Mededeling

**smeenk** · 12-05-08, 18:04

Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra opmerking:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

**DigiDoc** · 12-05-08, 19:44

Bedankt! Bij het opstarten gaf hij 4 errors van rundll over de verwijderde bestanden... maar hier zijn de twee logs.

--

Malwarebytes' Anti-Malware 1.12
Database versie: 742

Scan type: Snelle Scan
Objecten gescand: 42603
Verstreken tijd: 7 minute(s), 15 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 3
Registersleutels geïnfecteerd: 15
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 23

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\fedokvsh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rqRKBSKe.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBstutU.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{221eceb6-c86d-4263-815f-99b5d7a01518} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{221eceb6-c86d-4263-815f-99b5d7a01518} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4d13f30-55a5-49bb-8b90-2a71ea9673a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4d13f30-55a5-49bb-8b90-2a71ea9673a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebstutu (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f42284e9-89ed-4b67-8f76-ff253822777a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a4d13f30-55a5-49bb-8b90-2a71ea9673a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM639bbcb9 (Trojan.Agent) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkbske -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkbske -> Delete on reboot.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\fedokvsh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hsvkodef.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpjjgjuq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qujgjjpm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKBSKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eKSBKRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eKSBKRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBstutU.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\avevifxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crcjhbxa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irpqibop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgxnmjfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mskkhuhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovbdbefp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmixidkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wckruxxo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\1IWQVCKX\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnnbqvtc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvUoomm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCtQkJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlmLBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoLfgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUljIaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:13, on 12-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [60a88f25] "rundll32.exe" "C:\WINDOWS\system32\fedokvsh.dll",b
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{796287F2-199B-445C-B53F-FD7AE6BE786B}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnlMdDt - opnlMdDt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10846 bytes

**smeenk** · 13-05-08, 11:21

Start Hijackthis en vink alleen de volgende regels aan:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [60a88f25] "rundll32.exe" "C:\WINDOWS\system32\fedokvsh.dll",b
O20 - Winlogon Notify: opnlMdDt - opnlMdDt.dll (file missing)
Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**DigiDoc** · 13-05-08, 17:27

Bedankt Smeenk voor je hulp! Hier zijn de logs:

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:05, on 13-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{796287F2-199B-445C-B53F-FD7AE6BE786B}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10358 bytes

---

---RVAXO.exe Updated: 2008-05-10---first run---
Uninstallers:

Files found:
C:\WINDOWS\BM639bbcb9.xml
C:\WINDOWS\BM639bbcb9.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\mcrh.tmp

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

**smeenk** · 13-05-08, 17:57

Oorspronkelijk geplaatst door smeenk Bekijk Berichten

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**DigiDoc** · 13-05-08, 19:10

Mijn excuses, hier is de goede!

======C:\WINDOWS====
----a-w 0 2008-05-13 15:20:54 C:\WINDOWS\0.log
--s-a-w 2,048 2008-05-13 15:20:30 C:\WINDOWS\bootstat.dat
----a-w 108,460 2008-05-13 15:16:21 C:\WINDOWS\ntbtlog.txt
---ha-w 54,156 2008-05-13 15:20:51 C:\WINDOWS\QTFont.qfn
----a-w 32,534 2008-05-13 15:13:59 C:\WINDOWS\SchedLgU.Txt
----a-w 27 2008-05-02 11:35:07 C:\WINDOWS\SDAddressBox1633cb8581916.ini
----a-w 27 2008-05-02 11:31:25 C:\WINDOWS\SDAddressBox16827d0561119.ini
----a-w 7,328 2008-05-11 11:32:39 C:\WINDOWS\setupapi.log
----a-w 0 2008-05-13 15:20:33 C:\WINDOWS\TempFile
----a-w 159 2008-05-13 15:20:37 C:\WINDOWS\wiadebug.log
----a-w 49 2008-05-13 15:20:36 C:\WINDOWS\wiaservc.log
----a-w 1,082,171 2008-05-13 15:23:01 C:\WINDOWS\WindowsUpdate.log
----a-w 2,560 2008-05-09 08:08:52 C:\WINDOWS\_MSRSTRT.EXE

Entries: 13 (11)
Directories: 0 Files: 13
Bytes: 1,289,519 Blocks: 2,524
======C:\WINDOWS\system32=====
----a-w 2,112 2008-05-10 08:36:19 C:\WINDOWS\System32\acxinpni.exe
--sh--w 2,934 2008-05-06 08:25:24 C:\WINDOWS\System32\askttgra.ini
----a-w 97,856 2008-04-23 14:53:33 C:\WINDOWS\System32\atsyromk.dll
--sh--w 2,334 2008-05-02 14:57:43 C:\WINDOWS\System32\bclakpqu.ini
--sh--w 2,574 2008-05-03 18:53:45 C:\WINDOWS\System32\ciogwawu.ini
----a-w 2,112 2008-05-07 08:36:42 C:\WINDOWS\System32\cxnykcwr.exe
----a-w 104,000 2008-04-28 14:52:22 C:\WINDOWS\System32\dmqwulov.dll
----a-w 107,584 2008-05-06 08:30:33 C:\WINDOWS\System32\dynmlfna.dll
--sh--w 4,074 2008-05-11 06:45:50 C:\WINDOWS\System32\ejreglxd.ini
----a-w 106,048 2008-05-08 08:32:53 C:\WINDOWS\System32\etrasvil.dll
------w 91,712 2008-05-12 17:36:19 C:\WINDOWS\System32\fedokvsh.dll
----a-w 105,536 2008-04-30 14:56:57 C:\WINDOWS\System32\flfqidlf.dll
----a-w 2,043,336 2008-04-10 12:44:25 C:\WINDOWS\System32\FNTCACHE.DAT
--sh--w 2,094 2008-05-01 14:23:47 C:\WINDOWS\System32\fverwbqx.ini
------w 37,376 2008-05-12 17:36:19 C:\WINDOWS\System32\geBstutU.dll
--sh--w 1,734 2008-04-30 14:59:27 C:\WINDOWS\System32\gtscgnyj.ini
--sh--w 2,701,527 2008-04-25 14:54:11 C:\WINDOWS\System32\hhbgjsgr.ini
----a-w 107,072 2008-05-01 14:59:29 C:\WINDOWS\System32\hxdypwxc.dll
----a-w 2,112 2008-05-11 08:30:30 C:\WINDOWS\System32\idjbbqvd.exe
----a-w 298,104 2008-05-12 08:14:31 C:\WINDOWS\System32\imon.dll
----a-w 104,512 2008-04-29 14:52:12 C:\WINDOWS\System32\inujjtfa.dll
----a-w 100,416 2008-05-10 08:30:20 C:\WINDOWS\System32\iydhhsin.dll
----a-w 107,072 2008-04-29 14:55:12 C:\WINDOWS\System32\iyoebmrm.dll
----a-w 6,300 2008-04-18 12:37:00 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
----a-w 105,024 2008-05-08 08:27:05 C:\WINDOWS\System32\lboxyuph.dll
------w 98,368 2008-05-12 17:36:20 C:\WINDOWS\System32\lnnbqvtc.dll
----a-w 0 2008-05-12 08:15:37 C:\WINDOWS\System32\mapisvc.inf
----a-w 7,852 2008-04-20 15:25:16 C:\WINDOWS\System32\mcdmsg7.dll
--sh--w 2,393,356 2008-04-27 13:03:33 C:\WINDOWS\System32\mevoutlr.ini
--sh--w 2,368,753 2008-04-28 07:28:45 C:\WINDOWS\System32\miiyxrne.ini
----a-w 107,072 2008-05-01 14:53:29 C:\WINDOWS\System32\mklcfebt.dll
---ha-w 149,608 2008-04-25 11:08:23 C:\WINDOWS\System32\mlfcache.dat
----a-w 97,856 2008-04-25 14:50:12 C:\WINDOWS\System32\ndcvgupb.dll
----a-w 102,464 2008-05-10 08:30:27 C:\WINDOWS\System32\nidfvfhc.dll
----a-w 105,536 2008-05-02 15:01:23 C:\WINDOWS\System32\nnuuggya.dll
--sh--w 2,814 2008-05-05 07:00:02 C:\WINDOWS\System32\pcnolbgn.ini
----a-w 60,760 2008-04-12 16:12:06 C:\WINDOWS\System32\perfc009.dat
----a-w 79,942 2008-04-12 16:12:06 C:\WINDOWS\System32\perfc013.dat
----a-w 400,600 2008-04-12 16:12:06 C:\WINDOWS\System32\perfh009.dat
----a-w 465,104 2008-04-12 16:12:06 C:\WINDOWS\System32\perfh013.dat
----a-w 971,958 2008-04-12 16:12:06 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 103,736 2008-05-06 09:30:18 C:\WINDOWS\System32\PnkBstrB.exe
--sh--w 3,114 2008-05-07 08:28:13 C:\WINDOWS\System32\pqmttfyw.ini
----a-w 95,808 2008-04-23 14:48:41 C:\WINDOWS\System32\pytogabf.dll
----a-w 105,536 2008-05-02 14:55:23 C:\WINDOWS\System32\qlxasqgu.dll
----a-w 101,952 2008-05-11 08:30:31 C:\WINDOWS\System32\rknpkuev.dll
------w 271,872 2008-05-12 17:36:19 C:\WINDOWS\System32\rqRKBSKe.dll
----a-w 271,872 2008-05-12 08:50:53 C:\WINDOWS\System32\rqRKBSKe.Vdll
--sh--w 3,654 2008-05-09 08:30:43 C:\WINDOWS\System32\rsaaiuoo.ini
----a-w 818,420 2008-05-10 10:18:24 C:\WINDOWS\System32\RVAXO.bat
----a-w 105,536 2008-05-06 08:26:06 C:\WINDOWS\System32\rvgecvcx.dll
----a-w 108,096 2008-05-05 07:02:11 C:\WINDOWS\System32\scypiskm.dll
--sh--w 2,371,255 2008-04-26 13:53:58 C:\WINDOWS\System32\smhqbcww.ini
----a-w 104,512 2008-05-03 18:59:24 C:\WINDOWS\System32\smtxdyjm.dll
----a-w 103,488 2008-05-03 18:54:29 C:\WINDOWS\System32\syrwxige.dll
----a-w 337 2008-05-13 15:20:36 C:\WINDOWS\System32\tablet.dat
----a-w 104,512 2008-05-05 07:00:46 C:\WINDOWS\System32\tcgbhrjy.dll
----a-w 107,072 2008-04-26 14:53:35 C:\WINDOWS\System32\tcykderu.dll
----a-w 2,112 2008-05-08 08:35:53 C:\WINDOWS\System32\udjixltl.exe
--sh--w 3,414 2008-05-08 07:42:14 C:\WINDOWS\System32\ulrnfmgq.ini
--sh--w 1,494 2008-04-29 14:53:42 C:\WINDOWS\System32\uoyvhijh.ini
----a-w 108,608 2008-04-28 14:55:22 C:\WINDOWS\System32\utlrgpot.dll
--sh--w 1,504,128 2008-04-24 14:52:52 C:\WINDOWS\System32\vfxumvgg.ini
----a-w 98,368 2008-05-09 08:29:03 C:\WINDOWS\System32\vvypvsht.dll
----a-w 13,646 2008-05-13 15:21:20 C:\WINDOWS\System32\wpa.dbl
----a-w 106,560 2008-05-07 08:30:43 C:\WINDOWS\System32\xarvnxvo.dll
----a-w 102,976 2008-05-09 08:32:09 C:\WINDOWS\System32\xuuxywvh.dll
--sh--w 1,540,909 2008-04-23 14:48:18 C:\WINDOWS\System32\yfruhbee.ini
----a-w 2,112 2008-05-09 08:34:58 C:\WINDOWS\System32\yggpkrtx.exe
----a-w 105,024 2008-05-07 08:27:42 C:\WINDOWS\System32\ykcomsne.dll

Entries: 70 (52)
Directories: 0 Files: 70
Bytes: 22,027,721 Blocks: 43,070
======C:\WINDOWS\system32\drivers=====
----a-w 512,096 2008-05-12 08:14:30 C:\WINDOWS\System32\drivers\amon.sys
----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
----a-w 15,424 2008-05-12 08:14:29 C:\WINDOWS\System32\drivers\nod32drv.sys
----a-w 22,328 2008-05-06 09:30:45 C:\WINDOWS\System32\drivers\PnkBstrK.sys

Entries: 5 (5)
Directories: 0 Files: 5
Bytes: 592,760 Blocks: 1,160
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 53 2008-05-13 15:20:57 C:\biosinfo
----a-w 384 2008-05-13 15:19:23 C:\firstrun6.log
----a-w 158 2008-05-13 15:20:39 C:\msicpl-getdataint.log
----a-w 0 2008-05-13 15:20:39 C:\msicpl-getdispinfo.log
--sha-w 1,610,612,736 2008-05-13 15:20:27 C:\pagefile.sys
----a-w 519 2008-05-13 15:26:03 C:\RVAXO-results.log
----a-w 7,761 2008-05-13 15:26:03 C:\RVAXO-Vfind.log

Entries: 7 (6)
Directories: 0 Files: 7
Bytes: 1,610,621,611 Blocks: 3,145,749
======C:\Documents and Settings\Benjamin\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\Benjamin======
----a-w 19,136,512 2008-05-13 15:19:41 C:\Documents and Settings\Benjamin\ntuser.dat
---ha-w 45,056 2008-05-13 15:25:59 C:\Documents and Settings\Benjamin\ntuser.dat.LOG
--sh--w 288 2008-05-13 15:13:53 C:\Documents and Settings\Benjamin\ntuser.ini

Entries: 3 (1)
Directories: 0 Files: 3
Bytes: 19,181,856 Blocks: 37,465
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 13-05-08, 22:59

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\acxinpni.exe
C:\WINDOWS\System32\askttgra.ini
C:\WINDOWS\System32\atsyromk.dll
C:\WINDOWS\System32\bclakpqu.ini
C:\WINDOWS\System32\ciogwawu.ini
C:\WINDOWS\System32\cxnykcwr.exe
C:\WINDOWS\System32\dmqwulov.dll
C:\WINDOWS\System32\dynmlfna.dll
C:\WINDOWS\System32\ejreglxd.ini
C:\WINDOWS\System32\etrasvil.dll
C:\WINDOWS\System32\fedokvsh.dll
C:\WINDOWS\System32\flfqidlf.dll
C:\WINDOWS\System32\fverwbqx.ini
C:\WINDOWS\System32\geBstutU.dll
C:\WINDOWS\System32\gtscgnyj.ini
C:\WINDOWS\System32\hhbgjsgr.ini
C:\WINDOWS\System32\hxdypwxc.dll
C:\WINDOWS\System32\idjbbqvd.exe
C:\WINDOWS\System32\inujjtfa.dll
C:\WINDOWS\System32\iydhhsin.dll
C:\WINDOWS\System32\iyoebmrm.dll
C:\WINDOWS\System32\lboxyuph.dll
C:\WINDOWS\System32\lnnbqvtc.dll
C:\WINDOWS\System32\mevoutlr.ini
C:\WINDOWS\System32\miiyxrne.ini
C:\WINDOWS\System32\mklcfebt.dll
C:\WINDOWS\System32\mlfcache.dat
C:\WINDOWS\System32\ndcvgupb.dll
C:\WINDOWS\System32\nidfvfhc.dll
C:\WINDOWS\System32\nnuuggya.dll
C:\WINDOWS\System32\pcnolbgn.ini
C:\WINDOWS\System32\pqmttfyw.ini
C:\WINDOWS\System32\pytogabf.dll
C:\WINDOWS\System32\qlxasqgu.dll
C:\WINDOWS\System32\rknpkuev.dll
C:\WINDOWS\System32\rqRKBSKe.dll
C:\WINDOWS\System32\rqRKBSKe.Vdll
C:\WINDOWS\System32\rsaaiuoo.ini
C:\WINDOWS\System32\rvgecvcx.dll
C:\WINDOWS\System32\scypiskm.dll
C:\WINDOWS\System32\smhqbcww.ini
C:\WINDOWS\System32\smtxdyjm.dll
C:\WINDOWS\System32\syrwxige.dll
C:\WINDOWS\System32\tcgbhrjy.dll
C:\WINDOWS\System32\tcykderu.dll
C:\WINDOWS\System32\udjixltl.exe
C:\WINDOWS\System32\ulrnfmgq.ini
C:\WINDOWS\System32\uoyvhijh.ini
C:\WINDOWS\System32\utlrgpot.dll
C:\WINDOWS\System32\vfxumvgg.ini
C:\WINDOWS\System32\vvypvsht.dll
C:\WINDOWS\System32\xarvnxvo.dll
C:\WINDOWS\System32\xuuxywvh.dll
C:\WINDOWS\System32\yfruhbee.ini
C:\WINDOWS\System32\yggpkrtx.exe
C:\WINDOWS\System32\ykcomsne.dll) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**DigiDoc** · 14-05-08, 18:36

Dit is de inhoud van de logfile:

--
Deleting files
C:\WINDOWS\System32\acxinpni.exe deleted
C:\WINDOWS\System32\askttgra.ini deleted
C:\WINDOWS\System32\atsyromk.dll deleted
C:\WINDOWS\System32\bclakpqu.ini deleted
C:\WINDOWS\System32\ciogwawu.ini deleted
C:\WINDOWS\System32\cxnykcwr.exe deleted
C:\WINDOWS\System32\dmqwulov.dll deleted
C:\WINDOWS\System32\dynmlfna.dll deleted
C:\WINDOWS\System32\ejreglxd.ini deleted
C:\WINDOWS\System32\etrasvil.dll deleted
C:\WINDOWS\System32\fedokvsh.dll deleted
C:\WINDOWS\System32\flfqidlf.dll deleted
C:\WINDOWS\System32\fverwbqx.ini deleted
C:\WINDOWS\System32\geBstutU.dll deleted
C:\WINDOWS\System32\gtscgnyj.ini deleted
C:\WINDOWS\System32\hhbgjsgr.ini deleted
C:\WINDOWS\System32\hxdypwxc.dll deleted
C:\WINDOWS\System32\idjbbqvd.exe deleted
C:\WINDOWS\System32\inujjtfa.dll deleted
C:\WINDOWS\System32\iydhhsin.dll deleted
C:\WINDOWS\System32\iyoebmrm.dll deleted
C:\WINDOWS\System32\lboxyuph.dll deleted
C:\WINDOWS\System32\lnnbqvtc.dll deleted
C:\WINDOWS\System32\mevoutlr.ini deleted
C:\WINDOWS\System32\miiyxrne.ini deleted
C:\WINDOWS\System32\mklcfebt.dll deleted
C:\WINDOWS\System32\mlfcache.dat deleted
C:\WINDOWS\System32\ndcvgupb.dll deleted
C:\WINDOWS\System32\nidfvfhc.dll deleted
C:\WINDOWS\System32\nnuuggya.dll deleted
C:\WINDOWS\System32\pcnolbgn.ini deleted
C:\WINDOWS\System32\pqmttfyw.ini deleted
C:\WINDOWS\System32\pytogabf.dll deleted
C:\WINDOWS\System32\qlxasqgu.dll deleted
C:\WINDOWS\System32\rknpkuev.dll deleted
C:\WINDOWS\System32\rqRKBSKe.dll deleted
C:\WINDOWS\System32\rqRKBSKe.Vdll deleted
C:\WINDOWS\System32\rsaaiuoo.ini deleted
C:\WINDOWS\System32\rvgecvcx.dll deleted
C:\WINDOWS\System32\scypiskm.dll deleted
C:\WINDOWS\System32\smhqbcww.ini deleted
C:\WINDOWS\System32\smtxdyjm.dll deleted
C:\WINDOWS\System32\syrwxige.dll deleted
C:\WINDOWS\System32\tcgbhrjy.dll not found
C:\WINDOWS\System32\tcykderu.dll deleted
C:\WINDOWS\System32\udjixltl.exe deleted
C:\WINDOWS\System32\ulrnfmgq.ini deleted
C:\WINDOWS\System32\uoyvhijh.ini deleted
C:\WINDOWS\System32\utlrgpot.dll deleted
C:\WINDOWS\System32\vfxumvgg.ini deleted
C:\WINDOWS\System32\vvypvsht.dll deleted
C:\WINDOWS\System32\xarvnxvo.dll deleted
C:\WINDOWS\System32\xuuxywvh.dll deleted
C:\WINDOWS\System32\yfruhbee.ini deleted
C:\WINDOWS\System32\yggpkrtx.exe deleted
C:\WINDOWS\System32\ykcomsne.dll deleted

**smeenk** · 15-05-08, 09:38

Flinke opruiming

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**DigiDoc** · 16-05-08, 17:34

Mijn computer heeft het virus flink te pakken, in het opstarten gaf hij aan dat hij een tijdelijke profiel moest starten omdat hij niet de oude kon opstarten. Dus mijn settings zijn allemaal anders (doordat ik een tijdelijk profiel gebruik).
In ieder geval, de logfiles:

main.txt:
Deckard's System Scanner v20071014.68
Run by Benjamin on 2008-05-16 16:58:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
121: 2008-05-16 14:59:47 UTC - RP530 - Deckard's System Scanner Restore Point
120: 2008-05-16 14:54:06 UTC - RP529 - Herstelbewerking
119: 2008-05-14 18:41:33 UTC - RP528 - Software Distribution Service 3.0
118: 2008-05-13 14:38:23 UTC - RP527 - Controlepunt van systeem
117: 2008-05-12 08:02:55 UTC - RP526 - Removed ESET NOD32 Antivirus

-- First Restore Point --
1: 2008-05-02 06:32:00 UTC - RP410 - Removed Windows Vista Upgrade Advisor

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Benjamin.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:04, on 16-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TEMP.BENJAMIN-PC\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Benjamin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{796287F2-199B-445C-B53F-FD7AE6BE786B}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8405 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080513-171123-197 O20 - Winlogon Notify: opnlMdDt - opnlMdDt.dll (file missing)
backup-20080513-171123-264 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080513-171123-575 O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080513-171123-731 O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
backup-20080513-171123-795 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080513-171123-847 O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
backup-20080513-171123-999 O4 - HKLM\..\Run: [60a88f25] "rundll32.exe" "C:\WINDOWS\system32\fedokvsh.dll",b

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,75
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.chm - chm.file - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,87
.inf - inffile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,88
.ini - inifile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,65
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,77
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 RT61 (AMIT RT61 Wireless Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 SNPP106 (PC CAMERA DATA SOURCE(6029)1.0(32-32)) - c:\windows\system32\drivers\snpp106.sys <Not Verified; ; PC Camera driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g MIMO Wireless PCI Adapter
Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_030018EB&REV_00\4&13699180&0&3048
Manufacturer: AMIT Technology, Inc.
Name: 802.11g MIMO Wireless PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_030018EB&REV_00\4&13699180&0&3048
Service: RT61

-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 09:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 16:56:05 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Apple Computer
2008-05-16 16:55:05 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Webroot
2008-05-16 16:55:00 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Adobe
2008-05-16 16:54:40 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Identities
2008-05-16 16:53:49 0 d---s---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Favorieten
2008-05-16 16:53:49 0 d--hs---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Cookies
2008-05-16 16:53:49 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Bureaublad
2008-05-16 16:53:49 0 dr-h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Sjablonen
2008-05-16 16:53:48 0 dr-h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\SendTo
2008-05-16 16:53:48 0 d--hs---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Onlangs geopend
2008-05-16 16:53:48 786432 --ah----- C:\Documents and Settings\TEMP.BENJAMIN-PC\NTUSER.DAT
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Netwerkprinteromgeving
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\NetHood
2008-05-16 16:53:48 0 d---s---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Mijn documenten
2008-05-16 16:53:48 0 dr------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Menu Start
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Local Settings
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Sjablonen
2008-05-16 16:52:21 0 dr-h----- C:\Documents and Settings\TEMP\SendTo
2008-05-16 16:52:21 0 d--hs---- C:\Documents and Settings\TEMP\Onlangs geopend
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Netwerkprinteromgeving
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\NetHood
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Mijn documenten
2008-05-16 16:52:21 0 dr------- C:\Documents and Settings\TEMP\Menu Start
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Local Settings
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Favorieten
2008-05-16 16:52:21 0 d--hs---- C:\Documents and Settings\TEMP\Cookies
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Bureaublad
2008-05-16 16:52:21 0 dr-h----- C:\Documents and Settings\TEMP\Application Data
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Webroot
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Identities
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Apple Computer
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Adobe
2008-05-15 15:06:49 149608 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-13 17:24:35 0 d-------- C:\RVAXO
2008-05-13 17:16:59 818420 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-13 17:16:59 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-13 17:16:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-13 17:06:20 0 d-------- C:\Program Files\RCO Edit
2008-05-12 19:27:56 0 d-------- C:\Documents and Settings\Benjamin\Application Data\Malwarebytes
2008-05-12 19:27:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 19:27:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 10:55:53 0 d-------- C:\Program Files\Trend Micro
2008-05-12 10:15:22 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-10 10:18:54 163456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-09 10:50:56 0 d-------- C:\Program Files\Styler
2008-05-09 10:08:52 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-02 18:04:27 0 d-------- C:\Documents and Settings\Benjamin\Application Data\FindeXer
2008-05-02 12:37:46 0 d--hs---- C:\Documents and Settings\Benjamin\Onlangs geopend
2008-04-29 14:06:31 0 d-------- C:\Program Files\AveDesk
2008-04-26 20:25:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-25 14:41:18 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 14:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-25 13:01:07 0 d-------- C:\Program Files\Safari
2008-04-20 17:25:16 7852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-04-19 18:25:07 94208 --a------ C:\WINDOWS\system32\wmpuice.dll <Not Verified; MediaTexX; uICE WMP Plugin>

-- Find3M Report ---------------------------------------------------------------

2008-05-16 16:54:57 53 --a------ C:\biosinfo
2008-05-16 16:53:51 337 --a------ C:\WINDOWS\system32\tablet.dat
2008-05-16 16:53:44 0 --a------ C:\WINDOWS\TempFile
2008-05-10 10:18:54 0 d-------- C:\Program Files\Stardock
2008-05-09 11:19:48 0 d-------- C:\Program Files\Steam
2008-05-09 10:37:03 0 d-------- C:\Program Files\Messenger
2008-05-09 10:37:03 0 d-------- C:\Program Files\MagicISO
2008-05-09 10:37:03 0 d-------- C:\Program Files\LimeWire
2008-05-09 10:37:02 0 d-------- C:\Program Files\WinFlip
2008-05-09 10:37:02 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-09 10:37:01 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-09 10:37:01 0 d-------- C:\Program Files\DivX
2008-05-09 10:34:58 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-07 19:16:49 0 d-------- C:\Program Files\RocketDock
2008-04-25 19:48:30 0 d-------- C:\Program Files\Bonjour
2008-04-25 19:37:55 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-25 14:41:18 0 d-------- C:\Program Files\Common Files
2008-04-25 14:40:38 0 d-------- C:\Program Files\Windows Live
2008-04-25 12:59:54 0 d-------- C:\Program Files\Apple Software Update
2008-04-21 18:13:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:36:40 0 d-------- C:\Program Files\Online Services
2008-04-18 14:37:00 0 d-------- C:\Program Files\Java
2008-04-12 18:12:06 465104 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-12 18:12:06 79942 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-09 14:12:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 16:09:29 0 d-------- C:\Program Files\uTorrent
2008-03-24 15:15:09 69 --a------ C:\Program Files\paypal.txt
2008-03-23 16:57:59 0 d-------- C:\Program Files\%temp&
2008-03-16 16:16:07 0 d-------- C:\Program Files\EA GAMES
2008-03-04 14:04:43 452 --ah----- C:\WINDOWS\Fix.reg
2008-02-28 11:10:25 535 --a------ C:\WINDOWS\eReg.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [24-10-2005 08:45 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [04-08-2004 14:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05-12-2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [29-06-2005 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [04-07-2005 07:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12-05-2005 00:12]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22-10-2006 23:24]
"@"=""

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20-03-2007 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11-12-2007 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11-12-2007 13:10]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [04-12-2007 03:07]
"NvMediaCenter"="RUNDLL32.exe" [04-08-2004 14:00 C:\WINDOWS\system32\rundll32.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12-05-2008 10:14]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04-01-2008 21:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [23-5-2007 16:35:11]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23-10-2006 0:01:50]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [23-6-2007 19:06:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31-01-2005 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 23-09-2007 10:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

-- End of Deckard's System Scanner: finished at 2008-05-16 17:01:32 ------------

**DigiDoc** · 16-05-08, 17:35

extra.txt
Deckard's System Scanner v20071014.68
Run by Benjamin on 2008-05-16 16:58:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
121: 2008-05-16 14:59:47 UTC - RP530 - Deckard's System Scanner Restore Point
120: 2008-05-16 14:54:06 UTC - RP529 - Herstelbewerking
119: 2008-05-14 18:41:33 UTC - RP528 - Software Distribution Service 3.0
118: 2008-05-13 14:38:23 UTC - RP527 - Controlepunt van systeem
117: 2008-05-12 08:02:55 UTC - RP526 - Removed ESET NOD32 Antivirus

-- First Restore Point --
1: 2008-05-02 06:32:00 UTC - RP410 - Removed Windows Vista Upgrade Advisor

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Benjamin.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:04, on 16-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TEMP.BENJAMIN-PC\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Benjamin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{796287F2-199B-445C-B53F-FD7AE6BE786B}: NameServer = 10.0.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8405 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080513-171123-197 O20 - Winlogon Notify: opnlMdDt - opnlMdDt.dll (file missing)
backup-20080513-171123-264 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080513-171123-575 O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080513-171123-731 O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
backup-20080513-171123-795 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080513-171123-847 O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
backup-20080513-171123-999 O4 - HKLM\..\Run: [60a88f25] "rundll32.exe" "C:\WINDOWS\system32\fedokvsh.dll",b

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,75
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.chm - chm.file - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,87
.inf - inffile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,88
.ini - inifile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,65
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\Documents and Settings\Benjamin\Mijn documenten\VISTA PACK 2\Icons\5744 Icons\5744.icl,77
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 RT61 (AMIT RT61 Wireless Driver) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 SNPP106 (PC CAMERA DATA SOURCE(6029)1.0(32-32)) - c:\windows\system32\drivers\snpp106.sys <Not Verified; ; PC Camera driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g MIMO Wireless PCI Adapter
Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_030018EB&REV_00\4&13699180&0&3048
Manufacturer: AMIT Technology, Inc.
Name: 802.11g MIMO Wireless PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_030018EB&REV_00\4&13699180&0&3048
Service: RT61

-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 09:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 16:56:05 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Apple Computer
2008-05-16 16:55:05 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Webroot
2008-05-16 16:55:00 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Adobe
2008-05-16 16:54:40 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data\Identities
2008-05-16 16:53:49 0 d---s---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Favorieten
2008-05-16 16:53:49 0 d--hs---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Cookies
2008-05-16 16:53:49 0 d-------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Bureaublad
2008-05-16 16:53:49 0 dr-h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Application Data
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Sjablonen
2008-05-16 16:53:48 0 dr-h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\SendTo
2008-05-16 16:53:48 0 d--hs---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Onlangs geopend
2008-05-16 16:53:48 786432 --ah----- C:\Documents and Settings\TEMP.BENJAMIN-PC\NTUSER.DAT
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Netwerkprinteromgeving
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\NetHood
2008-05-16 16:53:48 0 d---s---- C:\Documents and Settings\TEMP.BENJAMIN-PC\Mijn documenten
2008-05-16 16:53:48 0 dr------- C:\Documents and Settings\TEMP.BENJAMIN-PC\Menu Start
2008-05-16 16:53:48 0 d--h----- C:\Documents and Settings\TEMP.BENJAMIN-PC\Local Settings
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Sjablonen
2008-05-16 16:52:21 0 dr-h----- C:\Documents and Settings\TEMP\SendTo
2008-05-16 16:52:21 0 d--hs---- C:\Documents and Settings\TEMP\Onlangs geopend
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Netwerkprinteromgeving
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\NetHood
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Mijn documenten
2008-05-16 16:52:21 0 dr------- C:\Documents and Settings\TEMP\Menu Start
2008-05-16 16:52:21 0 d--h----- C:\Documents and Settings\TEMP\Local Settings
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Favorieten
2008-05-16 16:52:21 0 d--hs---- C:\Documents and Settings\TEMP\Cookies
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Bureaublad
2008-05-16 16:52:21 0 dr-h----- C:\Documents and Settings\TEMP\Application Data
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Webroot
2008-05-16 16:52:21 0 d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Identities
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Apple Computer
2008-05-16 16:52:21 0 d-------- C:\Documents and Settings\TEMP\Application Data\Adobe
2008-05-15 15:06:49 149608 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-13 17:24:35 0 d-------- C:\RVAXO
2008-05-13 17:16:59 818420 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-13 17:16:59 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-13 17:16:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-13 17:06:20 0 d-------- C:\Program Files\RCO Edit
2008-05-12 19:27:56 0 d-------- C:\Documents and Settings\Benjamin\Application Data\Malwarebytes
2008-05-12 19:27:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 19:27:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 10:55:53 0 d-------- C:\Program Files\Trend Micro
2008-05-12 10:15:22 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-10 10:18:54 163456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-09 10:50:56 0 d-------- C:\Program Files\Styler
2008-05-09 10:08:52 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-02 18:04:27 0 d-------- C:\Documents and Settings\Benjamin\Application Data\FindeXer
2008-05-02 12:37:46 0 d--hs---- C:\Documents and Settings\Benjamin\Onlangs geopend
2008-04-29 14:06:31 0 d-------- C:\Program Files\AveDesk
2008-04-26 20:25:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-25 14:41:18 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 14:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-25 13:01:07 0 d-------- C:\Program Files\Safari
2008-04-20 17:25:16 7852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-04-19 18:25:07 94208 --a------ C:\WINDOWS\system32\wmpuice.dll <Not Verified; MediaTexX; uICE WMP Plugin>

-- Find3M Report ---------------------------------------------------------------

2008-05-16 16:54:57 53 --a------ C:\biosinfo
2008-05-16 16:53:51 337 --a------ C:\WINDOWS\system32\tablet.dat
2008-05-16 16:53:44 0 --a------ C:\WINDOWS\TempFile
2008-05-10 10:18:54 0 d-------- C:\Program Files\Stardock
2008-05-09 11:19:48 0 d-------- C:\Program Files\Steam
2008-05-09 10:37:03 0 d-------- C:\Program Files\Messenger
2008-05-09 10:37:03 0 d-------- C:\Program Files\MagicISO
2008-05-09 10:37:03 0 d-------- C:\Program Files\LimeWire
2008-05-09 10:37:02 0 d-------- C:\Program Files\WinFlip
2008-05-09 10:37:02 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-09 10:37:01 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-09 10:37:01 0 d-------- C:\Program Files\DivX
2008-05-09 10:34:58 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-07 19:16:49 0 d-------- C:\Program Files\RocketDock
2008-04-25 19:48:30 0 d-------- C:\Program Files\Bonjour
2008-04-25 19:37:55 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-25 14:41:18 0 d-------- C:\Program Files\Common Files
2008-04-25 14:40:38 0 d-------- C:\Program Files\Windows Live
2008-04-25 12:59:54 0 d-------- C:\Program Files\Apple Software Update
2008-04-21 18:13:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:36:40 0 d-------- C:\Program Files\Online Services
2008-04-18 14:37:00 0 d-------- C:\Program Files\Java
2008-04-12 18:12:06 465104 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-12 18:12:06 79942 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-09 14:12:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 16:09:29 0 d-------- C:\Program Files\uTorrent
2008-03-24 15:15:09 69 --a------ C:\Program Files\paypal.txt
2008-03-23 16:57:59 0 d-------- C:\Program Files\%temp&
2008-03-16 16:16:07 0 d-------- C:\Program Files\EA GAMES
2008-03-04 14:04:43 452 --ah----- C:\WINDOWS\Fix.reg
2008-02-28 11:10:25 535 --a------ C:\WINDOWS\eReg.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [24-10-2005 08:45 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [04-08-2004 14:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05-12-2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [29-06-2005 11:08]
"SW24"="C:\WINDOWS\system32\sw24.exe" [04-07-2005 07:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12-05-2005 00:12]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22-10-2006 23:24]
"@"=""

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20-03-2007 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11-12-2007 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11-12-2007 13:10]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [04-12-2007 03:07]
"NvMediaCenter"="RUNDLL32.exe" [04-08-2004 14:00 C:\WINDOWS\system32\rundll32.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12-05-2008 10:14]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04-01-2008 21:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [23-5-2007 16:35:11]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23-10-2006 0:01:50]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [23-6-2007 19:06:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31-01-2005 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 23-09-2007 10:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

-- End of Deckard's System Scanner: finished at 2008-05-16 17:01:32 ------------

**smeenk** · 16-05-08, 19:56

Logje lijkt me schoon.

Ik heb geen idee wat jouw probleem veroorzaakt.
Misschien moet je het hier eens vragen:

404 Not Found

http://nucia.eu/forum/forumdisplay.php?f=15

Mededeling

Geïnfecteerd met virus

Geïnfecteerd met virus

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment