Mededeling

**smeenk** · 17-05-08, 19:00

Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra opmerking:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

**kolossos** · 18-05-08, 11:53

alvast bedankt voor je hulp!

hier is mijn MDAM log:Malwarebytes' Anti-Malware 1.12
Database versie: 759

Scan type: Snelle Scan
Objecten gescand: 47983
Verstreken tijd: 32 minute(s), 43 second(s)

Geheugenprocessen geïnfecteerd: 4
Geheugenmodulen geïnfecteerd: 6
Registersleutels geïnfecteerd: 72
Registerwaarden geïnfecteerd: 4
Registerdata bestanden geïnfecteerd: 3
Mappen geïnfecteerd: 12
Bestanden geïnfecteerd: 135

Geheugenprocessen geïnfecteerd:
c:\WINDOWS\twfydgllbibcb25mcmvy\command.exe (AdWare.CommAd) -> Failed to unload process.
c:\WINDOWS\b2new.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
c:\WINDOWS\twfydgllbibcb25mcmvy\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGawXrQ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ijwqbrgu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnonoMf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a2d74b5-acaa-4cc8-ab7b-dc2e09fc06ea} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5a2d74b5-acaa-4cc8-ab7b-dc2e09fc06ea} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonomf (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e1f43ac-1db9-3a4c-fa2f-8beea7e717a0} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e1f43ac-1db9-3a4c-fa2f-8beea7e717a0} (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Vapsup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\702027eb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM73131477 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup (Rootkit.Agent) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggawxrq -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggawxrq -> Delete on reboot.

Mappen geïnfecteerd:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\WINDOWS\twfydgllbibcb25mcmvy\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
c:\WINDOWS\twfydgllbibcb25mcmvy\command.exe (AdWare.CommAd) -> Delete on reboot.
c:\WINDOWS\b2new.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnfvojfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfjovfnb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGawXrQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\QrXwaGgh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\QrXwaGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijwqbrgu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ugrbqwji.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnonoMf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vopioggl.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyYSiig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{65563590-37d3-35fb-7937-592c4525aabd}.dll (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{65563590-37d3-35fb-7937-592c4525aabd}.dll-uninst.exe (Adware.Vapsup) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1645.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\njhxmjb.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\b2new.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZDPM6BXC\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\nsrE.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\nsrE.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YX25VHV\moorate[1] (Trojan.AVKiller) -> Delete on reboot.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\Temporary Internet Files\Content.IE5\7YX25VHV\webupdater[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Helper\1210948657.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\csvelfoi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\DOCUME~1\MARTIE~1\LOCALS~1\Temp\winlogon.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCtqPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Remove Spyware.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's BufferThis Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's FunFunPages Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's Funnies Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's GoodCleanVideos Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's NewFunPages Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's PositiveThoughts Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Bureaublad\Today's ThisSiteRocks Newsletter.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\ie.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\DOCUME~1\Martien Bonfrer\LOCALS~1\Temp\winlogon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Martien Bonfrer\Local Settings\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

En hier mijn nieuwe HJT-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:55 , on 18-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
L:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.hetnet.nl:8080;https=proxy.hetnet.nl:8080;socks=127.0.0.1:8998
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: {e1248f0e-6537-e408-38f4-349cb337ae9c} - {c9ea733b-c943-4f83-804e-7356e0f8421e} - C:\WINDOWS\system32\beswurkj.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Martien Bonfrer\Application Data\Deskbar_{B6D2BE1C-F97A-44bf-9296-B0121D225CE2}\starter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: CHIPDRIVE - Fill form - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formfill.html
O8 - Extra context menu item: CHIPDRIVE - Fill forms on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\\ieif.dll/formigno.html
O8 - Extra context menu item: CHIPDRIVE - Fill password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passfill.html
O8 - Extra context menu item: CHIPDRIVE - Fill passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passigno.html
O8 - Extra context menu item: CHIPDRIVE - Save password - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passave.html
O8 - Extra context menu item: CHIPDRIVE - Save passwords on this site only if requested - res://C:\Program Files\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\\ieif.dll/passsvig.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AB56ACFA-A3ED-4231-9948-70447E10F130} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Command Service (cmdservice) - Unknown owner - C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 22395 bytes

**smeenk** · 18-05-08, 17:34

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**kolossos** · 19-05-08, 15:47

log RVAXO-results:
---RVAXO.exe Updated: 2008-05-18---first run---
Uninstallers:

Files found:
C:\WINDOWS\BM73131477.xml
C:\WINDOWS\BM73131477.txt
C:\WINDOWS\system32\QrXwaGgh.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\default.htm
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\System32\g31.exe
C:\Documents and Settings\Martien Bonfrer\Application Data\inst.exe

Folders Found:
C:\WINDOWS\system32\rDA
C:\WINDOWS\system32\emL1
C:\WINDOWS\system32\dFrnx06
C:\WINDOWS\system32\3056v
C:\Temp\1cb
C:\Temp\tmpvc14

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

RVAXO_Vfind log:
======C:\WINDOWS====
----a-w 0 2008-05-19 13:41:39 C:\WINDOWS\0.log
--s-a-w 2,048 2008-05-19 13:40:59 C:\WINDOWS\bootstat.dat
----a-w 382,296 2008-05-15 01:06:46 C:\WINDOWS\comsetup.log
----a-w 26,216 2008-04-26 07:08:57 C:\WINDOWS\DPINST.LOG
----a-w 380 2077-02-23 06:24:04 C:\WINDOWS\Faces.prf
----a-w 1,105,364 2008-05-15 01:06:37 C:\WINDOWS\FaxSetup.log
----a-w 173,729 2008-05-15 01:06:46 C:\WINDOWS\iis6.log
----a-w 1,374 2008-05-15 01:06:46 C:\WINDOWS\imsins.log
----a-w 14,901 2008-05-15 01:06:46 C:\WINDOWS\KB950749.log
--sh--r 138 2008-05-17 14:34:09 C:\WINDOWS\mainms.vpi
------w 4 2008-05-16 14:33:59 C:\WINDOWS\megavid.cdt
----a-w 58,952 2008-05-15 01:06:38 C:\WINDOWS\msgsocm.log
--sh--r 33 2008-05-17 14:34:10 C:\WINDOWS\muotr.so
----a-w 116 2008-05-19 13:18:49 C:\WINDOWS\NeroDigital.ini
----a-w 919,380 2008-05-19 13:34:58 C:\WINDOWS\ntbtlog.txt
----a-w 243,219 2008-05-15 01:06:46 C:\WINDOWS\ntdtcsetup.log
----a-w 639,568 2008-05-15 01:06:38 C:\WINDOWS\ocgen.log
----a-w 71,881 2008-05-15 01:06:46 C:\WINDOWS\ocmsn.log
----a-w 1,409 2008-04-14 18:07:10 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-05-19 10:20:53 C:\WINDOWS\QTFont.qfn
----a-w 32,530 2008-05-19 13:26:26 C:\WINDOWS\SchedLgU.Txt
----a-w 314,187 2008-05-19 13:42:04 C:\WINDOWS\setupapi.log
----a-w 227 2008-05-18 09:48:22 C:\WINDOWS\system.ini
----a-w 452,533 2008-05-15 01:06:46 C:\WINDOWS\tsoc.log
----a-w 157 2008-05-19 13:41:32 C:\WINDOWS\wiadebug.log
----a-w 0 2008-05-19 13:41:28 C:\WINDOWS\wiaservc.log
----a-w 1,287 2008-05-18 09:48:22 C:\WINDOWS\win.ini
----a-w 1,488,863 2008-05-19 13:32:30 C:\WINDOWS\WindowsUpdate.log
----a-w 178,083 2008-04-13 15:44:39 C:\WINDOWS\wmsetup.log

Entries: 29 (25)
Directories: 0 Files: 29
Bytes: 6,163,031 Blocks: 12,051
======C:\WINDOWS\system32=====
----a-w 100,928 2008-05-17 11:58:52 C:\WINDOWS\System32\beswurkj.dll
------w 31,232 2008-05-18 09:16:16 C:\WINDOWS\System32\crypts.dll
------w 100,928 2008-05-18 09:16:16 C:\WINDOWS\System32\csvelfoi.dll
----a-w 2,112 2008-05-17 11:55:50 C:\WINDOWS\System32\csyiaxwr.exe
------w 279,040 2008-05-18 09:16:11 C:\WINDOWS\System32\hgGawXrQ.dll
------w 92,224 2008-05-18 09:16:11 C:\WINDOWS\System32\ijwqbrgu.dll
----a-w 200,770 2008-05-16 14:49:56 C:\WINDOWS\System32\ncntlkdm.exe
----a-w 87,700 2008-05-19 10:20:53 C:\WINDOWS\System32\nvapps.xml
----a-w 62,386 2008-05-19 13:42:54 C:\WINDOWS\System32\nzqtegh.sys
------w 39,424 2008-05-18 09:16:12 C:\WINDOWS\System32\opnonoMf.dll
----a-w 71,144 2008-05-19 13:38:29 C:\WINDOWS\System32\perfc009.dat
----a-w 90,842 2008-05-19 13:38:29 C:\WINDOWS\System32\perfc013.dat
----a-w 424,158 2008-05-19 13:38:29 C:\WINDOWS\System32\perfh009.dat
----a-w 489,662 2008-05-19 13:38:29 C:\WINDOWS\System32\perfh013.dat
----a-w 1,089,518 2008-05-19 13:38:28 C:\WINDOWS\System32\PerfStringBackup.INI
--sha-w 712,822 2008-05-18 09:18:42 C:\WINDOWS\System32\QrXwaGgh.ini
----a-w 822,596 2008-05-18 09:59:44 C:\WINDOWS\System32\RVAXO.bat
----a-w 2,206 2008-05-19 13:42:11 C:\WINDOWS\System32\wpa.dbl

Entries: 18 (17)
Directories: 0 Files: 18
Bytes: 4,699,692 Blocks: 9,188
======C:\WINDOWS\system32\drivers=====
--sha-w 6,049,568 2008-05-19 13:26:32 C:\WINDOWS\System32\drivers\fidbox2.dat
--sha-w 514,892 2008-05-19 13:26:32 C:\WINDOWS\System32\drivers\fidbox2.idx
----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

Entries: 4 (2)
Directories: 0 Files: 4
Bytes: 6,607,372 Blocks: 12,906
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 2 2008-05-16 14:34:02 C:\1881155396
----a-w 0 2008-05-16 14:41:29 C:\Active Setup Log.txt
----a-w 211 2008-05-16 23:41:04 C:\Boot.bak
--sha-r 281 2008-05-18 09:48:23 C:\boot.ini
----a-w 0 2008-05-16 14:41:29 C:\CErrLog.txt
----a-w 327 2008-05-17 07:14:05 C:\CF-RC.txt
----a-w 0 2008-05-16 14:41:29 C:\CSTRACE.txt
----a-w 0 2008-05-16 14:41:29 C:\cylsplog.txt
----a-w 11,360 2008-05-16 14:41:31 C:\drwtsn32.log
----a-w 0 2008-05-16 14:41:29 C:\filtlog.txt
----a-w 779 2008-05-19 13:38:20 C:\firstrun6.log
----a-w 28,672 2008-05-16 14:33:33 C:\gkpaxt.exe
--sha-w 536,395,776 2008-05-19 13:40:58 C:\hiberfil.sys
----a-w 0 2008-05-16 14:41:29 C:\Logo Design Studio Setup Log.txt
----a-w 0 2008-05-16 14:41:29 C:\Logo Design Studio Uninstall Log.txt
----a-w 0 2008-05-16 14:41:29 C:\ModemLog_Creatix V.9X DSP Data Fax Modem.txt
----a-w 0 2008-05-16 14:41:29 C:\msnavpklog.txt
----a-w 0 2008-05-16 14:41:30 C:\msnsetuplog.txt
----a-w 0 2008-05-16 14:41:30 C:\ntbtlog.txt
----a-w 0 2008-05-16 14:41:30 C:\OEWABLog.txt
--sha-w 805,306,368 2008-05-19 13:40:45 C:\pagefile.sys
----a-w 914 2008-05-19 13:42:58 C:\RVAXO-results.log
----a-w 4,540 2008-05-19 13:42:59 C:\RVAXO-Vfind.log
----a-w 0 2008-05-16 14:41:30 C:\SchedLgU.Txt
----a-w 0 2008-05-16 14:41:30 C:\setuplog.txt
----a-w 0 2008-05-16 14:41:30 C:\wplog.txt

Entries: 26 (23)
Directories: 0 Files: 26
Bytes: 1,341,749,230 Blocks: 2,620,608
======C:\Documents and Settings\Martien Bonfrer\Application Data======
----a-w 259 2008-04-21 17:09:34 C:\Documents and Settings\Martien Bonfrer\Application Data\Gangsters2Setup.lnk
----a-w 7,887 2008-05-16 14:35:48 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.cat
----a-w 1,144 2008-05-16 14:35:47 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.inf
----a-w 47,360 2008-05-16 14:35:48 C:\Documents and Settings\Martien Bonfrer\Application Data\pcouffin.sys

Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 56,650 Blocks: 113
======C:\Documents and Settings\Martien Bonfrer======
----a-w 114 2008-05-19 13:18:50 C:\Documents and Settings\Martien Bonfrer\default.pls
----a-w 17,301,504 2008-05-19 13:38:50 C:\Documents and Settings\Martien Bonfrer\ntuser.dat
---ha-w 49,152 2008-05-19 13:42:51 C:\Documents and Settings\Martien Bonfrer\NTUSER.DAT.LOG
--sh--w 288 2008-05-19 13:25:58 C:\Documents and Settings\Martien Bonfrer\ntuser.ini

Entries: 4 (2)
Directories: 0 Files: 4
Bytes: 17,351,058 Blocks: 33,890
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 19-05-08, 19:03

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
sc delete cmdservice
remove C:\WINDOWS\TWFydGllbiBCb25mcmVy C:\RVAXO\TWFydGllbiBCb25mcmVy
ECHO Deleting files>>log.txt
FOR %%g in (
C:\1881155396
C:\gkpaxt.exe
C:\WINDOWS\System32\beswurkj.dll
C:\WINDOWS\System32\crypts.dll
C:\WINDOWS\System32\csvelfoi.dll
C:\WINDOWS\System32\csyiaxwr.exe
C:\WINDOWS\System32\hgGawXrQ.dll
C:\WINDOWS\System32\ijwqbrgu.dll
C:\WINDOWS\System32\ncntlkdm.exe
C:\WINDOWS\System32\nzqtegh.sys
C:\WINDOWS\System32\opnonoMf.dll
C:\WINDOWS\System32\QrXwaGgh.ini
C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**kolossos** · 19-05-08, 20:36

Deleting files
C:\1881155396 deleted
C:\gkpaxt.exe deleted
C:\WINDOWS\System32\beswurkj.dll deleted
C:\WINDOWS\System32\crypts.dll deleted
C:\WINDOWS\System32\csvelfoi.dll deleted
C:\WINDOWS\System32\csyiaxwr.exe deleted
C:\WINDOWS\System32\hgGawXrQ.dll deleted
C:\WINDOWS\System32\ijwqbrgu.dll deleted
C:\WINDOWS\System32\ncntlkdm.exe deleted
C:\WINDOWS\System32\nzqtegh.sys not deleted
C:\WINDOWS\System32\opnonoMf.dll deleted
C:\WINDOWS\System32\QrXwaGgh.ini deleted
renamed to C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exeNUCIA
C:\WINDOWS\TWFydGllbiBCb25mcmVy\command.exe deleted

**smeenk** · 19-05-08, 21:13

Zou je del.bat eens in veilige modus willen gebruiken?
Alles is namelijk nog niet verwijderd.

Post als je weer opgestart bent in normale modus het resultaat van het del.bat-logje maar

Mededeling

Spyware: pop-ups, trage pc en verwijdere anti-spyware programma's enz. enz.

Spyware: pop-ups, trage pc en verwijdere anti-spyware programma's enz. enz.

Comment

Comment

Comment

Comment

Comment

Comment

Comment