anders en doe deze:

                          Download Deckard's System Scanner naar je Bureaublad
                          • Sluit alle toepassingen en vensters.
                            Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                            Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                            Kopiëer Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

                          Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                          - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                          Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                          Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
                          Groet,
                          Pimmerd

                          Comment


                          • #14
                            hey pimmerd,
                            had toch tot 2X toe nieuwe scan gedaan met hijack en de "nieuwe" log geplaatst. heb zelf gecheckt en da datum bleef idd elke keer steken op hetzelfde tydstip steken. heb hijack gedeînstaleerd en opnieuw gedownload
                            wil nog even zeggen dat ik na het gebruik van dekard geen meldingen meer kreeg. als dit nog veranderd laat ik het weten
                            dit is nieuwe logje:

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 17:12:08, on 4/05/2008
                            Platform: Windows Vista (WinNT 6.00.1904)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                            Boot mode: Normal

                            Running processes:
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Windows\Explorer.EXE
                            C:\Program Files\Windows Defender\MSASCui.exe
                            C:\Windows\RtHDVCpl.exe
                            C:\Program Files\Launch Manager\LaunchAp.exe
                            C:\Program Files\Launch Manager\HotkeyApp.exe
                            C:\Program Files\Launch Manager\OSD.exe
                            C:\Program Files\Launch Manager\WButton.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                            C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
                            C:\Windows\ehome\ehtray.exe
                            C:\Program Files\Synaptics\SynTP\SynMedion.exe
                            C:\Windows\System32\rundll32.exe
                            C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                            C:\Windows\ehome\ehmsas.exe
                            C:\Program Files\Azureus\Azureus.exe
                            C:\Windows\system32\conime.exe
                            C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            C:\Program Files\Internet Explorer\ieuser.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Windows\system32\SearchFilterHost.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                            O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
                            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                            O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                            O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                            O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                            O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                            O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
                            O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                            O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
                            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                            O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                            O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                            O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
                            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                            O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
                            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                            O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O13 - Gopher Prefix:
                            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
                            O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
                            O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

                            --
                            End of file - 6865 bytes

                            deckard's main.txt:

                            Deckard's System Scanner v20071014.68
                            Run by splinter_x on 2008-05-04 17:19:02
                            Computer is in Normal Mode.
                            --------------------------------------------------------------------------------

                            -- Last 3 Restore Point(s) --
                            3: 2008-05-04 11:03:58 UTC - RP69 - Installed OpenOffice.org Installer 1.0
                            2: 2008-05-04 11:01:21 UTC - RP68 - Installed Java(TM) 6 Update 5
                            1: 2008-05-02 22:52:45 UTC - RP67 - Gepland herstelpunt


                            Backed up registry hives.
                            Performed disk cleanup.



                            -- HijackThis (run as splinter_x.exe) ------------------------------------------

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 17:19:53, on 4/05/2008
                            Platform: Windows Vista (WinNT 6.00.1904)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16643)
                            Boot mode: Normal

                            Running processes:
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Windows\Explorer.EXE
                            C:\Program Files\Windows Defender\MSASCui.exe
                            C:\Windows\RtHDVCpl.exe
                            C:\Program Files\Launch Manager\LaunchAp.exe
                            C:\Program Files\Launch Manager\HotkeyApp.exe
                            C:\Program Files\Launch Manager\OSD.exe
                            C:\Program Files\Launch Manager\WButton.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                            C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
                            C:\Windows\ehome\ehtray.exe
                            C:\Program Files\Synaptics\SynTP\SynMedion.exe
                            C:\Windows\System32\rundll32.exe
                            C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                            C:\Windows\ehome\ehmsas.exe
                            C:\Windows\system32\conime.exe
                            C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            C:\Program Files\Internet Explorer\ieuser.exe
                            C:\Users\splinter_x\Videos\Desktop\dss.exe
                            C:\PROGRA~1\TRENDM~1\HIJACK~1\splinter_x.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                            O3 - Toolbar: (no name) - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - (no file)
                            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                            O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                            O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                            O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                            O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                            O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
                            O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                            O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
                            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                            O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                            O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                            O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
                            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                            O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
                            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                            O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O13 - Gopher Prefix:
                            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
                            O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
                            O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

                            --
                            End of file - 6692 bytes

                            -- File Associations -----------------------------------------------------------

                            .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


                            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                            R1 Hotkey - c:\windows\system32\drivers\hotkey.sys


                            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                            R2 BGLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard software\bullguard\bullguardupdate.exe" <Not Verified; BullGuard Software; BullGuard>
                            R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
                            R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
                            R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >


                            -- Device Manager: Disabled ----------------------------------------------------

                            No disabled devices found.


                            -- Files created between 2008-04-04 and 2008-05-04 -----------------------------

                            2008-05-04 17:11:57 0 d-------- C:\Users\splinter_x\Desktop
                            2008-05-04 13:04:13 0 d-------- C:\Program Files\Sun
                            2008-05-01 18:46:17 0 d-------- C:\Windows\pss
                            2008-05-01 18:43:20 0 d-------- C:\327882R2FWJFW
                            2008-04-27 19:42:26 164352 --a------ C:\Windows\system32\unrar.dll
                            2008-04-27 19:42:19 7680 --a------ C:\Windows\system32\ff_vfw.dll
                            2008-04-27 19:42:17 0 d-------- C:\Program Files\K-Lite Codec Pack
                            2008-04-27 16:40:43 0 d-------- C:\Users\All Users\gqkqwnsw
                            2008-04-27 12:44:22 0 d-------- C:\Program Files\Trend Micro
                            2008-04-27 11:54:27 0 d-------- C:\Users\All Users\Lavasoft
                            2008-04-27 11:54:27 0 d-------- C:\Program Files\Lavasoft
                            2008-04-27 11:53:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                            2008-04-25 14:30:08 0 d-------- C:\Users\All Users\emqhztmi
                            2008-04-25 13:13:23 0 d-------- C:\Program Files\CCleaner
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\winlogonpc.exe
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\taack.exe
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\taack.dat
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\sncntr.exe
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\mwin32.exe
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
                            2008-04-25 11:43:04 4096 --a------ C:\Windows\system32\hoproxy.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\thun32.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\thun.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\temp#01.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssvchost.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssvchost.com
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ssurf022.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\Rundl1.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\regm64.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\regc64.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\psoft1.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\psof1.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\ps1.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\newsd32.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\netode.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\mtr2.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msvchost.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msnbho.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\msgp.exe
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\medup020.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\medup012.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\[email protected]@@k.dll
                            2008-04-25 11:43:03 4096 --a------ C:\Windows\system32\dpcproxy.exe
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\WINWGPX.EXE
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\winsystem.exe
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\vcatchpi.dll
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\vbsys2.dll
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\sysreq.exe
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\mssecu.exe
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\bdn.com
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\awtoolb.dll
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\anticipator.dll
                            2008-04-25 11:43:02 4096 --a------ C:\Windows\system32\akttzn.exe
                            2008-04-22 22:09:33 0 d-------- C:\Program Files\DVD Decrypter
                            2008-04-22 21:50:26 0 d-------- C:\Program Files\NeroInstall.bak
                            2008-04-22 21:36:17 0 d-------- C:\Program Files\Common Files\Nero
                            2008-04-22 18:32:15 0 d-------- C:\Program Files\MSXML 4.0
                            2008-04-20 10:03:45 0 d-------- C:\Users\All Users\vsosdk
                            2008-04-19 23:23:44 0 d-------- C:\Users\All Users\NVIDIA
                            2008-04-18 23:25:09 0 d-------- C:\Program Files\SubSync
                            2008-04-18 23:24:58 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
                            2008-04-18 19:17:59 0 d-------- C:\Program Files\VideoLAN
                            2008-04-16 21:10:31 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
                            2008-04-16 21:10:31 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
                            2008-04-16 21:10:31 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
                            2008-04-16 21:10:31 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
                            2008-04-16 21:10:31 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
                            2008-04-16 21:10:27 0 d-------- C:\Program Files\VSO
                            2008-04-16 14:12:17 0 d-------- C:\Users\All Users\Azureus
                            2008-04-16 14:11:28 0 d-------- C:\Program Files\Azureus
                            2008-04-16 09:23:15 0 d-------- C:\Program Files\Common Files\Adobe
                            2008-04-12 14:20:21 0 d-------- C:\Users\splinter_x\Incomplete
                            2008-04-12 14:18:26 0 d-------- C:\Program Files\LimeWire
                            2008-04-12 12:41:56 0 d-------- C:\Windows\system32\Macromed
                            2008-04-12 12:09:28 0 d-------- C:\Windows\PCHEALTH
                            2008-04-12 11:48:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
                            2008-04-12 11:47:41 0 d-------- C:\Program Files\Windows Live
                            2008-04-12 11:46:43 0 d-------- C:\Users\All Users\WLInstaller
                            2008-04-12 10:09:33 0 dr------- C:\Users\splinter_x\Searches
                            2008-04-12 10:09:18 0 dr------- C:\Users\splinter_x\Contacts
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Sjablonen
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\SendTo
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Recent
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Netwerkprinteromgeving
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\NetHood
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Mijn documenten
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Menu Start
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Local Settings
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Cookies
                            2008-04-12 10:09:08 0 d--hs---- C:\Users\splinter_x\Application Data
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Videos
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Saved Games
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Pictures
                            2008-04-12 10:09:07 1572864 --ahs---- C:\Users\splinter_x\NTUSER.DAT
                            2008-04-12 10:09:07 0 d-------- C:\Users\splinter_x\Music
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Links
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Favorites
                            2008-04-12 10:09:07 0 dr------- C:\Users\splinter_x\Documents
                            2008-04-12 10:09:07 0 d--h----- C:\Users\splinter_x\AppData
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Sjablonen
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Netwerkprinteromgeving
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Mijn documenten
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\Default\Menu Start
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Sjablonen
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Menu Start
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Favorieten
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Documenten
                            2008-04-12 10:08:16 0 d--hs---- C:\Users\All Users\Bureaublad
                            2008-04-12 10:07:30 0 d-------- C:\Windows\SoftwareDistribution


                            -- Find3M Report ---------------------------------------------------------------

                            2008-05-04 17:17:20 0 d-------- C:\Users\splinter_x\AppData\Roaming\Azureus
                            2008-05-04 17:10:01 13260 --a------ C:\Users\splinter_x\AppData\Roaming\nvModes.001
                            2008-05-04 16:55:57 13260 --a------ C:\Users\splinter_x\AppData\Roaming\nvModes.dat
                            2008-05-04 16:52:59 668 --a------ C:\Users\splinter_x\AppData\Roaming\vso_ts_preview.xml
                            2008-05-04 16:52:59 0 d-------- C:\Users\splinter_x\AppData\Roaming\Vso
                            2008-05-04 13:03:49 0 d-------- C:\Program Files\Java
                            2008-05-04 13:00:09 689618 --a------ C:\Windows\system32\perfh013.dat
                            2008-05-04 13:00:09 122796 --a------ C:\Windows\system32\perfc013.dat
                            2008-05-03 19:47:13 0 d-------- C:\Users\splinter_x\AppData\Roaming\Media Player Classic
                            2008-04-28 20:33:37 0 d-------- C:\Users\splinter_x\AppData\Roaming\BullGuard
                            2008-04-27 11:53:16 0 d-------- C:\Program Files\Common Files
                            2008-04-25 12:04:32 0 d-------- C:\Users\splinter_x\AppData\Roaming\PC-Cleaner
                            2008-04-25 01:47:56 0 d-------- C:\Users\splinter_x\AppData\Roaming\LimeWire
                            2008-04-22 21:42:11 0 d-------- C:\Users\splinter_x\AppData\Roaming\Nero
                            2008-04-22 21:36:17 0 d-------- C:\Program Files\Nero
                            2008-04-20 18:01:53 0 d-------- C:\Users\splinter_x\AppData\Roaming\COREL
                            2008-04-20 13:14:31 0 d-------- C:\Program Files\Common Files\Ahead
                            2008-04-20 13:11:26 0 d-------- C:\Users\splinter_x\AppData\Roaming\Ahead
                            2008-04-18 19:23:55 0 d-------- C:\Users\splinter_x\AppData\Roaming\vlc
                            2008-04-16 21:50:30 0 d-------- C:\Users\splinter_x\AppData\Roaming\WinRAR
                            2008-04-16 21:12:52 34 --a------ C:\Users\splinter_x\AppData\Roaming\pcouffin.log
                            2008-04-16 21:10:40 7887 --a------ C:\Users\splinter_x\AppData\Roaming\pcouffin.cat
                            2008-04-15 22:02:09 0 d-------- C:\Users\splinter_x\AppData\Roaming\Adobe
                            2008-04-12 14:04:43 0 d-------- C:\Users\splinter_x\AppData\Roaming\Google
                            2008-04-12 13:30:37 174 --ahs---- C:\Program Files\desktop.ini
                            2008-04-12 13:25:13 0 d-------- C:\Program Files\Windows Calendar
                            2008-04-12 13:25:11 0 d-------- C:\Program Files\Windows Mail
                            2008-04-12 13:25:08 0 d-------- C:\Program Files\Windows Defender
                            2008-04-12 13:24:57 0 d-------- C:\Program Files\Windows Sidebar
                            2008-04-12 12:43:17 0 d-------- C:\Users\splinter_x\AppData\Roaming\Macromedia
                            2008-04-12 10:09:22 0 d-------- C:\Users\splinter_x\AppData\Roaming\Identities
                            2008-04-12 10:08:16 0 d-------- C:\Program Files\Windows NT


                            -- Registry Dump ---------------------------------------------------------------

                            *Note* empty entries & legit default entries are not shown


                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2008 13:07]
                            "RtHDVCpl"="RtHDVCpl.exe" [15/02/2007 17:07 C:\Windows\RtHDVCpl.exe]
                            "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 14:36]
                            "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [16/04/2007 16:24]
                            "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
                            "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 12:23]
                            "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 15:37]
                            "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/02/2007 21:50]
                            "NvSvc"="C:\Windows\system32\nvsvc.dll" [13/01/2007 10:40]
                            "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [13/01/2007 10:40]
                            "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [13/01/2007 10:40]
                            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [12/04/2008 14:25]
                            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 17:30]
                            "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [05/07/2006 01:01]
                            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
                            "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [19/11/2007 14:35]
                            "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 16:54]
                            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
                            "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
                            "MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 11:45]

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12/04/2008 12:35]
                            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [12/04/2008 14:25]
                            "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
                            "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
                            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                            "ConsentPromptBehaviorAdmin"=2 (0x2)
                            "DisableRegistryTools"=0 (0x0)
                            "HideLegacyLogonScripts"=0 (0x0)
                            "HideLogoffScripts"=0 (0x0)
                            "RunLogonScriptSync"=1 (0x1)
                            "RunStartupScriptSync"=1 (0x1)
                            "HideStartupScripts"=0 (0x0)

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                            "HideLegacyLogonScripts"=0 (0x0)
                            "HideLogoffScripts"=0 (0x0)
                            "RunLogonScriptSync"=1 (0x1)
                            "RunStartupScriptSync"=1 (0x1)
                            "HideStartupScripts"=0 (0x0)
                            "disableregistrytools"=0 (0x0)

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                            "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
                            @="Service"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
                            @="Driver"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
                            @="Driver"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                            @="Volume shadow copy"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
                            @="IEEE 1394 Bus host controllers"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
                            @="SBP2 IEEE 1394 Devices"

                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
                            @="SecurityDevices"

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                            LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
                            BullGuard BgMainSvc BsFileScan BsMailProxy


                            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
                            C:\Windows\system32\unregmp2.exe /ShowWMP

                            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
                            %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



                            -- End of Deckard's System Scanner: finished at 2008-05-04 17:20:52 ------------

                            dekard's extra.txt

                            Deckard's System Scanner v20071014.68
                            Extra logfile - please post this as an attachment with your post.
                            --------------------------------------------------------------------------------

                            -- System Information ----------------------------------------------------------

                            Microsoft® Windows Vista™ Home Premium (build 6000)
                            Architecture: X86; Language: Dutch

                            CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
                            Percentage of Memory in Use: 33%
                            Physical Memory (total/avail): 1918.06 MiB / 1282.63 MiB
                            Pagefile Memory (total/avail): 4060.59 MiB / 3209.9 MiB
                            Virtual Memory (total/avail): 2047.88 MiB / 1924.63 MiB

                            C: is Fixed (NTFS) - 119.49 GiB total, 74.69 GiB free.
                            D: is Fixed (FAT32) - 29.54 GiB total, 24.89 GiB free.
                            E: is CDROM (No Media)

                            \\.\PHYSICALDRIVE0 - WDC WD16 00BEVS-22RST SCSI Disk Device - 149.05 GiB - 2 partitions
                            \PARTITION0 (bootable) - Installable File System - 119.49 GiB - C:
                            \PARTITION1 - Unknown - 29.56 GiB - D:



                            -- Security Center -------------------------------------------------------------

                            AUOptions is scheduled to auto-install.
                            Windows Internal Firewall is enabled.

                            AV: BullGuard Antivirus v (BullGuard Software)
                            AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

                            [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

                            [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


                            -- Environment Variables -------------------------------------------------------

                            ALLUSERSPROFILE=C:\ProgramData
                            APPDATA=C:\Users\splinter_x\AppData\Roaming
                            CommonProgramFiles=C:\Program Files\Common Files
                            COMPUTERNAME=LANA
                            ComSpec=C:\Windows\system32\cmd.exe
                            FP_NO_HOST_CHECK=NO
                            HOMEDRIVE=C:
                            HOMEPATH=\Users\splinter_x
                            LOCALAPPDATA=C:\Users\splinter_x\AppData\Local
                            LOGONSERVER=\\LANA
                            NUMBER_OF_PROCESSORS=2
                            OS=Windows_NT
                            Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
                            PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                            PROCESSOR_ARCHITECTURE=x86
                            PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
                            PROCESSOR_LEVEL=15
                            PROCESSOR_REVISION=6801
                            ProgramData=C:\ProgramData
                            ProgramFiles=C:\Program Files
                            PROMPT=$P$G
                            PUBLIC=C:\Users\Public
                            SystemDrive=C:
                            SystemRoot=C:\Windows
                            TEMP=C:\Users\SPLINT~1\AppData\Local\Temp
                            TMP=C:\Users\SPLINT~1\AppData\Local\Temp
                            USERDOMAIN=Lana
                            USERNAME=splinter_x
                            USERPROFILE=C:\Users\splinter_x
                            windir=C:\Windows


                            -- User Profiles ---------------------------------------------------------------

                            splinter_x


                            -- Add/Remove Programs ---------------------------------------------------------

                            --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
                            --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
                            --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
                            --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
                            --> C:\Windows\UNNeroVision.exe /UNINSTALL
                            --> C:\Windows\UNRecode.exe /UNINSTALL
                            Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
                            Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
                            Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
                            Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
                            BullGuard 7.0 for Vista --> C:\Program Files\BullGuard Software\BullGuard\uninst.exe
                            CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
                            ConvertXtoDVD 3.0.0.9 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
                            DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
                            Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
                            Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
                            Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
                            HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
                            IEEE 802.11g Wireless LAN driver --> C:\Program Files\InstallShield Installation Information\{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}\setup.exe -runfromtemp -l0x0009 -removeonly
                            Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
                            Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
                            K-Lite Codec Pack 3.8.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
                            Launch Manager V1.4.0 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0013 -removeonly
                            LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
                            Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
                            MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
                            MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
                            Nero 8 Trial --> MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911043}
                            neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
                            NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
                            OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
                            PC-Cleaner --> C:\Program Files\PC-Cleaner\Uninstall.exe
                            Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x13 -removeonly
                            SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
                            Suyin Live Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0013 -removeonly -u
                            SUYIN webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
                            Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
                            Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
                            VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
                            VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
                            Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
                            Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
                            Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
                            WinRAR --> C:\Program Files\WinRAR\uninstall.exe
                            WordPerfect Office X3 --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}


                            -- Application Event Log -------------------------------------------------------

                            Event Record #/Type1976 / Success
                            Event Submitted/Written: 05/04/2008 00:54:37 PM
                            Event ID/Source: 12001 / usnjsvc
                            Event Description:
                            The Messenger Sharing USN Journal Reader service started successfully.

                            Event Record #/Type1970 / Success
                            Event Submitted/Written: 05/04/2008 00:54:05 PM
                            Event ID/Source: 5617 / WinMgmt
                            Event Description:


                            Event Record #/Type1969 / Success
                            Event Submitted/Written: 05/04/2008 00:54:05 PM
                            Event ID/Source: 5615 / WinMgmt
                            Event Description:


                            Event Record #/Type1962 / Success
                            Event Submitted/Written: 05/04/2008 00:53:56 PM
                            Event ID/Source: 902 / Software Licensing Service
                            Event Description:
                            De Software Licensing-service is gestart.

                            Event Record #/Type1953 / Warning
                            Event Submitted/Written: 05/04/2008 02:31:25 AM
                            Event ID/Source: 1530 / profsvc
                            Event Description:
                            Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

                            DETAIL -
                            1 user registry handles leaked from \Registry\User\S-1-5-21-2804389587-1086438779-3256742696-1000_Classes:
                            Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2804389587-1086438779-3256742696-1000_CLASSES



                            -- Security Event Log ----------------------------------------------------------

                            No Errors/Warnings found.


                            -- System Event Log ------------------------------------------------------------

                            Event Record #/Type13746 / Warning
                            Event Submitted/Written: 05/04/2008 02:56:00 PM
                            Event ID/Source: 4226 / Tcpip
                            Event Description:
                            De beveiligingslimiet voor het aantal gelijktijdige TCP-verbindingspogingen is bereikt door TCP/IP.

                            Event Record #/Type13745 / Warning
                            Event Submitted/Written: 05/04/2008 02:44:43 PM
                            Event ID/Source: 51 / cdrom
                            Event Description:
                            Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

                            Event Record #/Type13744 / Warning
                            Event Submitted/Written: 05/04/2008 02:44:42 PM
                            Event ID/Source: 51 / cdrom
                            Event Description:
                            Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

                            Event Record #/Type13743 / Warning
                            Event Submitted/Written: 05/04/2008 02:44:42 PM
                            Event ID/Source: 51 / cdrom
                            Event Description:
                            Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.

                            Event Record #/Type13742 / Warning
                            Event Submitted/Written: 05/04/2008 02:44:42 PM
                            Event ID/Source: 51 / cdrom
                            Event Description:
                            Er is een fout ontdekt op apparaat \Device\CdRom0 tijdens een wisselbestandsbewerking.



                            -- End of Deckard's System Scanner: finished at 2008-05-04 17:20:52 ------------

                            greetz
                            SPLINTER

                            Comment


                            • #15
                              sorry te vroeg gejuicht

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X