Mededeling

**smeenk** · 17-05-08, 12:49

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: (no name) - {4311B1BE-4408-E636-F035-0A79EB50DEBE} - C:\WINDOWS\system32\nqhbpuoo.dll
O4 - HKLM\..\Run: [nhpudzyj] C:\WINDOWS\system32\nhpudzyj.exe
O4 - HKLM\..\Run: [fffXDQk1M9] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [ribydyto] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ribydyto.dll"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsan.dll,startup
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart je computer.

Post na de herstart een nieuw logje van Hijackthis

**retla** · 17-05-08, 13:05

Hoi smeenk

hierbij een nieuwe log van hijack

alvast bedankt smeenk

[email protected]

Logfile of HijackThis v1.99.1
Scan saved at 13:03:05, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\walter\Mijn documenten\hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe

**smeenk** · 17-05-08, 13:09

Ik zie al wat verbetering

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**retla** · 17-05-08, 13:30

Hierbij het logje
---RVAXO.exe Updated: 2008-05-16---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\winetn32.dll
C:\WINDOWS\system32\drvsan.dll
C:\WINDOWS\wininit.ini
C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\inst.exe
C:\WINDOWS\system32\winver.bat

Folders Found:
C:\WINDOWS\system32\Cache

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

thx

**smeenk** · 17-05-08, 13:33

Zoek het volgende logje eens op: C:\RVAXO-Vfind.log
Staat op je C-schijf.
Post de inhoud van dit logje ook

**retla** · 17-05-08, 13:35

sorry stond tussen mijn documenten

======C:\WINDOWS====
----a-w 2,464 2008-04-27 21:08:49 C:\WINDOWS\$_hpcst$.hpc
----a-w 0 2008-05-17 11:26:54 C:\WINDOWS\0.log
--s-a-w 2,048 2008-05-17 11:26:29 C:\WINDOWS\bootstat.dat
----a-w 69 2008-04-12 20:44:16 C:\WINDOWS\brmx2001.ini
----a-w 52 2008-04-12 20:44:12 C:\WINDOWS\BRPP2KA.INI
----a-w 463 2008-05-14 19:28:07 C:\WINDOWS\brwmark.ini
----a-w 256,005 2008-05-14 21:14:10 C:\WINDOWS\comsetup.log
----a-w 754,360 2008-05-14 21:14:09 C:\WINDOWS\FaxSetup.log
----a-w 1,132,340 2008-05-14 21:14:10 C:\WINDOWS\iis6.log
----a-w 1,374 2008-05-14 21:14:10 C:\WINDOWS\imsins.log
----a-w 14,132 2008-05-14 21:14:10 C:\WINDOWS\KB950749.log
----a-w 51,569 2008-05-14 21:14:09 C:\WINDOWS\MedCtrOC.log
----a-w 2,510 2008-04-27 21:08:52 C:\WINDOWS\Microsoft.MIF
----a-w 37,283 2008-05-14 21:14:09 C:\WINDOWS\msgsocm.log
----a-w 211,566 2008-05-14 21:14:07 C:\WINDOWS\msmqinst.log
----a-w 129,496 2008-05-14 21:14:09 C:\WINDOWS\netfxocm.log
----a-w 420 2008-04-29 16:36:23 C:\WINDOWS\nsw.log
----a-w 154,548 2008-05-14 21:14:10 C:\WINDOWS\ntdtcsetup.log
----a-w 364,702 2008-05-14 21:14:09 C:\WINDOWS\ocgen.log
----a-w 46,598 2008-05-14 21:14:10 C:\WINDOWS\ocmsn.log
----a-w 40 2008-04-12 20:44:16 C:\WINDOWS\opt_1470.ini
----a-w 18,124 2008-05-17 11:15:49 C:\WINDOWS\SchedLgU.Txt
----a-w 819,484 2008-05-15 23:05:35 C:\WINDOWS\setupapi.log
----a-w 227 2008-05-17 11:25:47 C:\WINDOWS\system.ini
----a-w 37,328 2008-05-14 21:14:10 C:\WINDOWS\tabletoc.log
----a-w 343,196 2008-05-14 21:14:10 C:\WINDOWS\tsoc.log
----a-w 6,224 2008-04-10 16:33:25 C:\WINDOWS\WgaNotify.log
----a-w 159 2008-05-17 11:27:00 C:\WINDOWS\wiadebug.log
----a-w 49 2008-05-17 11:26:54 C:\WINDOWS\wiaservc.log
----a-w 582 2008-05-17 11:25:47 C:\WINDOWS\win.ini
----a-w 1,622,859 2008-05-17 11:26:57 C:\WINDOWS\WindowsUpdate.log

Entries: 31 (30)
Directories: 0 Files: 31
Bytes: 6,010,271 Blocks: 11,754
======C:\WINDOWS\system32=====
----a-w 1,152,888 2008-05-12 16:44:11 C:\WINDOWS\System32\aswBoot.exe
----a-w 95,608 2008-05-12 16:32:02 C:\WINDOWS\System32\AvastSS.scr
----a-w 30 2008-04-12 20:44:14 C:\WINDOWS\System32\brss01a.ini
----a-w 184 2008-04-12 20:44:13 C:\WINDOWS\System32\brsvc01a.bsi
----a-w 2,894 2008-05-15 18:30:52 C:\WINDOWS\System32\CONFIG.NT
----a-w 289,296 2008-04-27 20:35:27 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 118,784 2008-05-17 08:35:30 C:\WINDOWS\System32\nhpudzyj.exe
----a-w 114,688 2008-05-17 08:35:34 C:\WINDOWS\System32\nqhbpuoo.dll
----a-w 822,165 2008-05-16 05:10:02 C:\WINDOWS\System32\RVAXO.bat
----a-w 2,206 2008-05-17 11:27:05 C:\WINDOWS\System32\wpa.dbl

Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 2,598,743 Blocks: 5,080
======C:\WINDOWS\system32\drivers=====
----a-w 26,944 2008-05-12 16:33:19 C:\WINDOWS\System32\drivers\aavmker4.sys
----a-w 20,560 2008-05-12 16:38:45 C:\WINDOWS\System32\drivers\aswFsBlk.sys
----a-w 94,416 2008-05-12 16:38:25 C:\WINDOWS\System32\drivers\aswmon2.sys
----a-w 23,152 2008-05-12 16:34:42 C:\WINDOWS\System32\drivers\aswRdr.sys
----a-w 77,904 2008-05-12 16:36:18 C:\WINDOWS\System32\drivers\aswSP.sys
----a-w 42,912 2008-05-12 16:33:38 C:\WINDOWS\System32\drivers\aswTdi.sys
----a-w 47,360 2008-04-27 17:52:50 C:\WINDOWS\System32\drivers\pcouffin.sys

Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 333,248 Blocks: 655
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sh--w 211 2008-05-17 11:25:47 C:\boot.ini
----a-w 439 2008-05-17 11:22:15 C:\firstrun6.log
--sha-w 536,403,968 2008-05-17 11:26:28 C:\hiberfil.sys
--sha-w 805,306,368 2008-05-17 11:26:27 C:\pagefile.sys
----a-w 574 2008-05-17 11:32:29 C:\RVAXO-results.log
----a-w 4,299 2008-05-17 11:32:29 C:\RVAXO-Vfind.log
----a-w 134 2008-05-15 22:56:29 C:\VundoFix.txt

Entries: 7 (4)
Directories: 0 Files: 7
Bytes: 1,341,715,993 Blocks: 2,620,542
======C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data======
----a-w 7,887 2008-04-27 17:52:50 C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.cat
----a-w 1,144 2008-04-27 17:52:50 C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.inf
----a-w 34 2008-04-27 17:52:55 C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.log
----a-w 47,360 2008-04-27 17:52:50 C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.sys

Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 56,425 Blocks: 113
======C:\Documents and Settings\hilde.WALTER-636F6F10======
---ha-w 3,407,872 2008-05-17 11:25:51 C:\Documents and Settings\hilde.WALTER-636F6F10\NTUSER.DAT
---ha-w 45,056 2008-05-17 11:32:25 C:\Documents and Settings\hilde.WALTER-636F6F10\ntuser.dat.LOG
--sh--w 188 2008-05-17 11:25:52 C:\Documents and Settings\hilde.WALTER-636F6F10\ntuser.ini

Entries: 3 (0)
Directories: 0 Files: 3
Bytes: 3,453,116 Blocks: 6,745
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 17-05-08, 13:39

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\nhpudzyj.exe
C:\WINDOWS\System32\nqhbpuoo.dll
"C:\Documents and Settings\All Users\Application Data\ribydyto.dll") DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**retla** · 17-05-08, 14:05

gaat vlug smeenk
merci
voila mijn logje
[email protected]

Deleting files
C:\WINDOWS\System32\nhpudzyj.exe deleted
C:\WINDOWS\System32\nqhbpuoo.dll deleted
"C:\Documents and Settings\All Users\Application Data\ribydyto.dll" deleted

**smeenk** · 17-05-08, 15:48

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**retla** · 17-05-08, 17:34

Deckard's System Scanner v20071014.68
Run by hilde on 2008-05-17 17:27:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
38: 2008-05-17 15:27:18 UTC - RP75 - Deckard's System Scanner Restore Point
37: 2008-05-17 13:00:56 UTC - RP74 - Software Distribution Service 3.0
36: 2008-05-17 08:25:21 UTC - RP73 - Controlepunt van systeem
35: 2008-05-15 22:11:26 UTC - RP72 - Geïnstalleerd: Ad-Aware 2007
34: 2008-05-15 21:21:45 UTC - RP71 - Controlepunt van systeem

-- First Restore Point --
1: 2008-04-07 22:05:30 UTC - RP38 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).

-- HijackThis (run as hilde.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-17 17:28:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrodist.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Documents and Settings\hilde.WALTER-636F6F10\Bureaublad\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\system32\winetn32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe

--
End of file - 10948 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\walter\MIJNDO~1\HIJACK~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070920-131200-753 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070920-131805-922 O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
backup-20080517-125701-170 O2 - BHO: (no name) - {4311B1BE-4408-E636-F035-0A79EB50DEBE} - C:\WINDOWS\system32\nqhbpuoo.dll
backup-20080517-125701-275 O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
backup-20080517-125701-617 O4 - HKLM\..\Run: [fffXDQk1M9] C:\WINDOWS\system32\winver.exe
backup-20080517-125701-764 O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsan.dll,startup
backup-20080517-125701-837 O4 - HKLM\..\Run: [nhpudzyj] C:\WINDOWS\system32\nhpudzyj.exe
backup-20080517-125701-950 O4 - HKLM\..\Run: [ribydyto] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ribydyto.dll"

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 USBDeviceService - c:\program files\roxio\mydvd\mydvd\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: SoftV92 Data Fax Modem
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Manufacturer: CXT
Name: SoftV92 Data Fax Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Service: Modem

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia-videocontroller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Manufacturer:
Name: Multimedia-videocontroller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimediacontroller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Manufacturer:
Name: Multimediacontroller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-controller
Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\3F8502E01800
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\3F8502E01800
Service: NIC1394

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 13:31:36 0 d-------- C:\RVAXO
2008-05-17 13:20:22 822165 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-17 13:20:22 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-17 13:15:07 0 d-------- C:\WINDOWS\pss
2008-05-17 13:14:30 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\WinRAR
2008-05-16 00:48:48 0 d-------- C:\VundoFix Backups
2008-05-16 00:11:28 0 d-------- C:\Program Files\Lavasoft
2008-05-16 00:11:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 23:52:53 0 d-------- C:\Program Files\Enigma Software Group
2008-05-12 21:49:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-12 21:26:41 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-12 21:26:39 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-05-12 21:26:37 0 d-------- C:\Program Files\PDFCreator
2008-05-08 19:36:35 0 d-------- C:\temp
2008-04-28 22:49:37 0 d-------- C:\Documents and Settings\walter\Application Data\FileZilla
2008-04-28 22:49:18 0 d-------- C:\Program Files\FileZilla FTP Client
2008-04-28 00:31:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 00:31:33 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 23:08:25 77899 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 36942 --a------ C:\WINDOWS\system32\ppcload.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 65615 --a------ C:\WINDOWS\system32\pmailext.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 61519 --a------ C:\WINDOWS\system32\MsgStRPC.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 24653 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-27 23:08:20 327168 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield(r) unInstaller>
2008-04-27 23:07:42 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-27 22:52:51 0 d-------- C:\Documents and Settings\walter\Application Data\Leadertech
2008-04-27 22:33:41 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-27 22:32:20 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-27 22:31:38 0 d-------- C:\WINDOWS\system32\dla
2008-04-27 22:31:37 0 d-------- C:\Program Files\Roxio
2008-04-27 20:00:53 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\vlc
2008-04-27 19:58:04 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\CyberLink
2008-04-27 19:52:50 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Vso
2008-04-27 19:52:50 47360 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:47 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-27 19:52:47 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-27 19:52:47 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-27 19:52:44 0 d-------- C:\Program Files\VSO
2008-04-17 18:43:31 0 d-------- C:\Program Files\FireTrust
2008-04-17 18:43:31 0 d-------- C:\Documents and Settings\walter\Application Data\MailWasherPro

-- Find3M Report ---------------------------------------------------------------

2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files
2008-05-14 20:36:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-12 21:49:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 19:23:42 0 d-------- C:\Program Files\E-Color
2008-04-27 19:52:55 34 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.log
2008-04-27 19:52:50 1144 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.inf
2008-04-27 19:52:50 7887 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.cat
2008-04-10 21:16:57 0 d-------- C:\Program Files\ExtraFilm PhotoAssistant
2008-04-08 21:50:44 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-08 21:50:43 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-08 21:50:41 0 d-------- C:\Program Files\Macromedia
2008-04-08 17:49:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Windows Desktop Search
2008-04-07 20:35:07 462032 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-07 20:35:07 90108 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-07 20:35:03 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-07 16:45:37 0 d-------- C:\Program Files\Messenger
2008-04-06 17:15:41 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Adobe
2008-04-06 12:55:00 0 d-------- C:\Program Files\Alwil Software
2008-04-02 19:39:33 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\AdobeUM
2008-04-01 01:45:49 0 d-------- C:\Program Files\Hercules
2008-04-01 01:44:36 0 d-------- C:\Program Files\CyberLink
2008-04-01 01:38:49 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-01 01:36:05 0 d-------- C:\Program Files\ATI Technologies
2008-03-31 21:21:08 0 d-------- C:\Program Files\PhotoFiltre
2008-03-31 21:16:42 0 d-------- C:\Program Files\VideoLAN
2008-03-31 21:12:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-31 20:37:52 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-31 20:37:52 0 d-------- C:\Program Files\Ahead
2008-03-31 12:21:01 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Macromedia
2008-03-31 01:15:44 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Identities
2008-03-31 01:13:23 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-31 00:55:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-31 00:55:47 4239 --a------ C:\WINDOWS\mozver.dat
2008-03-31 00:25:25 0 d-------- C:\Program Files\Nvu
2008-03-31 00:01:24 0 d-------- C:\Program Files\ASUS
2008-03-30 23:01:33 0 d-------- C:\Program Files\Microsoft Works
2008-03-30 23:01:26 0 d-------- C:\Program Files\MSBuild
2008-03-30 22:31:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-30 22:31:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-30 22:30:53 62 --ahs---- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\desktop.ini
2008-03-30 20:51:34 0 d-------- C:\Program Files\microsoft frontpage
2008-03-30 20:51:12 0 -rahs---- C:\MSDOS.SYS
2008-03-30 20:51:12 0 -rahs---- C:\IO.SYS
2008-03-30 20:51:12 0 --a------ C:\CONFIG.SYS
2008-03-30 20:51:12 0 --a------ C:\AUTOEXEC.BAT
2008-03-30 20:49:38 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-30 20:49:33 0 d-------- C:\Program Files\Online Services
2008-03-30 20:48:35 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-30 20:48:25 0 d-------- C:\Program Files\Movie Maker
2008-03-30 20:47:32 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-30 20:46:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-30 20:46:42 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"nForce Tray Options"="sstray.exe" [13/11/2002 09:34 C:\WINDOWS\system32\sstray.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll"

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [06/04/2005 16:53]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"@"=""

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 21:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/05/2008 18:39]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [26/08/2005 05:33]
"DetectorApp"="C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe" [31/08/2005 06:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

C:\Documents and Settings\hilde.WALTER-636F6F10\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [31/03/2008 21:01:22]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [30/03/2008 23:29:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
internet efe verloren - kandit komen door dat deL;bat bestandje?
Ik moest de router reseten?

maar hierbij het logje van dss

er was oo en logje bij extra
moet je dit ook bekijken?

-- End of Deckard's System Scanner: finished at 2008-05-17 17:30:05 ------------

**retla** · 17-05-08, 17:36

Deckard's System Scanner v20071014.68
Run by hilde on 2008-05-17 17:27:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
38: 2008-05-17 15:27:18 UTC - RP75 - Deckard's System Scanner Restore Point
37: 2008-05-17 13:00:56 UTC - RP74 - Software Distribution Service 3.0
36: 2008-05-17 08:25:21 UTC - RP73 - Controlepunt van systeem
35: 2008-05-15 22:11:26 UTC - RP72 - Geïnstalleerd: Ad-Aware 2007
34: 2008-05-15 21:21:45 UTC - RP71 - Controlepunt van systeem

-- First Restore Point --
1: 2008-04-07 22:05:30 UTC - RP38 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).

-- HijackThis (run as hilde.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-17 17:28:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrodist.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Documents and Settings\hilde.WALTER-636F6F10\Bureaublad\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\system32\winetn32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe

--
End of file - 10948 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\walter\MIJNDO~1\HIJACK~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070920-131200-753 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070920-131805-922 O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
backup-20080517-125701-170 O2 - BHO: (no name) - {4311B1BE-4408-E636-F035-0A79EB50DEBE} - C:\WINDOWS\system32\nqhbpuoo.dll
backup-20080517-125701-275 O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
backup-20080517-125701-617 O4 - HKLM\..\Run: [fffXDQk1M9] C:\WINDOWS\system32\winver.exe
backup-20080517-125701-764 O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsan.dll,startup
backup-20080517-125701-837 O4 - HKLM\..\Run: [nhpudzyj] C:\WINDOWS\system32\nhpudzyj.exe
backup-20080517-125701-950 O4 - HKLM\..\Run: [ribydyto] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ribydyto.dll"

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 USBDeviceService - c:\program files\roxio\mydvd\mydvd\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: SoftV92 Data Fax Modem
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Manufacturer: CXT
Name: SoftV92 Data Fax Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Service: Modem

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia-videocontroller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Manufacturer:
Name: Multimedia-videocontroller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimediacontroller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Manufacturer:
Name: Multimediacontroller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-controller
Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\3F8502E01800
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\3F8502E01800
Service: NIC1394

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 13:31:36 0 d-------- C:\RVAXO
2008-05-17 13:20:22 822165 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-17 13:20:22 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-17 13:15:07 0 d-------- C:\WINDOWS\pss
2008-05-17 13:14:30 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\WinRAR
2008-05-16 00:48:48 0 d-------- C:\VundoFix Backups
2008-05-16 00:11:28 0 d-------- C:\Program Files\Lavasoft
2008-05-16 00:11:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 23:52:53 0 d-------- C:\Program Files\Enigma Software Group
2008-05-12 21:49:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-12 21:26:41 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-12 21:26:39 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-05-12 21:26:37 0 d-------- C:\Program Files\PDFCreator
2008-05-08 19:36:35 0 d-------- C:\temp
2008-04-28 22:49:37 0 d-------- C:\Documents and Settings\walter\Application Data\FileZilla
2008-04-28 22:49:18 0 d-------- C:\Program Files\FileZilla FTP Client
2008-04-28 00:31:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 00:31:33 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 23:08:25 77899 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 36942 --a------ C:\WINDOWS\system32\ppcload.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 65615 --a------ C:\WINDOWS\system32\pmailext.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 61519 --a------ C:\WINDOWS\system32\MsgStRPC.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 24653 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-27 23:08:20 327168 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield(r) unInstaller>
2008-04-27 23:07:42 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-27 22:52:51 0 d-------- C:\Documents and Settings\walter\Application Data\Leadertech
2008-04-27 22:33:41 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-27 22:32:20 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-27 22:31:38 0 d-------- C:\WINDOWS\system32\dla
2008-04-27 22:31:37 0 d-------- C:\Program Files\Roxio
2008-04-27 20:00:53 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\vlc
2008-04-27 19:58:04 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\CyberLink
2008-04-27 19:52:50 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Vso
2008-04-27 19:52:50 47360 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:47 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-27 19:52:47 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-27 19:52:47 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-27 19:52:44 0 d-------- C:\Program Files\VSO
2008-04-17 18:43:31 0 d-------- C:\Program Files\FireTrust
2008-04-17 18:43:31 0 d-------- C:\Documents and Settings\walter\Application Data\MailWasherPro

-- Find3M Report ---------------------------------------------------------------

2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files
2008-05-14 20:36:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-12 21:49:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 19:23:42 0 d-------- C:\Program Files\E-Color
2008-04-27 19:52:55 34 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.log
2008-04-27 19:52:50 1144 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.inf
2008-04-27 19:52:50 7887 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.cat
2008-04-10 21:16:57 0 d-------- C:\Program Files\ExtraFilm PhotoAssistant
2008-04-08 21:50:44 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-08 21:50:43 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-08 21:50:41 0 d-------- C:\Program Files\Macromedia
2008-04-08 17:49:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Windows Desktop Search
2008-04-07 20:35:07 462032 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-07 20:35:07 90108 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-07 20:35:03 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-07 16:45:37 0 d-------- C:\Program Files\Messenger
2008-04-06 17:15:41 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Adobe
2008-04-06 12:55:00 0 d-------- C:\Program Files\Alwil Software
2008-04-02 19:39:33 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\AdobeUM
2008-04-01 01:45:49 0 d-------- C:\Program Files\Hercules
2008-04-01 01:44:36 0 d-------- C:\Program Files\CyberLink
2008-04-01 01:38:49 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-01 01:36:05 0 d-------- C:\Program Files\ATI Technologies
2008-03-31 21:21:08 0 d-------- C:\Program Files\PhotoFiltre
2008-03-31 21:16:42 0 d-------- C:\Program Files\VideoLAN
2008-03-31 21:12:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-31 20:37:52 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-31 20:37:52 0 d-------- C:\Program Files\Ahead
2008-03-31 12:21:01 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Macromedia
2008-03-31 01:15:44 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Identities
2008-03-31 01:13:23 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-31 00:55:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-31 00:55:47 4239 --a------ C:\WINDOWS\mozver.dat
2008-03-31 00:25:25 0 d-------- C:\Program Files\Nvu
2008-03-31 00:01:24 0 d-------- C:\Program Files\ASUS
2008-03-30 23:01:33 0 d-------- C:\Program Files\Microsoft Works
2008-03-30 23:01:26 0 d-------- C:\Program Files\MSBuild
2008-03-30 22:31:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-30 22:31:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-30 22:30:53 62 --ahs---- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\desktop.ini
2008-03-30 20:51:34 0 d-------- C:\Program Files\microsoft frontpage
2008-03-30 20:51:12 0 -rahs---- C:\MSDOS.SYS
2008-03-30 20:51:12 0 -rahs---- C:\IO.SYS
2008-03-30 20:51:12 0 --a------ C:\CONFIG.SYS
2008-03-30 20:51:12 0 --a------ C:\AUTOEXEC.BAT
2008-03-30 20:49:38 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-30 20:49:33 0 d-------- C:\Program Files\Online Services
2008-03-30 20:48:35 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-30 20:48:25 0 d-------- C:\Program Files\Movie Maker
2008-03-30 20:47:32 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-30 20:46:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-30 20:46:42 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"nForce Tray Options"="sstray.exe" [13/11/2002 09:34 C:\WINDOWS\system32\sstray.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll"

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [06/04/2005 16:53]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"@"=""

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 21:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/05/2008 18:39]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [26/08/2005 05:33]
"DetectorApp"="C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe" [31/08/2005 06:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

C:\Documents and Settings\hilde.WALTER-636F6F10\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [31/03/2008 21:01:22]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [30/03/2008 23:29:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
internet efe verloren - kandit komen door dat deL;bat bestandje?
Ik moest de router reseten?

maar hierbij het logje van dss

er was oo en logje bij extra
moet je dit ook bekijken?
Deckard's System Scanner v20071014.68
Run by hilde on 2008-05-17 17:27:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
38: 2008-05-17 15:27:18 UTC - RP75 - Deckard's System Scanner Restore Point
37: 2008-05-17 13:00:56 UTC - RP74 - Software Distribution Service 3.0
36: 2008-05-17 08:25:21 UTC - RP73 - Controlepunt van systeem
35: 2008-05-15 22:11:26 UTC - RP72 - Geïnstalleerd: Ad-Aware 2007
34: 2008-05-15 21:21:45 UTC - RP71 - Controlepunt van systeem

-- First Restore Point --
1: 2008-04-07 22:05:30 UTC - RP38 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).

-- HijackThis (run as hilde.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-17 17:28:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrodist.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Documents and Settings\hilde.WALTER-636F6F10\Bureaublad\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\system32\winetn32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe

--
End of file - 10948 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\walter\MIJNDO~1\HIJACK~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070920-131200-753 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070920-131805-922 O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
backup-20080517-125701-170 O2 - BHO: (no name) - {4311B1BE-4408-E636-F035-0A79EB50DEBE} - C:\WINDOWS\system32\nqhbpuoo.dll
backup-20080517-125701-275 O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
backup-20080517-125701-617 O4 - HKLM\..\Run: [fffXDQk1M9] C:\WINDOWS\system32\winver.exe
backup-20080517-125701-764 O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsan.dll,startup
backup-20080517-125701-837 O4 - HKLM\..\Run: [nhpudzyj] C:\WINDOWS\system32\nhpudzyj.exe
backup-20080517-125701-950 O4 - HKLM\..\Run: [ribydyto] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ribydyto.dll"

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 USBDeviceService - c:\program files\roxio\mydvd\mydvd\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: SoftV92 Data Fax Modem
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Manufacturer: CXT
Name: SoftV92 Data Fax Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&3B1D9AB8&0&3040
Service: Modem

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia-videocontroller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Manufacturer:
Name: Multimedia-videocontroller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4040
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimediacontroller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Manufacturer:
Name: Multimediacontroller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&3B1D9AB8&0&4140
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-controller
Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\3F8502E01800
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\3F8502E01800
Service: NIC1394

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 13:31:36 0 d-------- C:\RVAXO
2008-05-17 13:20:22 822165 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-17 13:20:22 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-17 13:15:07 0 d-------- C:\WINDOWS\pss
2008-05-17 13:14:30 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\WinRAR
2008-05-16 00:48:48 0 d-------- C:\VundoFix Backups
2008-05-16 00:11:28 0 d-------- C:\Program Files\Lavasoft
2008-05-16 00:11:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 23:52:53 0 d-------- C:\Program Files\Enigma Software Group
2008-05-12 21:49:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-12 21:26:41 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-12 21:26:39 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-05-12 21:26:37 0 d-------- C:\Program Files\PDFCreator
2008-05-08 19:36:35 0 d-------- C:\temp
2008-04-28 22:49:37 0 d-------- C:\Documents and Settings\walter\Application Data\FileZilla
2008-04-28 22:49:18 0 d-------- C:\Program Files\FileZilla FTP Client
2008-04-28 00:31:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 00:31:33 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 23:08:25 77899 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 36942 --a------ C:\WINDOWS\system32\ppcload.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 65615 --a------ C:\WINDOWS\system32\pmailext.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 61519 --a------ C:\WINDOWS\system32\MsgStRPC.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-04-27 23:08:25 24653 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-04-27 23:08:25 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-27 23:08:20 327168 --a------ C:\WINDOWS\IsUn0413.exe <Not Verified; InstallShield Software Corporation; InstallShield(r) unInstaller>
2008-04-27 23:07:42 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-27 22:52:51 0 d-------- C:\Documents and Settings\walter\Application Data\Leadertech
2008-04-27 22:33:41 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-27 22:32:20 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-27 22:31:38 0 d-------- C:\WINDOWS\system32\dla
2008-04-27 22:31:37 0 d-------- C:\Program Files\Roxio
2008-04-27 20:00:53 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\vlc
2008-04-27 19:58:04 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\CyberLink
2008-04-27 19:52:50 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Vso
2008-04-27 19:52:50 47360 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-27 19:52:47 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-27 19:52:47 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-27 19:52:47 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-27 19:52:44 0 d-------- C:\Program Files\VSO
2008-04-17 18:43:31 0 d-------- C:\Program Files\FireTrust
2008-04-17 18:43:31 0 d-------- C:\Documents and Settings\walter\Application Data\MailWasherPro

-- Find3M Report ---------------------------------------------------------------

2008-05-16 00:10:48 0 d-------- C:\Program Files\Common Files
2008-05-14 20:36:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 22:54:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-12 21:49:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 19:23:42 0 d-------- C:\Program Files\E-Color
2008-04-27 19:52:55 34 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.log
2008-04-27 19:52:50 1144 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.inf
2008-04-27 19:52:50 7887 --a------ C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\pcouffin.cat
2008-04-10 21:16:57 0 d-------- C:\Program Files\ExtraFilm PhotoAssistant
2008-04-08 21:50:44 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-08 21:50:43 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-08 21:50:41 0 d-------- C:\Program Files\Macromedia
2008-04-08 17:49:50 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Windows Desktop Search

**retla** · 17-05-08, 17:37

en nu deel 22008-04-07 20:35:07 462032 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-07 20:35:07 90108 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-07 20:35:03 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-07 16:45:37 0 d-------- C:\Program Files\Messenger
2008-04-06 17:15:41 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Adobe
2008-04-06 12:55:00 0 d-------- C:\Program Files\Alwil Software
2008-04-02 19:39:33 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\AdobeUM
2008-04-01 01:45:49 0 d-------- C:\Program Files\Hercules
2008-04-01 01:44:36 0 d-------- C:\Program Files\CyberLink
2008-04-01 01:38:49 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-01 01:36:05 0 d-------- C:\Program Files\ATI Technologies
2008-03-31 21:21:08 0 d-------- C:\Program Files\PhotoFiltre
2008-03-31 21:16:42 0 d-------- C:\Program Files\VideoLAN
2008-03-31 21:12:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-31 20:37:52 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-31 20:37:52 0 d-------- C:\Program Files\Ahead
2008-03-31 12:21:01 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Macromedia
2008-03-31 01:15:44 0 d-------- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\Identities
2008-03-31 01:13:23 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-31 00:55:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-31 00:55:47 4239 --a------ C:\WINDOWS\mozver.dat
2008-03-31 00:25:25 0 d-------- C:\Program Files\Nvu
2008-03-31 00:01:24 0 d-------- C:\Program Files\ASUS
2008-03-30 23:01:33 0 d-------- C:\Program Files\Microsoft Works
2008-03-30 23:01:26 0 d-------- C:\Program Files\MSBuild
2008-03-30 22:31:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-30 22:31:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-30 22:30:53 62 --ahs---- C:\Documents and Settings\hilde.WALTER-636F6F10\Application Data\desktop.ini
2008-03-30 20:51:34 0 d-------- C:\Program Files\microsoft frontpage
2008-03-30 20:51:12 0 -rahs---- C:\MSDOS.SYS
2008-03-30 20:51:12 0 -rahs---- C:\IO.SYS
2008-03-30 20:51:12 0 --a------ C:\CONFIG.SYS
2008-03-30 20:51:12 0 --a------ C:\AUTOEXEC.BAT
2008-03-30 20:49:38 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-30 20:49:33 0 d-------- C:\Program Files\Online Services
2008-03-30 20:48:35 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-30 20:48:25 0 d-------- C:\Program Files\Movie Maker
2008-03-30 20:47:32 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-30 20:46:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-30 20:46:42 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"nForce Tray Options"="sstray.exe" [13/11/2002 09:34 C:\WINDOWS\system32\sstray.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll"

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [06/04/2005 16:53]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"@"=""

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/09/2003 21:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/05/2008 18:39]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [26/08/2005 05:33]
"DetectorApp"="C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe" [31/08/2005 06:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

C:\Documents and Settings\hilde.WALTER-636F6F10\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [31/03/2008 21:01:22]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [30/03/2008 23:29:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-05-17 17:30:05 ------------

-- End of Deckard's System Scanner: finished at 2008-05-17 17:30:05 ------------

**smeenk** · 17-05-08, 18:12

Je mag met Hijackthis de volgende regel nog verwijderen:
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\system32\winetn32.dll (file missing)

Verwijder ook de volgende mappen:
C:\VundoFix Backups
C:\Documents and Settings\walter\Mijn documenten\hijackthis\hijackthis\backups

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of er nog problemen zijn.

Groeten smeenk

**retla** · 17-05-08, 20:08

alles blijkt OK te zijn.

Alvast nen dikke merci.

Smeenk mag ik je wat vragen.

Kan het zijn dat met een van deze bewerkingen een pc niet meer afsluit?

Ik heb een beetje zitten klooien met een laptop maar deze wil nu niet meer afsluiten ...

Windows bezig met afsluiten ...

en daar blijft die hangen...

Als dit ergens anders moet worden gepost ... say it

hopelijk kan iemand me hierbij helpen...

thx

[email protected]

zo'n fora op het internet zijn onbetaalbaar !!!

10000000000 X thx , ook vanwege mijn echtgenote ...

We gaan wat antispyware installeren ...

thx

Mededeling

windows antivirus 2008- HEEELP

windows antivirus 2008- HEEELP

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment