Mededeling

Collapse
No announcement yet.

Spyware: pop-ups, trage pc en verwijdere anti-spyware programma's enz. enz.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware: pop-ups, trage pc en verwijdere anti-spyware programma's enz. enz.

    Hey allemaal,

    Ik heb een probleem met mijn computer. Gisteren startte ik een programma, het functioneerde normaal maar toen ik het afsloot gebeurde er een aantal gekke dingen.

    Een aantal processen liepen vast, en de pc herstartte. Na de restart stonden er een aantal nieuwe snelkoppelingen op het bureaublad. Ook kreeg ik pop-ups dan mijn computer was geinfecteerd. Ik dacht 'spyware', dus ik ging kijken waar ik mijn spybot S&D en AdAware had staan. Maar ik kon ze niet vinden, na beter zoeken bleken ze zijn verwijderd. Tevens herstartte de pc weer uit het niets.

    Dit keer duurde het minimaal 5x zolang om hem op te starten.
    Dus ik dacht dan zet ik hem wel een paar dagen terug, dus ik naar systeem herstel. Alle systeem herstel punten waren verwijderd.

    Dus ik heb nu geen idee meer wat ik moet doen.

    Zou iemand zo vriendelijk willen zijn om naar mijn HJT-log te kijken?

    Thanx!!

    HJT-log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:10:25 , on 17-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\scardsvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\b2new.exe
    L:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wmsdkns.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\gkpaxt.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\CF20282.exe
    C:\ComboFix\pv.cfexe
    C:\ComboFix\pv.cfexe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.hetnet.nl:8080;https=proxy.hetnet.nl:8080;socks=127.0.0.1:8998
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\starter.exe
    O4 - HKLM\..\Run: [702027eb] rundll32.exe "C:\WINDOWS\system32\bnfvojfy.dll",b
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: CHIPDRIVE - Fill form - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formfill.html
    O8 - Extra context menu item: CHIPDRIVE - Fill forms on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formigno.html
    O8 - Extra context menu item: CHIPDRIVE - Fill password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passfill.html
    O8 - Extra context menu item: CHIPDRIVE - Fill passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passigno.html
    O8 - Extra context menu item: CHIPDRIVE - Save password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passave.html
    O8 - Extra context menu item: CHIPDRIVE - Save passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passsvig.html
    O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bw+0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Command Service (cmdservice) - Unknown owner - C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Network Monitor (network monitor) - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 22409 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      alvast bedankt voor je hulp!

      hier is mijn MDAM log:Malwarebytes' Anti-Malware 1.12
      Database versie: 759

      Scan type: Snelle Scan
      Objecten gescand: 47983
      Verstreken tijd: 32 minute(s), 43 second(s)

      Geheugenprocessen geïnfecteerd: 4
      Geheugenmodulen geïnfecteerd: 6
      Registersleutels geïnfecteerd: 72
      Registerwaarden geïnfecteerd: 4
      Registerdata bestanden geïnfecteerd: 3
      Mappen geïnfecteerd: 12
      Bestanden geïnfecteerd: 135

      Geheugenprocessen geïnfecteerd:
      c:\WINDOWS\twfydgllbibcb25mcmvy\command.exe (AdWare.CommAd) -> Failed to unload process.
      c:\WINDOWS\b2new.exe (Trojan.Downloader) -> Unloaded process successfully.
      c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
      c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.

      Geheugenmodulen geïnfecteerd:
      c:\WINDOWS\twfydgllbibcb25mcmvy\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
      c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
      C:\WINDOWS\system32\hgGawXrQ.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\ijwqbrgu.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\opnonoMf.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a2d74b5-acaa-4cc8-ab7b-dc2e09fc06ea} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{5a2d74b5-acaa-4cc8-ab7b-dc2e09fc06ea} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonomf (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{7e1f43ac-1db9-3a4c-fa2f-8beea7e717a0} (Adware.Vapsup) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e1f43ac-1db9-3a4c-fa2f-8beea7e717a0} (Adware.Vapsup) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Vapsup) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\702027eb (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM73131477 (Trojan.Agent) -> Delete on reboot.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Rootkit.Agent) -> Delete on reboot.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggawxrq -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggawxrq -> Delete on reboot.

      Mappen geïnfecteerd:
      C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
      C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
      C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
      C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2} (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      c:\WINDOWS\twfydgllbibcb25mcmvy\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
      c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
      c:\WINDOWS\twfydgllbibcb25mcmvy\command.exe (AdWare.CommAd) -> Delete on reboot.
      c:\WINDOWS\b2new.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\bnfvojfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\yfjovfnb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hgGawXrQ.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\QrXwaGgh.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\QrXwaGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ijwqbrgu.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\ugrbqwji.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\opnonoMf.dll (Trojan.Vundo) -> Delete on reboot.
      C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vopioggl.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\xxyYSiig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\{65563590-37d3-35fb-7937-592c4525aabd}.dll (Adware.Vapsup) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\{65563590-37d3-35fb-7937-592c4525aabd}.dll-uninst.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
      C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\mrofinu1645.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
      C:\njhxmjb.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\b2new.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZDPM6BXC\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\nsrE.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\nsrE.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YX25VHV\moorate[1] (Trojan.AVKiller) -> Delete on reboot.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YX25VHV\webupdater[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
      C:\Program Files\Helper\1210948657.dll (Adware.BHO) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\csvelfoi.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
      C:\DOCUME~1\MARTIE~1\LOCALS~1\Temp\winlogon.exe (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJCtqPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Remove Spyware.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's BufferThis Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's FunFunPages Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's Funnies Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's GoodCleanVideos Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's NewFunPages Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's PositiveThoughts Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's ThisSiteRocks Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\ie.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\DOCUME~1\Martien Bonfrer\LOCALS~1\Temp\winlogon.exe (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.




      En hier mijn nieuwe HJT-log:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:49:55 , on 18-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\scardsvr.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
      C:\Program Files\LogMeIn\x86\RaMaint.exe
      C:\Program Files\LogMeIn\x86\LogMeIn.exe
      L:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.hetnet.nl:8080;https=proxy.hetnet.nl:8080;socks=127.0.0.1:8998
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
      O2 - BHO: {e1248f0e-6537-e408-38f4-349cb337ae9c} - {c9ea733b-c943-4f83-804e-7356e0f8421e} - C:\WINDOWS\system32\beswurkj.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\starter.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
      O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: CHIPDRIVE - Fill form - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formfill.html
      O8 - Extra context menu item: CHIPDRIVE - Fill forms on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formigno.html
      O8 - Extra context menu item: CHIPDRIVE - Fill password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passfill.html
      O8 - Extra context menu item: CHIPDRIVE - Fill passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passigno.html
      O8 - Extra context menu item: CHIPDRIVE - Save password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passave.html
      O8 - Extra context menu item: CHIPDRIVE - Save passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passsvig.html
      O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
      O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: bw+0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: Command Service (cmdservice) - Unknown owner - C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
      O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      --
      End of file - 22395 bytes
      Last edited by kolossos; 18-05-08, 11:55.

      Comment


      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          log RVAXO-results:
          ---RVAXO.exe Updated: 2008-05-18---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\BM73131477.xml
          C:\WINDOWS\BM73131477.txt
          C:\WINDOWS\system32\QrXwaGgh.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\default.htm
          C:\WINDOWS\wininit.ini
          C:\WINDOWS\system32\packet.dll
          C:\WINDOWS\system32\wpcap.dll
          C:\WINDOWS\system32\clkcnt.txt
          C:\WINDOWS\system32\atmtd.dll
          C:\WINDOWS\system32\atmtd.dll._
          C:\WINDOWS\System32\g31.exe
          C:\Documents and Settings\Martien Bonfrer\Application Data\inst.exe

          Folders Found:
          C:\WINDOWS\system32\rDA
          C:\WINDOWS\system32\emL1
          C:\WINDOWS\system32\dFrnx06
          C:\WINDOWS\system32\3056v
          C:\Temp\1cb
          C:\Temp\tmpvc14

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------




          RVAXO_Vfind log:
          ======C:\WINDOWS====
          ----a-w 0 2008-05-19 13:41:39 C:\WINDOWS\0.log
          --s-a-w 2,048 2008-05-19 13:40:59 C:\WINDOWS\bootstat.dat
          ----a-w 382,296 2008-05-15 01:06:46 C:\WINDOWS\comsetup.log
          ----a-w 26,216 2008-04-26 07:08:57 C:\WINDOWS\DPINST.LOG
          ----a-w 380 2077-02-23 06:24:04 C:\WINDOWS\Faces.prf
          ----a-w 1,105,364 2008-05-15 01:06:37 C:\WINDOWS\FaxSetup.log
          ----a-w 173,729 2008-05-15 01:06:46 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-05-15 01:06:46 C:\WINDOWS\imsins.log
          ----a-w 14,901 2008-05-15 01:06:46 C:\WINDOWS\KB950749.log
          --sh--r 138 2008-05-17 14:34:09 C:\WINDOWS\mainms.vpi
          ------w 4 2008-05-16 14:33:59 C:\WINDOWS\megavid.cdt
          ----a-w 58,952 2008-05-15 01:06:38 C:\WINDOWS\msgsocm.log
          --sh--r 33 2008-05-17 14:34:10 C:\WINDOWS\muotr.so
          ----a-w 116 2008-05-19 13:18:49 C:\WINDOWS\NeroDigital.ini
          ----a-w 919,380 2008-05-19 13:34:58 C:\WINDOWS\ntbtlog.txt
          ----a-w 243,219 2008-05-15 01:06:46 C:\WINDOWS\ntdtcsetup.log
          ----a-w 639,568 2008-05-15 01:06:38 C:\WINDOWS\ocgen.log
          ----a-w 71,881 2008-05-15 01:06:46 C:\WINDOWS\ocmsn.log
          ----a-w 1,409 2008-04-14 18:07:10 C:\WINDOWS\QTFont.for
          ---ha-w 54,156 2008-05-19 10:20:53 C:\WINDOWS\QTFont.qfn
          ----a-w 32,530 2008-05-19 13:26:26 C:\WINDOWS\SchedLgU.Txt
          ----a-w 314,187 2008-05-19 13:42:04 C:\WINDOWS\setupapi.log
          ----a-w 227 2008-05-18 09:48:22 C:\WINDOWS\system.ini
          ----a-w 452,533 2008-05-15 01:06:46 C:\WINDOWS\tsoc.log
          ----a-w 157 2008-05-19 13:41:32 C:\WINDOWS\wiadebug.log
          ----a-w 0 2008-05-19 13:41:28 C:\WINDOWS\wiaservc.log
          ----a-w 1,287 2008-05-18 09:48:22 C:\WINDOWS\win.ini
          ----a-w 1,488,863 2008-05-19 13:32:30 C:\WINDOWS\WindowsUpdate.log
          ----a-w 178,083 2008-04-13 15:44:39 C:\WINDOWS\wmsetup.log

          Entries: 29 (25)
          Directories: 0 Files: 29
          Bytes: 6,163,031 Blocks: 12,051
          ======C:\WINDOWS\system32=====
          ----a-w 100,928 2008-05-17 11:58:52 C:\WINDOWS\System32\beswurkj.dll
          ------w 31,232 2008-05-18 09:16:16 C:\WINDOWS\System32\crypts.dll
          ------w 100,928 2008-05-18 09:16:16 C:\WINDOWS\System32\csvelfoi.dll
          ----a-w 2,112 2008-05-17 11:55:50 C:\WINDOWS\System32\csyiaxwr.exe
          ------w 279,040 2008-05-18 09:16:11 C:\WINDOWS\System32\hgGawXrQ.dll
          ------w 92,224 2008-05-18 09:16:11 C:\WINDOWS\System32\ijwqbrgu.dll
          ----a-w 200,770 2008-05-16 14:49:56 C:\WINDOWS\System32\ncntlkdm.exe
          ----a-w 87,700 2008-05-19 10:20:53 C:\WINDOWS\System32\nvapps.xml
          ----a-w 62,386 2008-05-19 13:42:54 C:\WINDOWS\System32\nzqtegh.sys
          ------w 39,424 2008-05-18 09:16:12 C:\WINDOWS\System32\opnonoMf.dll
          ----a-w 71,144 2008-05-19 13:38:29 C:\WINDOWS\System32\perfc009.dat
          ----a-w 90,842 2008-05-19 13:38:29 C:\WINDOWS\System32\perfc013.dat
          ----a-w 424,158 2008-05-19 13:38:29 C:\WINDOWS\System32\perfh009.dat
          ----a-w 489,662 2008-05-19 13:38:29 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,089,518 2008-05-19 13:38:28 C:\WINDOWS\System32\PerfStringBackup.INI
          --sha-w 712,822 2008-05-18 09:18:42 C:\WINDOWS\System32\QrXwaGgh.ini
          ----a-w 822,596 2008-05-18 09:59:44 C:\WINDOWS\System32\RVAXO.bat
          ----a-w 2,206 2008-05-19 13:42:11 C:\WINDOWS\System32\wpa.dbl

          Entries: 18 (17)
          Directories: 0 Files: 18
          Bytes: 4,699,692 Blocks: 9,188
          ======C:\WINDOWS\system32\drivers=====
          --sha-w 6,049,568 2008-05-19 13:26:32 C:\WINDOWS\System32\drivers\fidbox2.dat
          --sha-w 514,892 2008-05-19 13:26:32 C:\WINDOWS\System32\drivers\fidbox2.idx
          ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
          ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

          Entries: 4 (2)
          Directories: 0 Files: 4
          Bytes: 6,607,372 Blocks: 12,906
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 2 2008-05-16 14:34:02 C:\1881155396
          ----a-w 0 2008-05-16 14:41:29 C:\Active Setup Log.txt
          ----a-w 211 2008-05-16 23:41:04 C:\Boot.bak
          --sha-r 281 2008-05-18 09:48:23 C:\boot.ini
          ----a-w 0 2008-05-16 14:41:29 C:\CErrLog.txt
          ----a-w 327 2008-05-17 07:14:05 C:\CF-RC.txt
          ----a-w 0 2008-05-16 14:41:29 C:\CSTRACE.txt
          ----a-w 0 2008-05-16 14:41:29 C:\cylsplog.txt
          ----a-w 11,360 2008-05-16 14:41:31 C:\drwtsn32.log
          ----a-w 0 2008-05-16 14:41:29 C:\filtlog.txt
          ----a-w 779 2008-05-19 13:38:20 C:\firstrun6.log
          ----a-w 28,672 2008-05-16 14:33:33 C:\gkpaxt.exe
          --sha-w 536,395,776 2008-05-19 13:40:58 C:\hiberfil.sys
          ----a-w 0 2008-05-16 14:41:29 C:\Logo Design Studio Setup Log.txt
          ----a-w 0 2008-05-16 14:41:29 C:\Logo Design Studio Uninstall Log.txt
          ----a-w 0 2008-05-16 14:41:29 C:\ModemLog_Creatix V.9X DSP Data Fax Modem.txt
          ----a-w 0 2008-05-16 14:41:29 C:\msnavpklog.txt
          ----a-w 0 2008-05-16 14:41:30 C:\msnsetuplog.txt
          ----a-w 0 2008-05-16 14:41:30 C:\ntbtlog.txt
          ----a-w 0 2008-05-16 14:41:30 C:\OEWABLog.txt
          --sha-w 805,306,368 2008-05-19 13:40:45 C:\pagefile.sys
          ----a-w 914 2008-05-19 13:42:58 C:\RVAXO-results.log
          ----a-w 4,540 2008-05-19 13:42:59 C:\RVAXO-Vfind.log
          ----a-w 0 2008-05-16 14:41:30 C:\SchedLgU.Txt
          ----a-w 0 2008-05-16 14:41:30 C:\setuplog.txt
          ----a-w 0 2008-05-16 14:41:30 C:\wplog.txt

          Entries: 26 (23)
          Directories: 0 Files: 26
          Bytes: 1,341,749,230 Blocks: 2,620,608
          ======C:\Documents and Settings\Martien Bonfrer\Application Data======
          ----a-w 259 2008-04-21 17:09:34 C:\Documents and Settings\Martien Bonfrer\Application Data\Gangsters2Setup.lnk
          ----a-w 7,887 2008-05-16 14:35:48 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.cat
          ----a-w 1,144 2008-05-16 14:35:47 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.inf
          ----a-w 47,360 2008-05-16 14:35:48 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.sys

          Entries: 4 (4)
          Directories: 0 Files: 4
          Bytes: 56,650 Blocks: 113
          ======C:\Documents and Settings\Martien Bonfrer======
          ----a-w 114 2008-05-19 13:18:50 C:\Documents and Settings\Martien Bonfrer\default.pls
          ----a-w 17,301,504 2008-05-19 13:38:50 C:\Documents and Settings\Martien Bonfrer\ntuser.dat
          ---ha-w 49,152 2008-05-19 13:42:51 C:\Documents and Settings\Martien Bonfrer\NTUSER.DAT.LOG
          --sh--w 288 2008-05-19 13:25:58 C:\Documents and Settings\Martien Bonfrer\ntuser.ini

          Entries: 4 (2)
          Directories: 0 Files: 4
          Bytes: 17,351,058 Blocks: 33,890
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            sc delete cmdservice
            remove C:\WINDOWS\TWFydGllbiBCb25mcmVy C:\RVAXO\TWFydGllbiBCb25mcmVy
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\1881155396
            C:\gkpaxt.exe
            C:\WINDOWS\System32\beswurkj.dll
            C:\WINDOWS\System32\crypts.dll
            C:\WINDOWS\System32\csvelfoi.dll
            C:\WINDOWS\System32\csyiaxwr.exe
            C:\WINDOWS\System32\hgGawXrQ.dll
            C:\WINDOWS\System32\ijwqbrgu.dll
            C:\WINDOWS\System32\ncntlkdm.exe
            C:\WINDOWS\System32\nzqtegh.sys
            C:\WINDOWS\System32\opnonoMf.dll
            C:\WINDOWS\System32\QrXwaGgh.ini
            C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Deleting files
              C:\1881155396 deleted
              C:\gkpaxt.exe deleted
              C:\WINDOWS\System32\beswurkj.dll deleted
              C:\WINDOWS\System32\crypts.dll deleted
              C:\WINDOWS\System32\csvelfoi.dll deleted
              C:\WINDOWS\System32\csyiaxwr.exe deleted
              C:\WINDOWS\System32\hgGawXrQ.dll deleted
              C:\WINDOWS\System32\ijwqbrgu.dll deleted
              C:\WINDOWS\System32\ncntlkdm.exe deleted
              C:\WINDOWS\System32\nzqtegh.sys not deleted
              C:\WINDOWS\System32\opnonoMf.dll deleted
              C:\WINDOWS\System32\QrXwaGgh.ini deleted
              renamed to C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exeNUCIA
              C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe deleted

              Comment


              • #8
                Zou je del.bat eens in veilige modus willen gebruiken?
                Alles is namelijk nog niet verwijderd.

                Post als je weer opgestart bent in normale modus het resultaat van het del.bat-logje maar

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X