Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hoi, ik hoop dat iemand mij kan helpen met deze hijacklog

Anoniem
smeenk
19 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 16:04:50, on 20-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
    C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
    O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe
    O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




  • Wat zijn precies de problemen ?
    heb je meerdere virusscanners geinstalleerd?
  • LOP-infectie
    Dit is het gevolg van het installeren van MessengerPlus met sponsors.
    Oplossing: Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Messenger plus. (Later kan je deze terug installeren, maar kies dan voor een installatie zonder sponsors.)
    Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven. Doe dit.
    Herstart de computer. Maak een HijackThislog en post deze.

    Doe daarna ook nog even dit:
    Open een klablokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: vindjob.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:6ab2093648]dir %Windir%\tasks /a:h > files.txt
    notepad files.txt[/code:1:6ab2093648]
    Dubbelklik op vindjob.bat.
    Er opent een kladblokbestand. Post de inhoud van dit kladblokbestand

    vr.gr.smeenk :wink:
  • Waarom plaats je je log op een ander forum terwijl je hier al een antwoord gekregen hebt?
    http://www.pchelper.nl/forum/index.php?showtopic=36257
  • omdat ik dat niet gezien heb.
  • Krijg je geen notificatiemailtjes van dit forum?

    Voer vindjob.bat maar uit dan help ik je wel verder :wink:
  • Ik heb het opgeslagen zoals je hierboven beschreven heb, alleen opent de pc het bestandje vindjob niet op mijn bureablad.
    Het geeft aan:geen geldige WIN32 toepassing!
  • Probeer dit eens

    Start HijackThis. Ga naar Config – Misc Tools.
    Plaats een vinkje bij:
    - List also Minor sections (full)
    - List Empty sections (complete)
    Klik op de knop ”Generate Startuplist log”.
    Er wordt een bestand aangemaakt: startuplist.txt.
    Post de inhoud van dit bestand.
  • StartupList report, 22-2-2006, 13:54:15
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Nursen\Bureaublad\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Nursen\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe"
    dla = C:\WINDOWS\system32\dla\tfswctrl.exe
    UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe
    PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    F-StopW = C:\Program Files\FSI\F-Prot\F-StopW.EXE
    FRISK FP-Scheduler = C:\Program Files\FSI\F-Prot\F-Sched.exe
    BDMCon = C:\progra~1\softwin\bitdef~1\bdmcon.exe
    BDNewsAgent = C:\progra~1\softwin\bitdef~1\bdnagent.exe
    BDSwitchAgent = C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    CloneDVDElbyDelay = "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    MessengerPlus3 = "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe"
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    NWEReboot =
    AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
    Sonic RecordNow! =

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    Index Washer = C:\Program Files\Webroot\Washer\WashIdx.exe "Nursen"

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [>{D8B24236-26D8-440C-AAFF-4B0D83CF2EA3}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Register-editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe - {2ED8E307-363A-8D3D-BC0B-2B784D016F25}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    ————————————————–

    Enumerating Task Scheduler jobs:

    AC6C3CD79187AF73.job

    ————————————————–

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [CryptoRSA Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
    CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

    [Checkers Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
    CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [Minesweeper Flags Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    [FileSharingCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll
    CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    [ZoneAxRcMgr Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

    [ZoneIntro Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    [{C94158E1-6151-4442-ABE6-FD53D6534EFB}]
    CODEBASE = http://searchfind.info/bar/win32.cab

    [Downloader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll
    CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin
    pjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [Solitaire Showdown Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
    adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
    aeaudio: system32\drivers\aeaudio.sys (manual start)
    Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
    Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system)
    Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
    Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
    Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
    ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
    AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
    AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
    AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
    AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
    AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
    AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
    AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
    BitDefender Scan Server: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (autostart)
    Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
    Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start)
    cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
    Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
    Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
    COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
    Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
    drvmcdb: system32\drivers\drvmcdb.sys (system)
    drvnddm: system32\drivers\drvnddm.sys (autostart)
    Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
    3Com EtherLink XL 90XB/C-adapterstuurprogramma: System32\DRIVERS\el90xbc5.sys (manual start)
    ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
    ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
    Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
    FILESpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\filespy.sys (autostart)
    Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    FPA_RTP: system32\Drivers\FSTOPW.SYS (system)
    Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
    Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
    Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
    hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
    Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
    i81x: System32\DRIVERS\i81xnt5.sys (manual start)
    iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
    iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
    iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
    iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
    iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
    iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
    iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
    iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
    iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
    iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
    Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
    COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
    ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
    Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
    Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
    Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
    mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
    WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
    BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start)
    RAS NDIS TAPI-stuurprogramma: System32\DRIVERS
    distapi.sys (manual start)
    I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS
    disuio.sys (manual start)
    RAS NDIS WAN-stuurprogramma: System32\DRIVERS
    diswan.sys (manual start)
    NetBIOS-interface: System32\DRIVERS
    etbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS
    etbt.sys (system)
    Network DDE: %SystemRoot%\system32
    etdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32
    etdde.exe (disabled)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS
    v4_mini.sys (manual start)
    NVIDIA Driver Helper Service: %SystemRoot%\System32
    vsvc32.exe (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS
    wlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS
    wlnkfwd.sys (manual start)
    OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
    Stuurprogramma voor Intel PentiumIII-processor: System32\DRIVERS\p3.sys (system)
    Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
    PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
    Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
    Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    Logitech QuickCam Express: system32\DRIVERS\LVCM.sys (manual start)
    ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
    Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Stuurprogramma voor Terminal-serverapparaatredirector: System32\DRIVERS\rdpdr.sys (manual start)
    Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (autostart)
    Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
    REGSpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys (autostart)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
    Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
    Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    smwdm: system32\drivers\smwdm.sys (manual start)
    Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
    System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SRV: System32\DRIVERS\srv.sys (manual start)
    sscdbhk5: system32\drivers\sscdbhk5.sys (system)
    SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    ssrtln: system32\drivers\ssrtln.sys (system)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    STOPzilla Local Service: C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    SPYC@M 300: system32\drivers\STV680.sys (manual start)
    Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1B4EE87E-0728-45C1-9B93-5459EDA15236} (manual start)
    symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
    sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
    Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    tfsnboio: system32\dla\tfsnboio.sys (autostart)
    tfsncofs: system32\dla\tfsncofs.sys (autostart)
    tfsndrct: system32\dla\tfsndrct.sys (autostart)
    tfsndres: system32\dla\tfsndres.sys (autostart)
    tfsnifs: system32\dla\tfsnifs.sys (autostart)
    tfsnopio: system32\dla\tfsnopio.sys (autostart)
    tfsnpool: system32\dla\tfsnpool.sys (autostart)
    tfsnudf: system32\dla\tfsnudf.sys (autostart)
    tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
    Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
    Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Stuurprogramma voor USB-audio (WDM): system32\drivers\usbaudio.sys (manual start)
    Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    BitDefender Virus Shield: "C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (autostart)
    Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
    Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Washer Security Access: C:\WINDOWS\system32\wwSecure.exe (autostart)
    Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BitDefender Communicator: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 41.523 bytes
    Report generated in 0,125 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only














  • Het is gelukt, hopelijk kan je hier wat mee.

    Bedankt alvast.
  • Download Killbox.
    Klik op killbox.exe.
    Kies de optie: "[b:ab9bb9a612]Delete on reboot[/b:ab9bb9a612]".

    [b:ab9bb9a612]Kopieer[/b:ab9bb9a612] het volgende vetgedrukt deel:

    [b:ab9bb9a612]C:\WINDOWS\tasks\AC6C3CD79187AF73.job
    C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe
    C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe
    C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe[/b:ab9bb9a612]

    Open [b:ab9bb9a612]'file'[/b:ab9bb9a612] in het killboxmenu bovenaan en kies: [b:ab9bb9a612]Paste from clipboard[/b:ab9bb9a612]

    Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
    Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

    Klik op de knop: [b:ab9bb9a612]All files[/b:ab9bb9a612] (!Belangrijk!)

    Daarna, Klik op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc moet nu rebooten.

    Na de herstart post je opnieuw een startuplist en ook een nieuwe "gewone" HijackThis log :wink:
  • StartupList report, 22-2-2006, 14:30:12
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Nursen\Bureaublad\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Nursen\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
    *No files*

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe"
    dla = C:\WINDOWS\system32\dla\tfswctrl.exe
    UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe
    PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    F-StopW = C:\Program Files\FSI\F-Prot\F-StopW.EXE
    FRISK FP-Scheduler = C:\Program Files\FSI\F-Prot\F-Sched.exe
    BDMCon = C:\progra~1\softwin\bitdef~1\bdmcon.exe
    BDNewsAgent = C:\progra~1\softwin\bitdef~1\bdnagent.exe
    BDSwitchAgent = C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    CloneDVDElbyDelay = "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    MessengerPlus3 = "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe"
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    NWEReboot =
    AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
    Sonic RecordNow! =

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [>{D8B24236-26D8-440C-AAFF-4B0D83CF2EA3}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=sockspy.dll

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Register-editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    ————————————————–

    Enumerating Task Scheduler jobs:

    *No jobs found*

    ————————————————–

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [CryptoRSA Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\CRYPTO~1.OCX
    CODEBASE = https://www.p3.postbank.nl/sesam/CAX.cab

    [Checkers Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
    CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [Minesweeper Flags Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    [FileSharingCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll
    CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    [ZoneAxRcMgr Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

    [ZoneIntro Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    [{C94158E1-6151-4442-ABE6-FD53D6534EFB}]
    CODEBASE = http://searchfind.info/bar/win32.cab

    [Downloader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\dwnldr.dll
    CODEBASE = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin
    pjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [Solitaire Showdown Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)
    adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
    aeaudio: system32\drivers\aeaudio.sys (manual start)
    Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start)
    Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system)
    Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
    Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)
    Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system)
    ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)
    AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
    AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
    AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
    AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
    AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
    AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
    AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
    BitDefender Scan Server: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (autostart)
    Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
    Closed Caption-decoder: system32\DRIVERS\CCDECODE.sys (manual start)
    cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
    Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)
    Indexing-service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
    COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
    Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start)
    drvmcdb: system32\drivers\drvmcdb.sys (system)
    drvnddm: system32\drivers\drvnddm.sys (autostart)
    Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
    3Com EtherLink XL 90XB/C-adapterstuurprogramma: System32\DRIVERS\el90xbc5.sys (manual start)
    ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
    ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
    Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)
    FILESpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\filespy.sys (autostart)
    Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    FPA_RTP: system32\Drivers\FSTOPW.SYS (system)
    Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)
    Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)
    Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class-stuurprogramma: System32\DRIVERS\hidusb.sys (manual start)
    hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
    Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)
    i81x: System32\DRIVERS\i81xnt5.sys (manual start)
    iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
    iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
    iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
    iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
    iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
    iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
    iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
    iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
    iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
    iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
    Filterstuurprogramma voor het branden van cd's: System32\DRIVERS\imapi.sys (system)
    COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start)
    ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
    Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)
    Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)
    Stuurprogramma voor muis-HID: System32\DRIVERS\mouhid.sys (manual start)
    mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
    WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)
    BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Microsoft TV/Video-verbinding: system32\DRIVERS\NdisIP.sys (manual start)
    RAS NDIS TAPI-stuurprogramma: System32\DRIVERS
    distapi.sys (manual start)
    I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS
    disuio.sys (manual start)
    RAS NDIS WAN-stuurprogramma: System32\DRIVERS
    diswan.sys (manual start)
    NetBIOS-interface: System32\DRIVERS
    etbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS
    etbt.sys (system)
    Network DDE: %SystemRoot%\system32
    etdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32
    etdde.exe (disabled)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS
    v4_mini.sys (manual start)
    NVIDIA Driver Helper Service: %SystemRoot%\System32
    vsvc32.exe (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS
    wlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS
    wlnkfwd.sys (manual start)
    OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
    Stuurprogramma voor Intel PentiumIII-processor: System32\DRIVERS\p3.sys (system)
    Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start)
    PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
    Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start)
    Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    Logitech QuickCam Express: system32\DRIVERS\LVCM.sys (manual start)
    ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
    Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Stuurprogramma voor Terminal-serverapparaatredirector: System32\DRIVERS\rdpdr.sys (manual start)
    Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (autostart)
    Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)
    REGSpy: \??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys (autostart)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)
    Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)
    Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    smwdm: system32\drivers\smwdm.sys (manual start)
    Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system)
    System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SRV: System32\DRIVERS\srv.sys (manual start)
    sscdbhk5: system32\drivers\sscdbhk5.sys (system)
    SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    ssrtln: system32\drivers\ssrtln.sys (system)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    STOPzilla Local Service: C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    SPYC@M 300: system32\drivers\STV680.sys (manual start)
    Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1B4EE87E-0728-45C1-9B93-5459EDA15236} (manual start)
    symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
    sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)
    Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    tfsnboio: system32\dla\tfsnboio.sys (autostart)
    tfsncofs: system32\dla\tfsncofs.sys (autostart)
    tfsndrct: system32\dla\tfsndrct.sys (autostart)
    tfsndres: system32\dla\tfsndres.sys (autostart)
    tfsnifs: system32\dla\tfsnifs.sys (autostart)
    tfsnopio: system32\dla\tfsnopio.sys (autostart)
    tfsnpool: system32\dla\tfsnpool.sys (autostart)
    tfsnudf: system32\dla\tfsnudf.sys (autostart)
    tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
    Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)
    Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Stuurprogramma voor USB-audio (WDM): system32\drivers\usbaudio.sys (manual start)
    Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    BitDefender Virus Shield: "C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (autostart)
    Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)
    Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext-codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatische updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Washer Security Access: C:\WINDOWS\system32\wwSecure.exe (autostart)
    Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BitDefender Communicator: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 41.476 bytes
    Report generated in 0,890 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only














  • Logfile of HijackThis v1.99.1
    Scan saved at 14:32:00, on 22-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
    O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe
    O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing)
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




  • Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:

    [b:9d3c20a6b1]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qeilezmtuq.net/Yguq_h8YKIkO97Z5OQGmwgyVJfCwqY4sFOB/y/7xZebsAYbcyB0WvLP61PZsaJer.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {2ED8E307-363A-8D3D-BC0B-2B784D016F25} - C:\DOCUME~1\Nursen\APPLIC~1\REMOTE~1\waitrdr.exe (file missing)
    O4 - HKCU\..\Run: [Global Soft] C:\DOCUME~1\Nursen\APPLIC~1\PLATFO~1\mathtray.exe
    O4 - HKCU\..\Run: [phone camp way idol] C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\openplan.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} - http://searchfind.info/bar/win32.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab[/b:9d3c20a6b1]

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.


    Download ATF cleaner (gemaakt door Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1].
    Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:9d3c20a6b1]Select All[/b:9d3c20a6b1].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:9d3c20a6b1]Empty Selected[/b:9d3c20a6b1].
    Ga naar het tabblad "Main" en klik op de knop [b:9d3c20a6b1]Exit[/b:9d3c20a6b1] om het programma af te sluiten.

    Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

    Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda.
  • Incident Status Location

    Adware:Adware/Lop Not disinfected C:\!KillBox\mathtray.exe
    Adware:Adware/Lop Not disinfected C:\!KillBox\openplan.exe
    Adware:Adware/Lop Not disinfected C:\!KillBox\waitrdr.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Camp Okay.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Closerect.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\eqabout.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Free Tick.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Heart Admin.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\license pop.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\OnceSecond.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Phone acid.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Ref Meow.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\uploadless.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\loadslowphonecamp\Wma Fast.exe
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Esther\Application Data\Mozilla\Firefox\Profiles\45ihxt0l.default\cookies.txt[]
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Esther\Local Settings\Temporary Internet Files\Content.IE5\PKO35P41
    ewpass2[1].htm
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nursen\Application Data\Mozilla\Firefox\Profiles\5x6wtwl7.default\cookies.txt[]
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\aurqeuvf.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\bkcikqem.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\bpvgezbc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\brmiowtt.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\cighqzuo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\coabisek.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\csuhyzan.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\deobwuqt.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\dqavuesh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\flumiyfw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\hygmypgb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\jeabkorf.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\jmhjagac.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\JUNKCOOL1VC.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kkfixqyk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kknaztzc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\koxqzgph.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\kvqjggcq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\lpiulmjh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mbiynvaa.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mftqmznm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\mgdogqbm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe
    bksuxsw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe
    dejlhld.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe
    jtdrodb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\oxvhalhi.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pkftiaob.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pkvononb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\Poke Coal Dent.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\pzrmfyod.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\qbntovco.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\rstraqlk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\ssatqanh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\tcgybonr.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\tnazfaqa.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\uqwidrot.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\uydoxrno.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\vgkchfrq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\vyztccxq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Nursen\Application Data\Platform wipe\yxhvwcmn.exe
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\ErrorSafe\PCheck.dll
    Virus:Eicar.Mod Not disinfected C:\Program Files\FSI\F-Prot\fpav-help.chm[prob-scan-ok.html]
    Virus:Eicar.Mod Not disinfected C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[prob-scan-ok.html]
    Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@tribalfusion[2].txt]
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@serving-sys[2].txt]
    Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@linksynergy[2].txt]
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@fastclick[1].txt]
    Spyware:Cookie/Com.com Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@com[2].txt]
    Spyware:Cookie/2o7.net Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014204327062.zip[nursen@2o7[2].txt]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[sysdetect.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[points manager.exe]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asmps.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asmend.exe]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[asm.exe]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[altnetuninstall.exe]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admprog.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admfdi.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admdloader.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[admdata.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm4.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm25.dll]
    Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\20041014205713984.zip[adm.exe]
    Spyware:Cookie/Zedo Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@zedo[2].txt]
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@serving-sys[2].txt]
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@servedby.advertising[2].txt]
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@mediaplex[1].txt]
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@fastclick[2].txt]
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@doubleclick[1].txt]
    Spyware:Cookie/Bs.serving-sys Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@bs.serving-sys[2].txt]
    Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@bluestreak[2].txt]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@atdmt[2].txt]
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\PestPatrol\Quarantine\20041108184821468.zip[nursen@advertising[2].txt]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050415170658.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050415170658.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050427214454.zip[P2P Networking v125.cpl]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking v125.cpl]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20050909195144.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[P2P Networking v125.cpl]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051016155921.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[MARSHAL.DLL]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking.exe]
    Adware:Adware/P2PNetworking Not disinfected C:\Program Files\PestPatrol\Quarantine\20051212175410.zip[P2P Networking v125.cpl]
    Adware:Adware/WUpd Not disinfected C:\Program Files\Windows AdStatus\WinStatComm.dll
    Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
    Adware:adware/gator Not disinfected C:\WINDOWS\GatorFDDLI.log
    Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\biini.inf
    Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\INF\twaintec.inf
    Dialer:Dialer.SU Not disinfected C:\WINDOWS\run.cxq
    Hacktool:Rootkit/RWAny.A Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\erssdd.sys
    Adware:Adware/PowerSearch Not disinfected C:\WINDOWS\SYSTEM32\IEHelper.dll_tobedeleted
    Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\rk.bin



  • Logfile of HijackThis v1.99.1
    Scan saved at 15:55:40, on 22-2-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\SYSTEM32\spider.exe
    C:\Documents and Settings\Nursen\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nursen\Mijn documenten\MsgPlus1.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Advanced System Products, Inc. - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe" /service (file missing)
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




  • Het log van HijackThis ziet er goed uit :)

    Als het goed is krijg je nu al geen popups meer.

    Ik heb helaas nu geen tijd meer om je adviezen te geven omtrent het Panda logje, vanavond later post ik nog wel een keer :wink:
  • Oke bedankt voor je hulp.
  • eventjes Offtopic, nouja beetje dan, heeft MSNPLUS zonder sponsors ook adaware
    otzooi? Want anders laat ik het gewoon geinstalleerd… :-?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.